From 1408e3da3bcb818134b76db338fb913ae0b54aa1 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 10 Aug 2017 21:08:07 -0700
Subject: prevent uploads to comments if the channel has a default private ACL.

---
 include/conversation.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'include/conversation.php')

diff --git a/include/conversation.php b/include/conversation.php
index f15077e76..30ba4d812 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -550,6 +550,19 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
 	if (! feature_enabled($profile_owner,'multi_delete'))
 		$page_dropping = false;
 
+	$uploading = true;
+
+	if($profile_owner > 0) {
+		$owner_channel = channelx_by_n($profile_owner);
+		if($owner_channel['channel_allow_cid'] || $owner_channel['channel_allow_gid']
+			|| $owner_channel['channel_deny_cid'] || $owner_channel['channel_deny_gid']) {
+			$uploading = false;
+		}
+	}
+	else {
+		$uploading = false;
+	}
+
 
 	$channel = App::get_channel();
 	$observer = App::get_observer();
@@ -753,7 +766,7 @@ function conversation($items, $mode, $update, $page_mode = 'traditional', $prepa
 			// Normal View
 //			logger('conv: items: ' . print_r($items,true));
 
-			$conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $prepared_item);
+			$conv = new Zotlabs\Lib\ThreadStream($mode, $preview, $uploading, $prepared_item);
 
 			// In the display mode we don't have a profile owner. 
 
-- 
cgit v1.2.3