From 82e867a9a8008c4fb3e7ed9e9408bd9e38bf7ff2 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Wed, 10 Aug 2016 16:17:09 +0200
Subject: implement acl for folder creation

---
 Zotlabs/Module/File_upload.php  | 23 ++++++++++++++---------
 Zotlabs/Storage/Browser.php     |  5 ++++-
 include/attach.php              | 16 ++++++++++++++++
 view/tpl/cloud_actionspanel.tpl | 26 +++++++++++++++++++-------
 4 files changed, 53 insertions(+), 17 deletions(-)

diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
index 999b241f1..d5c0c7e05 100644
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -21,18 +21,23 @@ class File_upload extends \Zotlabs\Web\Controller {
 	
 		$_REQUEST['source'] = 'file_upload';
 
-        if($channel['channel_id'] != local_channel()) {
-            $_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
-            $_REQUEST['group_allow']   = expand_acl($channel['channel_allow_gid']);
-            $_REQUEST['contact_deny']  = expand_acl($channel['channel_deny_cid']);
-            $_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
-        }
+		if($channel['channel_id'] != local_channel()) {
+			$_REQUEST['contact_allow'] = expand_acl($channel['channel_allow_cid']);
+			$_REQUEST['group_allow']   = expand_acl($channel['channel_allow_gid']);
+			$_REQUEST['contact_deny']  = expand_acl($channel['channel_deny_cid']);
+			$_REQUEST['group_deny']    = expand_acl($channel['channel_deny_gid']);
+		}
 
-		if($_REQUEST['directory_name'])
+		if($_REQUEST['filename']) {
+			$_REQUEST['allow_cid'] = perms2str($_REQUEST['contact_allow']);
+			$_REQUEST['allow_gid'] = perms2str($_REQUEST['group_allow']);
+			$_REQUEST['deny_cid'] = perms2str($_REQUEST['contact_deny']);
+			$_REQUEST['deny_gid'] = perms2str($_REQUEST['group_deny']);
 			$r = attach_mkdir($channel,get_observer_hash(),$_REQUEST);
-		else
+		}
+		else {
 			$r = attach_store($channel,get_observer_hash(), '', $_REQUEST);
-
+		}
 		goaway(z_root() . '/' . $_REQUEST['return_url']);
 	
 	}
diff --git a/Zotlabs/Storage/Browser.php b/Zotlabs/Storage/Browser.php
index e72c4fb62..948f7c733 100644
--- a/Zotlabs/Storage/Browser.php
+++ b/Zotlabs/Storage/Browser.php
@@ -316,6 +316,8 @@ class Browser extends DAV\Browser\Plugin {
 		$quota['desc'] = $quotaDesc;
 		$quota['warning'] = ((($limit) && ((round($used / $limit, 1) * 100) >= 90)) ? t('WARNING:') : ''); // 10485760 bytes = 100MB
 
+		$path = trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path),'/');
+
 		$output .= replace_macros(get_markup_template('cloud_actionspanel.tpl'), array(
 				'$folder_header' => t('Create new folder'),
 				'$folder_submit' => t('Create'),
@@ -330,7 +332,8 @@ class Browser extends DAV\Browser\Plugin {
 				'$deny_gid' => acl2json($channel_acl['deny_gid']),
 				'$lockstate' => $lockstate,
 				'$return_url' => \App::$cmd,
-				'$path' => trim(str_replace('cloud/' . $this->auth->owner_nick, '', $path),'/'),
+				'$path' => $path,
+				'$folder' => find_folder_hash_by_path($this->auth->owner_id, $path),
 				'$dragdroptext' => t('Drop files here to immediately upload')
 			));
 	}
diff --git a/include/attach.php b/include/attach.php
index e15f08bd4..172840b96 100644
--- a/include/attach.php
+++ b/include/attach.php
@@ -1438,6 +1438,22 @@ logger('attach_hash: ' . $attachHash);
 	return $hash;
 }
 
+function find_folder_hash_by_path($channel_id, $path) {
+
+	$filename = end(explode('/', $path));
+
+	$r = q("SELECT hash FROM attach WHERE uid = %d AND filename = '%s' LIMIT 1",
+		intval($channel_id),
+		dbesc($filename)
+	);
+
+	$hash = '';
+	if($r && $r[0]['hash']) {
+		$hash = $r[0]['hash'];
+	}
+	return $hash;
+}
+
 /**
  * @brief Returns the filename of an attachment in a given channel.
  *
diff --git a/view/tpl/cloud_actionspanel.tpl b/view/tpl/cloud_actionspanel.tpl
index d27b3f42d..b851e391e 100644
--- a/view/tpl/cloud_actionspanel.tpl
+++ b/view/tpl/cloud_actionspanel.tpl
@@ -1,15 +1,27 @@
 <div id="files-mkdir-tools" class="section-content-tools-wrapper">
 	<label for="files-mkdir">{{$folder_header}}</label>
-	<form method="post" action="">
-		<input type="hidden" name="sabreAction" value="mkcol">
-		<input id="files-mkdir" type="text" name="name" class="form-control form-group">
-		<button class="btn btn-primary btn-sm pull-right" type="submit" value="{{$folder_submit}}">{{$folder_submit}}</button>
+	<form id="mkdir-form" method="post" action="file_upload" class="acl-form" data-form_id="mkdir-form" data-allow_cid='{{$allow_cid}}' data-allow_gid='{{$allow_gid}}' data-deny_cid='{{$deny_cid}}' data-deny_gid='{{$deny_gid}}'>
+		<!--input type="hidden" name="sabreAction" value="mkcol"-->
+		<input type="hidden" name="folder" value="{{$folder}}" />
+		<input type="hidden" name="channick" value="{{$channick}}" />
+		<input type="hidden" name="return_url" value="{{$return_url}}" />
+		<input id="files-mkdir" type="text" name="filename" class="form-control form-group">
+		<div class="pull-right btn-group">
+			<div class="btn-group">
+				{{if $lockstate}}
+				<button class="btn btn-default btn-sm" data-toggle="modal" data-target="#aclModal" type="button">
+					<i class="jot-perms-icon fa fa-{{$lockstate}}"></i>
+				</button>
+				{{/if}}
+				<button class="btn btn-primary btn-sm pull-right" type="submit" value="{{$folder_submit}}">{{$folder_submit}}</button>
+			</div>
+		</div>
 	</form>
 	<div class="clear"></div>
 </div>
 <div id="files-upload-tools" class="section-content-tools-wrapper">
 	{{if $quota.limit || $quota.used}}<div class="{{if $quota.warning}}section-content-danger-wrapper{{else}}section-content-info-wrapper{{/if}}">{{if $quota.warning}}<strong>{{$quota.warning}} </strong>{{/if}}{{$quota.desc}}</div>{{/if}}
-	<form id="ajax-upload-files" method="post" action="file_upload" enctype="multipart/form-data"  class="acl-form" data-form_id="ajax-upload-files" data-allow_cid='{{$allow_cid}}' data-allow_gid='{{$allow_gid}}' data-deny_cid='{{$deny_cid}}' data-deny_gid='{{$deny_gid}}'>
+	<form id="ajax-upload-files" method="post" action="file_upload" enctype="multipart/form-data" class="acl-form" data-form_id="ajax-upload-files" data-allow_cid='{{$allow_cid}}' data-allow_gid='{{$allow_gid}}' data-deny_cid='{{$deny_cid}}' data-deny_gid='{{$deny_gid}}'>
 		<input type="hidden" name="directory" value="{{$path}}" />
 		<input type="hidden" name="channick" value="{{$channick}}" />
 		<input type="hidden" name="return_url" value="{{$return_url}}" />
@@ -18,8 +30,8 @@
 		<div class="pull-right btn-group">
 			<div class="btn-group">
 				{{if $lockstate}}
-				<button id="dbtn-acl" class="btn btn-default btn-sm" data-toggle="modal" data-target="#aclModal" onclick="return false;">
-					<i id="jot-perms-icon" class="fa fa-{{$lockstate}}"></i>
+				<button class="btn btn-default btn-sm" data-toggle="modal" data-target="#aclModal" type="button">
+					<i class="jot-perms-icon fa fa-{{$lockstate}}"></i>
 				</button>
 				{{/if}}
 				<button id="upload-submit" class="btn btn-primary btn-sm pull-right" type="submit" name="submit" value="{{$upload_submit}}">{{$upload_submit}}</button>
-- 
cgit v1.2.3