From 91bbfcf554d190c1956d16c652ceefb95a18735a Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 6 Aug 2015 17:09:09 -0700 Subject: photo permission inheritance. We want to use the folder permissions unless specific permissions have been set to over-ride them. If nothing is set, use the channel default. We may have to mess with his further in the case of somebody trying to create a public photo directory when their normal permissions are set to private. Kind of a chicken/egg problem because the folder permissions will be empty. --- include/RedDAV/RedDirectory.php | 33 ++++++++++++++++++++++++++++----- include/RedDAV/RedFile.php | 8 +++++--- include/attach.php | 14 +++++++++++++- include/conversation.php | 2 +- include/photos.php | 40 ++++++++++++++++++++++++++-------------- mod/item.php | 17 +++++++++++++++++ 6 files changed, 90 insertions(+), 24 deletions(-) diff --git a/include/RedDAV/RedDirectory.php b/include/RedDAV/RedDirectory.php index c7921d96f..507fde46f 100644 --- a/include/RedDAV/RedDirectory.php +++ b/include/RedDAV/RedDirectory.php @@ -214,6 +214,29 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { $f = 'store/' . $this->auth->owner_nick . '/' . (($this->os_path) ? $this->os_path . '/' : '') . $hash; + $direct = null; + + if($this->folder_hash) { + $r = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", + dbesc($this->folder_hash), + intval($c[0]['channel_id']) + ); + if($r) + $direct = $r[0]; + } + + if(($direct) && (($direct['allow_cid']) || ($direct['allow_gid']) || ($direct['deny_cid']) || ($direct['deny_gid']))) { + $allow_cid = $direct['allow_cid']; + $allow_gid = $direct['allow_gid']; + $deny_cid = $direct['deny_cid']; + $deny_gid = $direct['deny_gid']; + } + else { + $allow_cid = $c[0]['channel_allow_cid']; + $allow_gid = $c[0]['channel_allow_gid']; + $deny_cid = $c[0]['channel_deny_cid']; + $deny_gid = $c[0]['channel_deny_gid']; + } $r = q("INSERT INTO attach ( aid, uid, hash, creator, filename, folder, os_storage, filetype, filesize, revision, is_photo, data, created, edited, allow_cid, allow_gid, deny_cid, deny_gid ) VALUES ( %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ", @@ -231,10 +254,10 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { dbesc($this->os_path . '/' . $hash), dbesc(datetime_convert()), dbesc(datetime_convert()), - dbesc($c[0]['channel_allow_cid']), - dbesc($c[0]['channel_allow_gid']), - dbesc($c[0]['channel_deny_cid']), - dbesc($c[0]['channel_deny_gid']) + dbesc($allow_cid), + dbesc($allow_gid), + dbesc($deny_cid), + dbesc($deny_gid) ); @@ -308,7 +331,7 @@ class RedDirectory extends DAV\Node implements DAV\ICollection, DAV\IQuota { } require_once('include/photos.php'); - $args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x); + $args = array( 'resource_id' => $hash, 'album' => $album, 'os_path' => $f, 'filename' => $name, 'getimagesize' => $x, 'directory' => $direct); $p = photo_upload($c[0],get_app()->get_observer(),$args); } diff --git a/include/RedDAV/RedFile.php b/include/RedDAV/RedFile.php index d4eb6812a..ec6871a69 100644 --- a/include/RedDAV/RedFile.php +++ b/include/RedDAV/RedFile.php @@ -116,12 +116,14 @@ class RedFile extends DAV\Node implements DAV\IFile { ); if($d) { if($d[0]['folder']) { - $f1 = q("select filename from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", + $f1 = q("select * from attach where is_dir = 1 and hash = '%s' and uid = %d limit 1", dbesc($d[0]['folder']), intval($c[0]['channel_id']) ); - if($f1) + if($f1) { $album = $f1[0]['filename']; + $direct = $f1[0]; + } } $fname = dbunescbin($d[0]['data']); $f = 'store/' . $this->auth->owner_nick . '/' . (($fname) ? $fname : ''); @@ -166,7 +168,7 @@ class RedFile extends DAV\Node implements DAV\IFile { if($is_photo) { require_once('include/photos.php'); - $args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis ); + $args = array( 'resource_id' => $this->data['hash'], 'album' => $album, 'os_path' => $f, 'filename' => $r[0]['filename'], 'getimagesize' => $gis, 'directory' => $direct ); $p = photo_upload($c[0],get_app()->get_observer(),$args); } diff --git a/include/attach.php b/include/attach.php index 417032a4b..1e8091b9d 100644 --- a/include/attach.php +++ b/include/attach.php @@ -490,6 +490,12 @@ function attach_store($channel, $observer_hash, $options = '', $arr = null) { if($pathname) { $x = attach_mkdirp($channel, $observer_hash, $darr); $folder_hash = (($x['success']) ? $x['data']['hash'] : ''); + if((! $str_contact_allow) && (! $str_group_allow) && (! $str_contact_deny) && (! $str_group_deny)) { + $str_contact_allow = $x['data']['allow_cid']; + $str_group_allow = $x['data']['allow_gid']; + $str_contact_deny = $x['data']['deny_cid']; + $str_group_deny = $x['data']['deny_gid']; + } } else { $folder_hash = ''; @@ -886,7 +892,6 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { if($r) { if(os_mkdir($path, STORAGE_DEFAULT_PERMISSIONS, true)) { $ret['success'] = true; - $ret['data'] = $arr; // update the parent folder's lastmodified timestamp $e = q("UPDATE attach SET edited = '%s' WHERE hash = '%s' AND uid = %d", @@ -894,6 +899,13 @@ function attach_mkdir($channel, $observer_hash, $arr = null) { dbesc($arr['folder']), intval($channel_id) ); + + $z = q("select * from attach where hash = '%s' and uid = %d and is_dir = 1 limit 1", + dbesc($arr['hash']), + intval($channel_id) + ); + if($z) + $ret['data'] = $z[0]; } else { logger('attach_mkdir: ' . mkdir . ' ' . $path . ' failed.'); diff --git a/include/conversation.php b/include/conversation.php index 645994035..e58429255 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1597,7 +1597,7 @@ function profile_tabs($a, $is_owner = false, $nickname = null){ ); $tabs[] = array( 'label' => t('Files'), - 'url' => $a->get_baseurl() . '/cloud/' . $nickname . ((get_observer_hash()) ? '' : '?f=&davguest=1'), + 'url' => $a->get_baseurl() . '/cloud/' . $nickname, 'sel' => ((argv(0) == 'cloud' || argv(0) == 'sharedwithme') ? 'active' : ''), 'title' => t('Files and Storage'), 'id' => 'files-tab', diff --git a/include/photos.php b/include/photos.php index 46d4b810c..7437d6aa9 100644 --- a/include/photos.php +++ b/include/photos.php @@ -50,20 +50,32 @@ function photo_upload($channel, $observer, $args) { else $visible = 0; - $str_group_allow = perms2str(((is_array($args['group_allow'])) ? $args['group_allow'] : explode(',',$args['group_allow']))); - $str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow']))); - $str_group_deny = perms2str(((is_array($args['group_deny'])) ? $args['group_deny'] : explode(',',$args['group_deny']))); - $str_contact_deny = perms2str(((is_array($args['contact_deny'])) ? $args['contact_deny'] : explode(',',$args['contact_deny']))); - - - if( (! array_key_exists('group_allow',$args)) - && (! array_key_exists('contact_allow',$args)) - && (! array_key_exists('group_deny',$args)) - && (! array_key_exists('contact_deny',$args))) { - $str_group_allow = $channel['channel_allow_gid']; - $str_contact_allow = $channel['channel_allow_cid']; - $str_group_deny = $channel['channel_deny_gid']; - $str_contact_deny = $channel['channel_deny_cid']; + // Set to default channel permissions. If the parent directory (album) has permissions set, + // use those instead. If we have specific permissions supplied, they take precedence over + // all other settings. + + $str_group_allow = $channel['channel_allow_gid']; + $str_contact_allow = $channel['channel_allow_cid']; + $str_group_deny = $channel['channel_deny_gid']; + $str_contact_deny = $channel['channel_deny_cid']; + + if($args['directory']) { + $str_group_allow = $args['directory']['allow_gid']; + $str_contact_allow = $args['directory']['allow_cid']; + $str_group_deny = $args['directory']['deny_gid']; + $str_contact_deny = $args['directory']['deny_cid']; + } + + if( (array_key_exists('group_allow',$args)) + || (array_key_exists('contact_allow',$args)) + || (array_key_exists('group_deny',$args)) + || (array_key_exists('contact_deny',$args))) { + + $str_group_allow = perms2str(((is_array($args['group_allow'])) ? $args['group_allow'] : explode(',',$args['group_allow']))); + $str_contact_allow = perms2str(((is_array($args['contact_allow'])) ? $args['contact_allow'] : explode(',',$args['contact_allow']))); + $str_group_deny = perms2str(((is_array($args['group_deny'])) ? $args['group_deny'] : explode(',',$args['group_deny']))); + $str_contact_deny = perms2str(((is_array($args['contact_deny'])) ? $args['contact_deny'] : explode(',',$args['contact_deny']))); + } $os_storage = 0; diff --git a/mod/item.php b/mod/item.php index 57a905395..ff6a834e6 100644 --- a/mod/item.php +++ b/mod/item.php @@ -1050,6 +1050,23 @@ function fix_attached_photo_permissions($uid,$xchan_hash,$body, if(! strlen($image_uri)) continue; $srch = '<' . $xchan_hash . '>'; + + $r = q("select folder from attach where hash = '%s' and uid = %d limit 1", + dbesc($image_uri), + intval($uid) + ); + if($r && $r[0]['folder']) { + $f = q("select * from attach where hash = '%s' and is_dir = 1 and uid = %d limit 1", + dbesc($r[0]['folder']), + intval($uid) + ); + if(($f) && (($f[0]['allow_cid']) || ($f[0]['allow_gid']) || ($f[0]['deny_cid']) || ($f[0]['deny_gid']))) { + $str_contact_allow = $f[0]['allow_cid']; + $str_group_allow = $f[0]['allow_gid']; + $str_contact_deny = $f[0]['deny_cid']; + $str_group_deny = $f[0]['deny_gid']; + } + } $r = q("SELECT id FROM photo WHERE allow_cid = '%s' AND allow_gid = '' AND deny_cid = '' AND deny_gid = '' -- cgit v1.2.3