From 5c2692a8ea6de0a5e0ccfa0a2b9508d2d62266c6 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sun, 8 Nov 2015 16:36:36 -0800 Subject: no comment permission bug, also implement delete() in RedDirectory per Waitman --- include/RedDAV/RedDirectory.php | 21 +++++++++++++++++++++ mod/connedit.php | 21 +++++++++++++-------- 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index 87bdf8f13..8d8af5bd3 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -362,6 +362,27 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } } + /** + * @brief delete directory + */ + + public function delete() { + logger('delete file ' . basename($this->red_path), LOGGER_DEBUG); + + if ((! $this->auth->owner_id) || (! perm_is_allowed($this->auth->owner_id, $this->auth->observer, 'write_storage'))) { + throw new DAV\Exception\Forbidden('Permission denied.'); + } + + if ($this->auth->owner_id !== $this->auth->channel_id) { + if (($this->auth->observer !== $this->data['creator']) || intval($this->data['is_dir'])) { + throw new DAV\Exception\Forbidden('Permission denied.'); + } + } + + attach_delete($this->auth->owner_id, $this->folder_hash); + } + + /** * @brief Checks if a child exists. * diff --git a/mod/connedit.php b/mod/connedit.php index 877c12dc7..ad311f9a4 100644 --- a/mod/connedit.php +++ b/mod/connedit.php @@ -177,16 +177,21 @@ function connedit_post(&$a) { if(($_REQUEST['pending']) && intval($orig_record[0]['abook_pending'])) { $new_friend = true; - if(! $abook_my_perms) { - $abook_my_perms = get_channel_default_perms(local_channel()); + // @fixme it won't be common, but when you accept a new connection request + // the permissions will now be that of your permissions role and ignore + // any you may have set manually on the form. We'll probably see a bug if somebody + // tries to set the permissions *and* approve the connection in the same + // request. The workaround is to approve the connection, then go back and + // adjust permissions as desired. - $role = get_pconfig(local_channel(),'system','permissions_role'); - if($role) { - $x = get_role_perms($role); - if($x['perms_accept']) - $abook_my_perms = $x['perms_accept']; - } + $abook_my_perms = get_channel_default_perms(local_channel()); + + $role = get_pconfig(local_channel(),'system','permissions_role'); + if($role) { + $x = get_role_perms($role); + if($x['perms_accept']) + $abook_my_perms = $x['perms_accept']; } } -- cgit v1.2.3