mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 21:35:13 +00:00
fix guest file (creator) delete
This commit is contained in:
parent
db4871ae1a
commit
e73af6511e
3 changed files with 31 additions and 11 deletions
|
@ -74,14 +74,6 @@ class Filestorage extends \Zotlabs\Web\Controller {
|
|||
return;
|
||||
}
|
||||
|
||||
// Since we have ACL'd files in the wild, but don't have ACL here yet, we
|
||||
// need to return for anyone other than the owner, despite the perms check for now.
|
||||
|
||||
$is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false);
|
||||
if(! ($is_owner || is_site_admin())){
|
||||
info( t('Permission Denied.') . EOL );
|
||||
return;
|
||||
}
|
||||
|
||||
if(argc() > 3 && argv(3) === 'delete') {
|
||||
|
||||
|
@ -104,18 +96,31 @@ class Filestorage extends \Zotlabs\Web\Controller {
|
|||
}
|
||||
|
||||
$file = intval(argv(2));
|
||||
$r = q("SELECT hash FROM attach WHERE id = %d AND uid = %d LIMIT 1",
|
||||
$r = q("SELECT hash, creator FROM attach WHERE id = %d AND uid = %d LIMIT 1",
|
||||
dbesc($file),
|
||||
intval($owner)
|
||||
);
|
||||
if(! $r) {
|
||||
notice( t('File not found.') . EOL);
|
||||
|
||||
if($json_return)
|
||||
json_return_and_die([ 'success' => false ]);
|
||||
|
||||
notice( t('File not found.') . EOL);
|
||||
goaway(z_root() . '/cloud/' . $which);
|
||||
}
|
||||
|
||||
if(local_channel() !== $owner) {
|
||||
if($r[0]['creator'] && $r[0]['creator'] !== $ob_hash) {
|
||||
notice( t('Permission denied.') . EOL);
|
||||
|
||||
if($json_return)
|
||||
json_return_and_die([ 'success' => false ]);
|
||||
|
||||
goaway(z_root() . '/cloud/' . $which);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$f = $r[0];
|
||||
|
||||
$channel = channelx_by_n($owner);
|
||||
|
@ -137,6 +142,19 @@ class Filestorage extends \Zotlabs\Web\Controller {
|
|||
goaway(dirname($url));
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
// Since we have ACL'd files in the wild, but don't have ACL here yet, we
|
||||
// need to return for anyone other than the owner, despite the perms check for now.
|
||||
|
||||
$is_owner = (((local_channel()) && ($owner == local_channel())) ? true : false);
|
||||
if(! ($is_owner || is_site_admin())){
|
||||
info( t('Permission Denied.') . EOL );
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
if(argc() > 3 && argv(3) === 'edit') {
|
||||
require_once('include/acl_selectors.php');
|
||||
if(! $perms['write_storage']) {
|
||||
|
|
|
@ -261,6 +261,8 @@ class Browser extends DAV\Browser\Plugin {
|
|||
$ft['iconFromType'] = getIconFromType($type);
|
||||
|
||||
$f[] = $ft;
|
||||
logger('f:' . print_r($ft,true));
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@
|
|||
<td class="cloud-index-tool"><a href="#" title="{{$delete}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete/json', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a></td>
|
||||
|
||||
{{else}}
|
||||
<td></td><td></td><td></td>{{if $is_admin || $is_creator}}<td class="cloud-index-tool"><a href="#" title="{{if $is_admin}}{{$admin_delete}}{{else}}{{$delete}}{{/if}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete/json', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a>{{else}}<td>{{/if}}</td>
|
||||
<td></td><td></td><td></td>{{if $is_admin || $item.is_creator}}<td class="cloud-index-tool"><a href="#" title="{{if $is_admin}}{{$admin_delete}}{{else}}{{$delete}}{{/if}}" onclick="dropItem('{{$item.fileStorageUrl}}/{{$item.attachId}}/delete/json', '#cloud-index-{{$item.attachId}},#cloud-tools-{{$item.attachId}}'); return false;"><i class="fa fa-trash-o drop-icons"></i></a>{{else}}<td>{{/if}}</td>
|
||||
{{/if}}
|
||||
<td>{{*{{$item.type}}*}}</td>
|
||||
<td class="d-none d-md-table-cell">{{$item.sizeFormatted}}</td>
|
||||
|
|
Loading…
Reference in a new issue