From 2a154f8c9a772d61e7dabb5e3fd110ba00cc6007 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Mon, 14 Dec 2020 11:02:20 +0000
Subject: merge branch files_ng into dev

---
 Zotlabs/Module/Attach_edit.php | 212 +++++++++++++++++++++++++++++++++++++++++
 Zotlabs/Module/Cloud.php       |  20 ++--
 Zotlabs/Module/Dav.php         |   2 +-
 Zotlabs/Module/File_upload.php |  20 ++--
 Zotlabs/Module/Filestorage.php |  17 ++--
 Zotlabs/Module/Rpost.php       |  64 +++++++------
 6 files changed, 279 insertions(+), 56 deletions(-)
 create mode 100644 Zotlabs/Module/Attach_edit.php

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Attach_edit.php b/Zotlabs/Module/Attach_edit.php
new file mode 100644
index 000000000..0a41dbb22
--- /dev/null
+++ b/Zotlabs/Module/Attach_edit.php
@@ -0,0 +1,212 @@
+<?php
+namespace Zotlabs\Module;
+/**
+ * @file Zotlabs/Module/Attach_edit.php
+ *
+ */
+
+use App;
+use Zotlabs\Web\Controller;
+use Zotlabs\Lib\Libsync;
+use Zotlabs\Access\AccessList;
+
+class Attach_edit extends Controller {
+
+	function post() {
+
+		if (!local_channel() && !remote_channel()) {
+			return;
+		}
+
+		$attach_ids = ((x($_POST, 'attach_ids')) ? $_POST['attach_ids'] : []);
+		$attach_id = ((x($_POST, 'attach_id')) ? intval($_POST['attach_id']) : 0);
+		$channel_id = ((x($_POST, 'channel_id')) ? intval($_POST['channel_id']) : 0);
+		$dnd = ((x($_POST, 'dnd')) ? intval($_POST['dnd']) : 0);
+		$permissions = ((x($_POST, 'permissions')) ? intval($_POST['permissions']) : 0);
+		$return_path = ((x($_POST, 'return_path')) ? notags($_POST['return_path']) : 'cloud');
+		$delete = ((x($_POST, 'delete')) ? intval($_POST['delete']) : 0);
+		$newfolder  = ((x($_POST, 'newfolder_' . $attach_id))  ? notags($_POST['newfolder_' . $attach_id])  : '');
+		if(! $newfolder)
+			$newfolder = ((x($_POST, 'newfolder'))  ? notags($_POST['newfolder'])  : '');
+		$newfilename = ((x($_POST, 'newfilename_' . $attach_id)) ? notags($_POST['newfilename_' . $attach_id]) : '');
+		$recurse = ((x($_POST, 'recurse_' . $attach_id)) ? intval($_POST['recurse_' . $attach_id]) : 0);
+		if(! $recurse)
+			$recurse = ((x($_POST, 'recurse')) ? intval($_POST['recurse']) : 0);
+		$notify = ((x($_POST, 'notify_edit_' . $attach_id)) ? intval($_POST['notify_edit_' . $attach_id]) : 0);
+		$copy = ((x($_POST, 'copy_' . $attach_id)) ? intval($_POST['copy_' . $attach_id]) : 0);
+		if(! $copy)
+			$copy = ((x($_POST, 'copy')) ? intval($_POST['copy']) : 0);
+
+		$categories = ((x($_POST, 'categories_' . $attach_id)) ? notags($_POST['categories_' . $attach_id]) : '');
+		if(! $categories)
+			$categories = ((x($_POST, 'categories')) ? notags($_POST['categories']) : '');
+
+		if($attach_id)
+			$attach_ids[] = $attach_id;
+
+		$single = ((count($attach_ids) === 1) ? true : false);
+
+		$channel = channelx_by_n($channel_id);
+
+		if (! $channel) {
+			notice(t('Channel not found.') . EOL);
+			return;
+		}
+
+		$nick = $channel['channel_address'];
+		$observer = App::get_observer();
+		$observer_hash = (($observer) ? $observer['xchan_hash'] : '');
+		$is_owner = ((local_channel() == $channel_id) ? true : false);
+
+		$ids_str = implode(',', $attach_ids);
+
+		$r = q("SELECT id, uid, hash, creator, folder, filename, is_photo, is_dir FROM attach WHERE id IN ( %s ) AND uid = %d",
+			dbesc($ids_str),
+			intval($channel_id)
+		);
+
+		if (! $r) {
+			notice(t('File not found.') . EOL);
+			return;
+		}
+
+		foreach ($r as $rr) {
+			$actions_done = '';
+			$attach_id = $rr['id'];
+			$resource = $rr['hash'];
+			$creator = $rr['creator'];
+			$folder = $rr['folder'];
+			$filename = $rr['filename'];
+			$is_photo = intval($rr['is_photo']);
+			$is_dir = intval($rr['is_dir']);
+			$admin_delete = false;
+
+			$is_creator = (($creator == $observer_hash) ? true : false);
+			$move = ((! $copy && ($folder !== $newfolder || (($single) ? $filename !== $newfilename : false))) ? true : false);
+
+			$perms = get_all_perms($channel_id, $observer_hash);
+
+			if (! ($perms['view_storage'] || is_site_admin())) {
+				notice( t('Permission denied.') . EOL);
+				continue;
+			}
+
+			if (! $perms['write_storage']) {
+				if (is_site_admin()) {
+					$admin_delete = true;
+				}
+				else {
+					notice( t('Permission denied.') . EOL);
+					continue;
+				}
+			}
+
+			if (!$is_owner && !$admin_delete) {
+				if(! $is_creator) {
+					notice( t('Permission denied.') . EOL);
+					continue;
+				}
+			}
+
+			if ($delete) {
+				attach_delete($channel_id, $resource, $is_photo);
+
+				q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+					intval($channel_id),
+					intval($attach_id),
+					intval(TERM_OBJ_FILE)
+				);
+
+				$actions_done .= 'delete,';
+
+			}
+
+			if ($copy) {
+				if($is_dir && $resource == $newfolder) {
+					notice( t('Can not copy folder into itself.') . EOL);
+					continue;
+				}
+				$x = attach_copy($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+				if ($x['success'])
+					$resource = $x['resource_id'];
+
+				$actions_done .= 'copy,';
+
+			}
+
+			if ($move) {
+				if($is_dir && $resource == $newfolder) {
+					notice( sprintf(t('Can not move folder "%s" into itself.'), $filename) . EOL);
+					continue;
+				}
+				$x = attach_move($channel_id, $resource, $newfolder, (($single) ? $newfilename : ''));
+
+				$actions_done .= 'move,';
+
+			}
+
+			if(! $delete && ! $dnd) {
+				if ($single || (! $single && $categories)) {
+					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+						intval($channel_id),
+						intval($attach_id),
+						intval(TERM_OBJ_FILE)
+					);
+					$cat = explode(',', $categories);
+					if ($cat) {
+						foreach($cat as $term) {
+							$term = trim(escape_tags($term));
+							if ($term) {
+								$term_link = z_root() . '/cloud/' . $nick . '/?cat=' . $term;
+								store_item_tag($channel_id, $attach_id, TERM_OBJ_FILE, TERM_CATEGORY, $term, $term_link);
+							}
+						}
+					}
+					$actions_done .= 'cat_add,';
+
+				}
+				else {
+					q("DELETE FROM term WHERE uid = %d AND oid = %d AND otype = %d",
+						intval($channel_id),
+						intval($attach_id),
+						intval(TERM_OBJ_FILE)
+					);
+					$actions_done .= 'cat_remove,';
+				}
+
+				if ($is_owner && ($single || (! $single && $permissions))) {
+					$acl = new AccessList($channel);
+					$acl->set_from_array($_REQUEST);
+					$x = $acl->get();
+
+					attach_change_permissions($channel_id, $resource, $x['allow_cid'], $x['allow_gid'], $x['deny_cid'], $x['deny_gid'], $recurse, true);
+					$actions_done .= 'permissions,';
+
+					if ($notify) {
+						attach_store_item($channel, $observer, $resource);
+						$actions_done .= 'notify,';
+					}
+				}
+			}
+
+			if (! $admin_delete && $actions_done) {
+				$sync = attach_export_data($channel, $resource, false);
+
+				if ($sync) {
+					Libsync::build_sync_packet($channel_id, ['file' => [$sync]]);
+				}
+			}
+
+			logger('attach_edit: ' . $actions_done);
+
+		}
+
+		if($dnd || $delete) {
+			json_return_and_die([ 'success' => true ]);
+		}
+
+		goaway($return_path);
+
+	}
+
+}
diff --git a/Zotlabs/Module/Cloud.php b/Zotlabs/Module/Cloud.php
index f595e0fac..39ae0f92f 100644
--- a/Zotlabs/Module/Cloud.php
+++ b/Zotlabs/Module/Cloud.php
@@ -8,7 +8,11 @@ namespace Zotlabs\Module;
  */
 
 use Sabre\DAV as SDAV;
-use \Zotlabs\Storage;
+use \Zotlabs\Web\Controller;
+use \Zotlabs\Storage\BasicAuth;
+use \Zotlabs\Storage\Directory;
+use \Zotlabs\Storage\Browser;
+
 
 // composer autoloader for SabreDAV
 require_once('vendor/autoload.php');
@@ -20,7 +24,7 @@ require_once('include/attach.php');
  * @brief Cloud Module.
  *
  */
-class Cloud extends \Zotlabs\Web\Controller {
+class Cloud extends Controller {
 
 	/**
 	 * @brief Fires up the SabreDAV server.
@@ -42,7 +46,7 @@ class Cloud extends \Zotlabs\Web\Controller {
 
 
 
-		$auth = new \Zotlabs\Storage\BasicAuth();
+		$auth = new BasicAuth();
 
 		$ob_hash = get_observer_hash();
 
@@ -72,7 +76,7 @@ class Cloud extends \Zotlabs\Web\Controller {
 		if($x !== \App::$query_string)
 			goaway(z_root() . '/' . $x);
 
-		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
+		$rootDirectory = new Directory('/', [], $auth);
 
 		// A SabreDAV server-object
 		$server = new SDAV\Server($rootDirectory);
@@ -85,7 +89,7 @@ class Cloud extends \Zotlabs\Web\Controller {
 		$is_readable = false;
 
 		// provide a directory view for the cloud in Hubzilla
-		$browser = new \Zotlabs\Storage\Browser($auth);
+		$browser = new Browser($auth);
 		$auth->setBrowserPlugin($browser);
 
 		$server->addPlugin($browser);
@@ -105,13 +109,13 @@ class Cloud extends \Zotlabs\Web\Controller {
 
 		if($browser->build_page)
 			construct_page();
-		
+
 		killme();
 	}
 
 
 	function DAVException($err) {
-			
+
 		if($err instanceof \Sabre\DAV\Exception\NotFound) {
 			notice( t('Not found') . EOL);
 		}
@@ -126,7 +130,7 @@ class Cloud extends \Zotlabs\Web\Controller {
 		}
 
 		construct_page();
-			
+
 		killme();
 	}
 
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index 11950dda0..949b89950 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -100,7 +100,7 @@ class Dav extends \Zotlabs\Web\Controller {
 
 		$auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
 
-		$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
+		$rootDirectory = new \Zotlabs\Storage\Directory('/', [], $auth);
 
 		// A SabreDAV server-object
 		$server = new SDAV\Server($rootDirectory);
diff --git a/Zotlabs/Module/File_upload.php b/Zotlabs/Module/File_upload.php
index 1735e9487..6794dceee 100644
--- a/Zotlabs/Module/File_upload.php
+++ b/Zotlabs/Module/File_upload.php
@@ -11,17 +11,16 @@ require_once('include/photos.php');
 class File_upload extends \Zotlabs\Web\Controller {
 
 	function post() {
-
 		logger('file upload: ' . print_r($_REQUEST,true));
 		logger('file upload: ' . print_r($_FILES,true));
-	
+
 		$channel = (($_REQUEST['channick']) ? channelx_by_nick($_REQUEST['channick']) : null);
-	
+
 		if(! $channel) {
 			logger('channel not found');
 			killme();
 		}
-	
+
 		$_REQUEST['source'] = 'file_upload';
 
 		if($channel['channel_id'] != local_channel()) {
@@ -40,13 +39,11 @@ class File_upload extends \Zotlabs\Web\Controller {
 			$r = attach_mkdir($channel, get_observer_hash(), $_REQUEST);
 			if($r['success']) {
 				$hash = $r['data']['hash'];
-
 				$sync = attach_export_data($channel,$hash);
 				if($sync) {
 					Libsync::build_sync_packet($channel['channel_id'],array('file' => array($sync)));
 				}
-				goaway(z_root() . '/cloud/' . $channel['channel_address'] . '/' . $r['data']['display_path']);
-
+				goaway(z_root() . '/' . $_REQUEST['return_url']);
 			}
 		}
 		else {
@@ -54,8 +51,6 @@ class File_upload extends \Zotlabs\Web\Controller {
 			$matches = [];
 			$partial = false;
 
-
-
 			if(array_key_exists('HTTP_CONTENT_RANGE',$_SERVER)) {
 				$pm = preg_match('/bytes (\d*)\-(\d*)\/(\d*)/',$_SERVER['HTTP_CONTENT_RANGE'],$matches);
 				if($pm) {
@@ -83,7 +78,7 @@ class File_upload extends \Zotlabs\Web\Controller {
 					];
 				}
 			}
-			else {	
+			else {
 				if(! array_key_exists('userfile',$_FILES)) {
 					$_FILES['userfile'] = [
 						'name'     => $_FILES['files']['name'],
@@ -103,8 +98,9 @@ class File_upload extends \Zotlabs\Web\Controller {
 
 			}
 		}
+
 		goaway(z_root() . '/' . $_REQUEST['return_url']);
-	
+
 	}
-	
+
 }
diff --git a/Zotlabs/Module/Filestorage.php b/Zotlabs/Module/Filestorage.php
index 0c6233493..0d132e998 100644
--- a/Zotlabs/Module/Filestorage.php
+++ b/Zotlabs/Module/Filestorage.php
@@ -11,6 +11,9 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 	function post() {
 
+		notice( t('Deprecated!') . EOL);
+		return;
+
 		$channel_id = ((x($_POST, 'uid')) ? intval($_POST['uid']) : 0);
 
 		if((! $channel_id) || (! local_channel()) || ($channel_id != local_channel())) {
@@ -47,6 +50,9 @@ class Filestorage extends \Zotlabs\Web\Controller {
 
 	function get() {
 
+		notice( t('Deprecated!') . EOL);
+		return;
+
 		if(argc() > 1)
 			$which = argv(1);
 		else {
@@ -88,7 +94,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 				}
 				else {
 					notice( t('Permission denied.') . EOL);
-					if($json_return) 
+					if($json_return)
 						json_return_and_die([ 'success' => false ]);
 					return;
 				}
@@ -102,24 +108,23 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			if(! $r) {
 				notice( t('File not found.') . EOL);
 
-				if($json_return) 
+				if($json_return)
 					json_return_and_die([ 'success' => false ]);
 
 				goaway(z_root() . '/cloud/' . $which);
 			}
 
-			if(local_channel() !== $owner) {
+			if((local_channel() !== $owner) && !$admin_delete) {
 				if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) {
 					notice( t('Permission denied.') . EOL);
 
-					if($json_return) 
+					if($json_return)
 						json_return_and_die([ 'success' => false ]);
 
 					goaway(z_root() . '/cloud/' . $which);
 				}
 			}
 
-
 			$f = $r[0];
 
 			$channel = channelx_by_n($owner);
@@ -138,7 +143,7 @@ class Filestorage extends \Zotlabs\Web\Controller {
 			if($json_return)
 				json_return_and_die([ 'success' => true ]);
 
-			goaway(dirname($url));
+			//goaway(dirname($url));
 		}
 
 
diff --git a/Zotlabs/Module/Rpost.php b/Zotlabs/Module/Rpost.php
index f03dae2bf..031270845 100644
--- a/Zotlabs/Module/Rpost.php
+++ b/Zotlabs/Module/Rpost.php
@@ -10,7 +10,7 @@ require_once('include/zot.php');
 
 /**
  * remote post
- * 
+ *
  * https://yoursite/rpost?f=&title=&body=&remote_return=
  *
  * This can be called via either GET or POST, use POST for long body content as suhosin often limits GET parameter length
@@ -20,7 +20,7 @@ require_once('include/zot.php');
  * body= Body of post
  * url= URL which will be parsed and the results appended to the body
  * source= Source application
- * post_id= post_id of post to 'share' (local use only) 
+ * post_id= post_id of post to 'share' (local use only)
  * remote_return= absolute URL to return after posting is finished
  * type= choices are 'html' or 'bbcode', default is 'bbcode'
  *
@@ -32,16 +32,16 @@ require_once('include/zot.php');
 class Rpost extends \Zotlabs\Web\Controller {
 
 	function get() {
-	
+
 		$o = '';
-	
+
 		if(! local_channel()) {
 			if(remote_channel()) {
 				// redirect to your own site.
 				// We can only do this with a GET request so you'll need to keep the text short or risk getting truncated
 				// by the wretched beast called 'suhosin'. All the browsers now allow long GET requests, but suhosin
 				// blocks them.
-	
+
 				$url = get_rpost_path(\App::get_observer());
 				// make sure we're not looping to our own hub
 				if(($url) && (! stristr($url, \App::get_hostname()))) {
@@ -53,10 +53,10 @@ class Rpost extends \Zotlabs\Web\Controller {
 					goaway($url);
 				}
 			}
-	
+
 			// The login procedure is going to bugger our $_REQUEST variables
 			// so save them in the session.
-	
+
 			if(array_key_exists('body',$_REQUEST)) {
 				$_SESSION['rpost'] = $_REQUEST;
 			}
@@ -64,14 +64,14 @@ class Rpost extends \Zotlabs\Web\Controller {
 		}
 
 		nav_set_selected('Post');
-	
+
 		// If we have saved rpost session variables, but nothing in the current $_REQUEST, recover the saved variables
-	
+
 		if((! array_key_exists('body',$_REQUEST)) && (array_key_exists('rpost',$_SESSION))) {
 			$_REQUEST = $_SESSION['rpost'];
 			unset($_SESSION['rpost']);
 		}
-	
+
 		if(array_key_exists('channel',$_REQUEST)) {
 			$r = q("select channel_id from channel where channel_account_id = %d and channel_address = '%s' limit 1",
 				intval(get_account_id()),
@@ -82,7 +82,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 				$change = change_channel($r[0]['channel_id']);
 			}
 		}
-	
+
 		if($_REQUEST['remote_return']) {
 			$_SESSION['remote_return'] = $_REQUEST['remote_return'];
 		}
@@ -91,21 +91,27 @@ class Rpost extends \Zotlabs\Web\Controller {
 				goaway($_SESSION['remote_return']);
 			goaway(z_root() . '/network');
 		}
-	
+
 		$plaintext = true;
-	
+
 		if(array_key_exists('type', $_REQUEST) && $_REQUEST['type'] === 'html') {
 			require_once('include/html2bbcode.php');
-			$_REQUEST['body'] = html2bbcode($_REQUEST['body']); 
+			$_REQUEST['body'] = html2bbcode($_REQUEST['body']);
 		}
-	
+
 		$channel = \App::get_channel();
-	
-	
-		$acl = new \Zotlabs\Access\AccessList($channel);
-	
-		$channel_acl = $acl->get();
-	
+
+		if($_REQUEST['acl']) {
+				$acl = new \Zotlabs\Access\AccessList([]);
+				$acl->set($_REQUEST['acl']);
+				$channel_acl = $acl->get();
+		}
+		else {
+				$acl = new \Zotlabs\Access\AccessList($channel);
+				$channel_acl = $acl->get();
+		}
+
+
 		if($_REQUEST['url']) {
 			$x = z_fetch_url(z_root() . '/linkinfo?f=&url=' . urlencode($_REQUEST['url']));
 			if($x['success'])
@@ -115,7 +121,7 @@ class Rpost extends \Zotlabs\Web\Controller {
 		if($_REQUEST['post_id']) {
 			$_REQUEST['body'] .= '[share=' . intval($_REQUEST['post_id']) . '][/share]';
 		}
-	
+
 		$x = array(
 			'is_owner'            => true,
 			'allow_location'      => ((intval(get_pconfig($channel['channel_id'],'system','use_browser_location'))) ? '1' : ''),
@@ -137,19 +143,19 @@ class Rpost extends \Zotlabs\Web\Controller {
 			'bbcode'              => true,
 			'jotnets'             => true
 		);
-	
+
 		$editor = status_editor($a,$x,false,'Rpost');
-	
+
 		$o .= replace_macros(get_markup_template('edpost_head.tpl'), array(
 			'$title' => t('Edit post'),
 			'$cancel' => '',
 			'$editor' => $editor
 		));
-	
+
 		return $o;
-	
+
 	}
-	
-	
-	
+
+
+
 }
-- 
cgit v1.2.3