From 8ef6b7cad0b5839ab823182392161af60f15fd69 Mon Sep 17 00:00:00 2001 From: andi Date: Fri, 3 Jun 2005 22:55:01 +0200 Subject: Mediafile Deletion and Overwrite Handling #200 This patch enhances the ACL feature by adding another Permission called DELETE - this permission allows a user to delete or overwrite existing mediafiles. Users with UPLOAD permission are no longer allowed to overwrite media files. Users whith DELETE permissions now need to check an additional checkbox to overwrite existing files, this is to prevent accidently deletions. Please note: If no ACL is used UPLOAD rights are assumed for everybody - not DELETE rights. This changes the behaviour from previous versions as UPLOAD does not allow overwriting anymore. darcs-hash:20050603205501-9977f-1d219b23a79bb097ed0e0b8184dc6d5d8aad578b.gz --- inc/admin_acl.php | 4 ++-- inc/auth.php | 5 +++-- inc/template.php | 24 +++++++++++++++++++++++- 3 files changed, 28 insertions(+), 5 deletions(-) (limited to 'inc') diff --git a/inc/admin_acl.php b/inc/admin_acl.php index 5dc907049..fcf9d9ae3 100644 --- a/inc/admin_acl.php +++ b/inc/admin_acl.php @@ -28,7 +28,7 @@ function admin_acl_handler(){ if($type == '@') $user = '@'.$user; if($user == '@all') $user = '@ALL'; //special group! (now case insensitive) $perm = (int) $perm; - if($perm > AUTH_UPLOAD) $perm = AUTH_UPLOAD; + if($perm > AUTH_DELETE) $perm = AUTH_DELETE; //FIXME sanitize scope!!! //nothing to do? @@ -374,7 +374,7 @@ function admin_acl_html_checkboxes($setperm,$ispage){ static $label = 0; //number labels $ret = ''; - foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD) as $perm){ + foreach(array(AUTH_READ,AUTH_EDIT,AUTH_CREATE,AUTH_UPLOAD,AUTH_DELETE) as $perm){ $label += 1; //general checkbox attributes diff --git a/inc/auth.php b/inc/auth.php index a948a544f..a55cfbc51 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -23,6 +23,7 @@ define('AUTH_EDIT',2); define('AUTH_CREATE',4); define('AUTH_UPLOAD',8); + define('AUTH_DELETE',16); define('AUTH_ADMIN',255); if($conf['useacl']){ @@ -249,7 +250,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } @@ -273,7 +274,7 @@ function auth_aclcheck($id,$user,$groups){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments $acl = preg_split('/\s+/',$match); - if($acl[2] > AUTH_UPLOAD) $acl[2] = AUTH_UPLOAD; //no admins in the ACL! + if($acl[2] > AUTH_DELETE) $acl[2] = AUTH_DELETE; //no admins in the ACL! if($acl[2] > $perm){ $perm = $acl[2]; } diff --git a/inc/template.php b/inc/template.php index 1f54c5f99..11a1112d0 100644 --- a/inc/template.php +++ b/inc/template.php @@ -548,6 +548,7 @@ function tpl_mediafilelist(){ global $conf; global $lang; global $NS; + global $AUTH; $dir = utf8_encodeFN(str_replace(':','/',$NS)); $data = array(); @@ -564,11 +565,27 @@ function tpl_mediafilelist(){ ptln(''. utf8_decodeFN($item['file']). '',6); + + //prepare deletion button + if($AUTH >= AUTH_DELETE){ + $ask = $lang['del_confirm'].'\\n'; + $ask .= $item['id']; + + $del = ''. + ''.$lang['btn_delete'].''; + }else{ + $del = ''; + } + + if($item['isimg']){ $w = $item['info'][0]; $h = $item['info'][1]; - ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')
',6); + ptln('('.$w.'×'.$h.' '.filesize_h($item['size']).')',6); + ptln($del.'
',6); ptln(''); if($w>120){ @@ -580,6 +597,7 @@ function tpl_mediafilelist(){ }else{ ptln ('('.filesize_h($item['size']).')',6); + ptln($del,6); } ptln('',4); } @@ -594,6 +612,7 @@ function tpl_mediafilelist(){ function tpl_mediauploadform(){ global $NS; global $UPLOADOK; + global $AUTH; global $lang; if(!$UPLOADOK) return; @@ -606,6 +625,9 @@ function tpl_mediauploadform(){ ptln($lang['txt_filename'].'
',4); ptln('',4); ptln('',4); + if($AUTH >= AUTH_DELETE){ + ptln('',4); + } ptln('',2); } -- cgit v1.2.3