diff --git a/ServiceAPI/Photos.php b/ServiceAPI/Photos.php index 8f3e3c02..16d602f2 100644 --- a/ServiceAPI/Photos.php +++ b/ServiceAPI/Photos.php @@ -1,7 +1,7 @@ get($album); - if(!$album || $album->isDeleted() || $album->getOwner()->getId() != $this->user->getId()) + if(!$album || $album->isDeleted()) $reject(55, "Invalid ."); + if($album->getOwner() instanceof User) { + if($album->getOwner()->getId() != $this->user->getId()) + $reject(555, "Access to album denied"); + } else { + if(!$album->getOwner()->canBeModifiedBy($this->user)) + $reject(555, "Access to album denied"); + } + $photos = $album->getPhotos($page, 24); $count = $album->size(); } @@ -43,9 +51,10 @@ class Photos implements Handler $resolve($arr); } - function getAlbums(callable $resolve, callable $reject) + function getAlbums(int $club, callable $resolve, callable $reject) { $albumsRepo = (new Albums); + $count = $albumsRepo->getUserAlbumsCount($this->user); $albums = $albumsRepo->getUserAlbums($this->user, 1, $count); @@ -56,10 +65,28 @@ class Photos implements Handler foreach($albums as $album) { $res = ["id" => $album->getId(), "name" => $album->getName()]; - + $arr["items"][] = $res; } + if($club > 0) { + $cluber = (new Clubs)->get($club); + + if(!$cluber || !$cluber->canBeModifiedBy($this->user)) + $reject(1337, "Invalid (club), or you can't modify him"); + + $clubCount = (new Albums)->getClubAlbumsCount($cluber); + $clubAlbums = (new Albums)->getClubAlbums($cluber, 1, $clubCount); + + foreach($clubAlbums as $albumr) { + $res = ["id" => $albumr->getId(), "name" => $albumr->getName()]; + + $arr["items"][] = $res; + } + + $arr["count"] = $arr["count"] + $clubCount; + } + $resolve($arr); } } diff --git a/Web/Presenters/templates/components/textArea.xml b/Web/Presenters/templates/components/textArea.xml index 44fb5358..8727addf 100644 --- a/Web/Presenters/templates/components/textArea.xml +++ b/Web/Presenters/templates/components/textArea.xml @@ -77,7 +77,7 @@ {_attach} - + canBeModifiedBy($thisUser)}data-club="{$club->getId()}"{/if}> {_photo} diff --git a/Web/static/js/al_wall.js b/Web/static/js/al_wall.js index 941ab6ba..d3a18471 100644 --- a/Web/static/js/al_wall.js +++ b/Web/static/js/al_wall.js @@ -42,9 +42,12 @@ function initGraffiti(id) { canvas.getImage({includeWatermark: false}).toBlob(blob => { let fName = "Graffiti-" + Math.ceil(performance.now()).toString() + ".jpeg"; let image = new File([blob], fName, {type: "image/jpeg", lastModified: new Date().getTime()}); - let trans = new DataTransfer(); - trans.items.add(image); + let formdata = new FormData() + formdata.append("hash", u("meta[name=csrf]").attr("value")) + formdata.append("count", 1) + + //ky.post("/photos/upload", {body:}) let fileSelect = document.querySelector("#post-buttons" + id + " input[name='_pic_attachment']"); fileSelect.files = trans.files; @@ -115,43 +118,20 @@ function setupWallPostInputHandlers(id) { }); u(`#wall-post-input${id}`).on("paste", function(e) { - let xhr = new XMLHttpRequest() - let formdat = new FormData() - let iterator = 0 + if(e.clipboardData.files.length === 1) { + let xhr = new XMLHttpRequest() + let formdat = new FormData() + formdat.append("photo_0", e.clipboardData.files[0]) + formdat.append("count", 1) + formdat.append("hash", u("meta[name=csrf]").attr("value")) - for (let i = 0; i < e.clipboardData.files.length; i++) { - if(getMediaCount() >= 10) { - alert('Не больше 10 пикч'); - } - if(e.clipboardData.files[i].type.match('^image/')) { - addPhotoMedia(e.clipboardData.files[i]) - } + xhr.open("POST", "/photos/upload") + + xhr.send(formdat) + console.log(e.clipboardData.files); } - console.log(formdat) }); - - function addPhotoMedia(files, preview, id) { - if(getMediaCount() >= 10) { - alert('Не больше 10 пикч'); - } else { - u(`#post-buttons${id} .upload`).append(u(` -
- × - -
- `)); - u(`div#aP${picCount}`).nodes[0].append(u(``).first()); - let input = u(`#attachPic${picCount}`).nodes[0]; - input.files = files; // нужен рефактор, но щас не - console.log(input); - u(input).trigger("change"); - } - } - - function getMediaCount() { - return u(`#post-buttons${id} .upload`).nodes[0].children.length; - } } function removePicture(idA) { @@ -744,15 +724,21 @@ $(document).on("click", "#photosAttachments", async (e) => { document.querySelector(".ovk-diag-body").style.height = "335px" async function insertPhotos(page, album = 0) { + u("#loader").remove() + let insertPlace = document.querySelector(".photosInsert .photosList") document.querySelector(".photosInsert").insertAdjacentHTML("beforeend", ``) let photos; - if(album == 0) { - photos = await API.Photos.getPhotos(page, 0) - } else { + try { photos = await API.Photos.getPhotos(page, Number(album)) + } catch(e) { + document.querySelector(".photosInsert h4").innerHTML = tr("is_x_photos", -1) + insertPlace.innerHTML = "Invalid album" + console.error(e) + u("#loader").remove() + return; } document.querySelector(".photosInsert h4").innerHTML = tr("is_x_photos", photos.count) @@ -782,12 +768,12 @@ $(document).on("click", "#photosAttachments", async (e) => { insertPhotos(1) - let albums = await API.Photos.getAlbums() + let albums = await API.Photos.getAlbums(Number(e.currentTarget.dataset.club ?? 0)) for(const alb of albums.items) { let sel = document.querySelector(".ovk-diag-body #albumSelect") - sel.insertAdjacentHTML("beforeend", ``) + sel.insertAdjacentHTML("beforeend", ``) } $(".photosInsert").on("click", "#showMorePhotos", (e) => { @@ -797,6 +783,7 @@ $(document).on("click", "#photosAttachments", async (e) => { $(".topGrayBlock #albumSelect").on("change", (evv) => { document.querySelector(".photosInsert .photosList").innerHTML = "" + insertPhotos(1, evv.currentTarget.value) }) @@ -900,6 +887,9 @@ $(document).on("click", "#photosAttachments", async (e) => { u("body").removeClass("dimmed"); u(".ovk-diag-cont").remove(); document.querySelector("html").style.overflowY = "scroll" + } else { + // todo: https://vk.com/wall-32295218_78593 + alert(result.flash.message) } }