fix drag-drop, UI glitches, & update validation

js/auth.js

@@ -132,10 +132,11 @@ function updateAuthenticatedUI(data) {
   if (data.username) {
     localStorage.setItem("username", data.username);
   }
+  /*
   if (typeof data.folderOnly !== "undefined") {
     localStorage.setItem("folderOnly", data.folderOnly ? "true" : "false");
   }
-
+*/
   const headerButtons = document.querySelector(".header-buttons");
   const firstButton = headerButtons.firstElementChild;
 
@@ -227,15 +228,29 @@ function checkAuthentication(showLoginToast = true) {
 function submitLogin(data) {
   setLastLoginData(data);
   window.__lastLoginData = data;
-sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
-  .then(response => {
-    if (response.success || response.status === "ok") {
-      sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
-      window.location.reload();
-    } else if (response.totp_required) {
-      openTOTPLoginModal();
-    } else if (response.error && response.error.includes("Too many failed login attempts")) {
-      showToast(response.error);
+  sendRequest("auth.php", "POST", data, { "X-CSRF-Token": window.csrfToken })
+    .then(response => {
+      if (response.success || response.status === "ok") {
+        sessionStorage.setItem("welcomeMessage", "Welcome back, " + data.username + "!");
+        // Fetch and update permissions, then reload.
+        sendRequest("getUserPermissions.php", "GET")
+          .then(permissionData => {
+            if (permissionData && typeof permissionData === "object") {
+              localStorage.setItem("folderOnly", permissionData.folderOnly ? "true" : "false");
+              localStorage.setItem("readOnly", permissionData.readOnly ? "true" : "false");
+              localStorage.setItem("disableUpload", permissionData.disableUpload ? "true" : "false");
+            }
+          })
+          .catch(() => {
+            // if fetching permissions fails.
+          })
+          .finally(() => {
+            window.location.reload();
+          });
+      } else if (response.totp_required) {
+        openTOTPLoginModal();
+      } else if (response.error && response.error.includes("Too many failed login attempts")) {
+        showToast(response.error);
         const loginButton = document.getElementById("authForm").querySelector("button[type='submit']");
         if (loginButton) {
           loginButton.disabled = true;
@@ -293,7 +308,7 @@ function loadUserList() {
         closeRemoveUserModal();
       }
     })
-    .catch(() => {});
+    .catch(() => { });
 }
 window.loadUserList = loadUserList;
 
@@ -320,7 +335,7 @@ function initAuth() {
       method: "POST",
       credentials: "include",
       headers: { "X-CSRF-Token": window.csrfToken }
-    }).then(() => window.location.reload(true)).catch(() => {});
+    }).then(() => window.location.reload(true)).catch(() => { });
   });
   document.getElementById("addUserBtn").addEventListener("click", function () {
     resetUserForm();
@@ -386,7 +401,7 @@ function initAuth() {
           showToast("Error: " + (data.error || "Could not remove user"));
         }
       })
-      .catch(() => {});
+      .catch(() => { });
   });
   document.getElementById("cancelRemoveUserBtn").addEventListener("click", closeRemoveUserModal);
   document.getElementById("changePasswordBtn").addEventListener("click", function () {

js/authModals.js

@@ -162,9 +162,9 @@ export function openUserPanel() {
     max-width: 600px;
     width: 90%;
     border-radius: 8px;
-    position: relative;
+    position: fixed;
     overflow-y: auto;
-    max-height: 90vh;
+    max-height: 350px !important;
     border: ${isDarkMode ? "1px solid #444" : "1px solid #ccc"};
     transform: none;
     transition: none;
@@ -187,7 +187,7 @@ export function openUserPanel() {
         z-index: 3000;
       `;
     userPanelModal.innerHTML = `
-        <div class="modal-content" style="${modalContentStyles}">
+        <div class="modal-content user-panel-content" style="${modalContentStyles}">
           <span id="closeUserPanel" style="position: absolute; top: 10px; right: 10px; cursor: pointer; font-size: 24px;">&times;</span>
           <h3>User Panel (${username})</h3>
           <button type="button" id="openChangePasswordModalBtn" class="btn btn-primary" style="margin-bottom: 15px;">Change Password</button>
@@ -800,12 +800,18 @@ function loadUserPermissionsList() {
             if ((user.role && user.role === "1") || user.username.toLowerCase() === "admin") return;
 
             // Use stored permissions if available; otherwise fall back to localStorage defaults.
-            const defaultPerm = {
-              folderOnly: localStorage.getItem("folderOnly") === "true",
-              readOnly: localStorage.getItem("readOnly") === "true",
-              disableUpload: localStorage.getItem("disableUpload") === "true"
-            };
-            const userPerm = (permissionsData && typeof permissionsData === "object" && permissionsData[user.username]) || defaultPerm;
+const defaultPerm = {
+  folderOnly: false,
+  readOnly: false,
+  disableUpload: false,
+};
+
+// Normalize the username key to match server storage (e.g., lowercase)
+const usernameKey = user.username.toLowerCase();
+
+const userPerm = (permissionsData && typeof permissionsData === "object" && (usernameKey in permissionsData))
+    ? permissionsData[usernameKey]
+    : defaultPerm;
 
             // Create a row for the user.
             const row = document.createElement("div");

js/fileDragDrop.js

@@ -1,4 +1,4 @@
-// dragDrop.js
+// fileDragDrop.js
 import { showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 

js/fileEditor.js

@@ -1,4 +1,4 @@
-// editor.js
+// fileEditor.js
 import { escapeHTML, showToast } from './domUtils.js';
 import { loadFileList } from './fileListView.js';
 import { t } from './i18n.js';

js/fileListView.js

@@ -299,7 +299,7 @@ export function renderFileTable(folder, container) {
         });
     });
     updateFileActionButtons();
-    document.querySelectorAll("#fileListContent tbody tr").forEach(row => {
+    document.querySelectorAll("#fileList tbody tr").forEach(row => {
         row.setAttribute("draggable", "true");
         import('./fileDragDrop.js').then(module => {
             row.addEventListener("dragstart", module.fileDragStartHandler);

js/fileMenu.js

@@ -1,4 +1,4 @@
-// contextMenu.js
+// fileMenu.js
 import { updateRowHighlight, showToast } from './domUtils.js';
 import { handleDeleteSelected, handleCopySelected, handleMoveSelected, handleDownloadZipSelected, handleExtractZipSelected, renameFile } from './fileActions.js';
 import { previewFile } from './filePreview.js';