diff --git a/CHANGELOG.md b/CHANGELOG.md index 0e8a884..6a53660 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,61 @@ # Changelog +## Changes 11/13/2025 (v1.9.4) + +release(v1.9.4): lazy folder tree, cursor pagination, ACL-safe chevrons, and “Load more” (closes #66) + +**Big focus on folder management performance & UX for large libraries.** + +feat(folder-tree): + +- Lazy-load children on demand with cursor-based pagination (`nextCursor` + `limit`), including inline “Load more” row. +- BFS-based initial selection: if user can’t view requested/default folder, auto-pick the first accessible folder (but stick to (Root) when user can view it). +- Persisted expansion state across reloads; restore saved path and last opened folder; prevent navigation into locked folders (shows i18n toast instead). +- Breadcrumb now respects ACL: clicking a locked crumb toggles expansion only (no navigation). +- Live chevrons from server truth: `hasSubfolders` is computed server-side to avoid file count probes and show correct expanders (even when a direct child is unreadable). +- Capabilities-driven toolbar enable/disable for create/move/rename/color/delete/share. +- Color-carry on move/rename + expansion state migration so moved/renamed nodes keep colors and stay visible. +- Root DnD honored only when viewable; structural locks disable dragging. + +perf(core): + +- New `FS.php` helpers: safe path resolution (`safeReal`), segment sanitization, symlink defense, ignore/skip lists, bounded child counting, `hasSubfolders`, and `hasReadableDescendant` (depth-limited). +- Thin caching for child lists and counts, with targeted cache invalidation on move/rename/create/delete. +- Bounded concurrency for folder count requests; short timeouts to keep UI snappy. + +api/model: + +- `FolderModel::listChildren(...)` now returns items shaped like: + `{ name, locked, hasSubfolders, nonEmpty? }` + - `nonEmpty` included only for unlocked nodes (prevents side-channel leakage). + - Locked nodes are only returned when `hasReadableDescendant(...)` is true (preserves legacy “structural visibility without listing the entire tree” behavior). +- `public/api/folder/listChildren.php` delegates to controller/model; `isEmpty.php` hardened; `capabilities.php` exposes `canView` (or derived) for fast checks. +- Folder color endpoints gate results by ACL so users only see colors for folders they can at least “own-view”. + +ui/ux: + +- New “Load more” row (`
  • `) with dark-mode friendly ghost button styling; consistent padding, focus ring, hover state. +- Locked folders render with padlock overlay and no DnD; improved contrast/spacing; icons/chevrons update live as children load. +- i18n additions: `no_access`, `load_more`, `color_folder(_saved|_cleared)`, `please_select_valid_folder`, etc. +- When a user has zero access anywhere, tree selects (Root) but shows `no_access` instead of “No files found”. + +security: + +- Stronger path traversal + symlink protections across folder APIs (all joins normalized, base-anchored). +- Reduced metadata leakage by omitting `nonEmpty` for locked nodes and depth-limiting descendant checks. + +fixes: + +- Chevron visibility for unreadable intermediate nodes (e.g., “Files” shows a chevron when it contains a readable “Resources” descendant). +- Refresh now honors the actively viewed folder (session/localStorage), not the first globally readable folder. + +chore: + +- CSS additions for locked state, tree rows, and dark-mode ghost buttons. +- Minor code cleanups and comments across controller/model and JS tree logic. + +--- + ## Changes 11/11/2025 (v1.9.3) release(v1.9.3): unify folder icons across tree & strip, add “paper” lines, live color sync, and vendor-aware release diff --git a/public/api/folder/capabilities.php b/public/api/folder/capabilities.php index 3f75b1d..b21c098 100644 --- a/public/api/folder/capabilities.php +++ b/public/api/folder/capabilities.php @@ -1,245 +1,18 @@ 'Unauthorized']); exit; } +@session_write_close(); -// --- auth --- -$username = $_SESSION['username'] ?? ''; -if ($username === '') { - http_response_code(401); - echo json_encode(['error' => 'Unauthorized']); - exit; -} +$folder = isset($_GET['folder']) ? (string)$_GET['folder'] : 'root'; +$folder = str_replace('\\', '/', trim($folder)); +$folder = ($folder === '' || strcasecmp($folder, 'root') === 0) ? 'root' : trim($folder, '/'); -// --- helpers --- -function loadPermsFor(string $u): array { - try { - if (function_exists('loadUserPermissions')) { - $p = loadUserPermissions($u); - return is_array($p) ? $p : []; - } - if (class_exists('userModel') && method_exists('userModel', 'getUserPermissions')) { - $all = userModel::getUserPermissions(); - if (is_array($all)) { - if (isset($all[$u])) return (array)$all[$u]; - $lk = strtolower($u); - if (isset($all[$lk])) return (array)$all[$lk]; - } - } - } catch (Throwable $e) {} - return []; -} - -function isOwnerOrAncestorOwner(string $user, array $perms, string $folder): bool { - $f = ACL::normalizeFolder($folder); - // direct owner - if (ACL::isOwner($user, $perms, $f)) return true; - // ancestor owner - while ($f !== '' && strcasecmp($f, 'root') !== 0) { - $pos = strrpos($f, '/'); - if ($pos === false) break; - $f = substr($f, 0, $pos); - if ($f === '' || strcasecmp($f, 'root') === 0) break; - if (ACL::isOwner($user, $perms, $f)) return true; - } - return false; -} - -/** - * folder-only scope: - * - Admins: always in scope - * - Non folder-only accounts: always in scope - * - Folder-only accounts: in scope iff: - * - folder == username OR subpath of username, OR - * - user is owner of this folder (or any ancestor) - */ -function inUserFolderScope(string $folder, string $u, array $perms, bool $isAdmin): bool { - if ($isAdmin) return true; - //$folderOnly = !empty($perms['folderOnly']) || !empty($perms['userFolderOnly']) || !empty($perms['UserFolderOnly']); - //if (!$folderOnly) return true; - - $f = ACL::normalizeFolder($folder); - if ($f === 'root' || $f === '') { - // folder-only users cannot act on root unless they own a subfolder (handled below) - return isOwnerOrAncestorOwner($u, $perms, $f); - } - - if ($f === $u || str_starts_with($f, $u . '/')) return true; - - // Treat ownership as in-scope - return isOwnerOrAncestorOwner($u, $perms, $f); -} - -// --- inputs --- -$folder = isset($_GET['folder']) ? trim((string)$_GET['folder']) : 'root'; - -// validate folder path -if ($folder !== 'root') { - $parts = array_filter(explode('/', trim($folder, "/\\ "))); - if (empty($parts)) { - http_response_code(400); - echo json_encode(['error' => 'Invalid folder name.']); - exit; - } - foreach ($parts as $seg) { - if (!preg_match(REGEX_FOLDER_NAME, $seg)) { - http_response_code(400); - echo json_encode(['error' => 'Invalid folder name.']); - exit; - } - } - $folder = implode('/', $parts); -} - -// --- user + flags --- -$perms = loadPermsFor($username); -$isAdmin = ACL::isAdmin($perms); -$readOnly = !empty($perms['readOnly']); -$inScope = inUserFolderScope($folder, $username, $perms, $isAdmin); - -// --- ACL base abilities --- -$canViewBase = $isAdmin || ACL::canRead($username, $perms, $folder); -$canViewOwn = $isAdmin || ACL::canReadOwn($username, $perms, $folder); -$canWriteBase = $isAdmin || ACL::canWrite($username, $perms, $folder); -$canShareBase = $isAdmin || ACL::canShare($username, $perms, $folder); - -$canManageBase = $isAdmin || ACL::canManage($username, $perms, $folder); - -// granular base -$gCreateBase = $isAdmin || ACL::canCreate($username, $perms, $folder); -$gRenameBase = $isAdmin || ACL::canRename($username, $perms, $folder); -$gDeleteBase = $isAdmin || ACL::canDelete($username, $perms, $folder); -$gMoveBase = $isAdmin || ACL::canMove($username, $perms, $folder); -$gUploadBase = $isAdmin || ACL::canUpload($username, $perms, $folder); -$gEditBase = $isAdmin || ACL::canEdit($username, $perms, $folder); -$gCopyBase = $isAdmin || ACL::canCopy($username, $perms, $folder); -$gExtractBase = $isAdmin || ACL::canExtract($username, $perms, $folder); -$gShareFile = $isAdmin || ACL::canShareFile($username, $perms, $folder); -$gShareFolder = $isAdmin || ACL::canShareFolder($username, $perms, $folder); - -// --- Apply scope + flags to effective UI actions --- -$canView = $canViewBase && $inScope; // keep scope for folder-only -$canUpload = $gUploadBase && !$readOnly && $inScope; -$canCreate = $canManageBase && !$readOnly && $inScope; // Create **folder** -$canRename = $canManageBase && !$readOnly && $inScope; // Rename **folder** -$canDelete = $gDeleteBase && !$readOnly && $inScope; -// Destination can receive items if user can create/write (or manage) here -$canReceive = ($gUploadBase || $gCreateBase || $canManageBase) && !$readOnly && $inScope; -// Back-compat: expose as canMoveIn (used by toolbar/context-menu/drag&drop) -$canMoveIn = $canReceive; -$canMoveAlias = $canMoveIn; -$canEdit = $gEditBase && !$readOnly && $inScope; -$canCopy = $gCopyBase && !$readOnly && $inScope; -$canExtract = $gExtractBase && !$readOnly && $inScope; - -// Sharing respects scope; optionally also gate on readOnly -$canShare = $canShareBase && $inScope; // legacy umbrella -$canShareFileEff = $gShareFile && $inScope; -$canShareFoldEff = $gShareFolder && $inScope; - -// never allow destructive ops on root -$isRoot = ($folder === 'root'); -if ($isRoot) { - $canRename = false; - $canDelete = false; - $canShareFoldEff = false; - $canMoveFolder = false; -} - -if (!$isRoot) { - $canMoveFolder = (ACL::canManage($username, $perms, $folder) || ACL::isOwner($username, $perms, $folder)) - && !$readOnly; -} - -$owner = null; -try { $owner = FolderModel::getOwnerFor($folder); } catch (Throwable $e) {} - -echo json_encode([ - 'user' => $username, - 'folder' => $folder, - 'isAdmin' => $isAdmin, - 'flags' => [ - //'folderOnly' => !empty($perms['folderOnly']) || !empty($perms['userFolderOnly']) || !empty($perms['UserFolderOnly']), - 'readOnly' => $readOnly, - ], - 'owner' => $owner, - - // viewing - 'canView' => $canView, - 'canViewOwn' => $canViewOwn, - - // write-ish - 'canUpload' => $canUpload, - 'canCreate' => $canCreate, - 'canRename' => $canRename, - 'canDelete' => $canDelete, - 'canMoveIn' => $canMoveIn, - 'canMove' => $canMoveAlias, - 'canMoveFolder'=> $canMoveFolder, - 'canEdit' => $canEdit, - 'canCopy' => $canCopy, - 'canExtract' => $canExtract, - - // sharing - 'canShare' => $canShare, // legacy - 'canShareFile' => $canShareFileEff, - 'canShareFolder' => $canShareFoldEff, -], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); \ No newline at end of file +echo json_encode(FolderController::capabilities($folder, $username), JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES); \ No newline at end of file diff --git a/public/api/folder/isEmpty.php b/public/api/folder/isEmpty.php index cd3c27d..9d66f2d 100644 --- a/public/api/folder/isEmpty.php +++ b/public/api/folder/isEmpty.php @@ -1,30 +1,28 @@ 'Unauthorized']); exit; } + +$username = (string)($_SESSION['username'] ?? ''); $perms = [ - 'role' => $_SESSION['role'] ?? null, - 'admin' => $_SESSION['admin'] ?? null, - 'isAdmin' => $_SESSION['isAdmin'] ?? null, + 'role' => $_SESSION['role'] ?? null, + 'admin' => $_SESSION['admin'] ?? null, + 'isAdmin' => $_SESSION['isAdmin'] ?? null, + 'folderOnly' => $_SESSION['folderOnly'] ?? null, + 'readOnly' => $_SESSION['readOnly'] ?? null, ]; @session_write_close(); -// Input $folder = isset($_GET['folder']) ? (string)$_GET['folder'] : 'root'; $folder = str_replace('\\', '/', trim($folder)); -$folder = ($folder === '' || $folder === 'root') ? 'root' : trim($folder, '/'); +$folder = ($folder === '' || strcasecmp($folder, 'root') === 0) ? 'root' : trim($folder, '/'); -// Delegate to controller (model handles ACL + path safety) -$result = FolderController::stats($folder, $user, $perms); - -// Always return a compact JSON object like before -echo json_encode([ - 'folders' => (int)($result['folders'] ?? 0), - 'files' => (int)($result['files'] ?? 0), -]); \ No newline at end of file +echo json_encode(FolderController::stats($folder, $username, $perms), JSON_UNESCAPED_SLASHES); \ No newline at end of file diff --git a/public/api/folder/listChildren.php b/public/api/folder/listChildren.php new file mode 100644 index 0000000..6cd1c11 --- /dev/null +++ b/public/api/folder/listChildren.php @@ -0,0 +1,31 @@ +'Unauthorized']); exit; } + +$username = (string)($_SESSION['username'] ?? ''); +$perms = [ + 'role' => $_SESSION['role'] ?? null, + 'admin' => $_SESSION['admin'] ?? null, + 'isAdmin' => $_SESSION['isAdmin'] ?? null, + 'folderOnly' => $_SESSION['folderOnly'] ?? null, + 'readOnly' => $_SESSION['readOnly'] ?? null, +]; +@session_write_close(); + +$folder = isset($_GET['folder']) ? (string)$_GET['folder'] : 'root'; +$folder = str_replace('\\', '/', trim($folder)); +$folder = ($folder === '' || strcasecmp($folder, 'root') === 0) ? 'root' : trim($folder, '/'); + +$limit = max(1, min(2000, (int)($_GET['limit'] ?? 500))); +$cursor = isset($_GET['cursor']) && $_GET['cursor'] !== '' ? (string)$_GET['cursor'] : null; + +$res = FolderController::listChildren($folder, $username, $perms, $cursor, $limit); +echo json_encode($res, JSON_UNESCAPED_SLASHES); \ No newline at end of file diff --git a/public/css/styles.css b/public/css/styles.css index 5c0134c..401f82e 100644 --- a/public/css/styles.css +++ b/public/css/styles.css @@ -2413,3 +2413,67 @@ body.dark-mode .folder-strip-container .folder-item:hover { .folder-strip-container .folder-svg .paper-line, .folder-strip-container .folder-svg .paper-ink, .folder-strip-container .folder-svg .lip-highlight { stroke-width: 1.1px; } +/* Locked folder look (keep subtle but clear) */ +#folderTreeContainer .folder-option.locked { + opacity: .9; + font-style: italic; +} + +/* Padlock styling inside the SVG */ +#folderTreeContainer .folder-icon .lock-body { + fill: var(--filr-folder-stroke, #6b6b6b); + opacity: .95; +} +#folderTreeContainer .folder-icon .lock-shackle { + fill: none; + stroke: var(--filr-folder-stroke, #6b6b6b); + stroke-width: 1.4; + stroke-linecap: round; +} +#folderTreeContainer .folder-icon .lock-keyhole { + fill: rgba(0,0,0,.28); +} +body.dark-mode #folderTreeContainer .folder-icon .lock-keyhole { + fill: rgba(255,255,255,.28); +} + +#folderTreeContainer li.load-more { + padding: 4px 0 4px 28px; /* indent to line up with rows */ + list-style: none; +} + +#folderTreeContainer li.load-more > .btn.btn-ghost { + width: calc(100% - 8px); + margin: 0 4px; + display: flex; + align-items: center; + gap: 8px; + justify-content: center; + border-radius: 10px; + border: 1px solid var(--tree-ghost-border); + background: var(--tree-ghost-bg); + color: var(--tree-ghost-fg); + padding: 6px 10px; + font-size: 12.5px; +} + +#folderTreeContainer li.load-more > .btn.btn-ghost:hover { + background: var(--tree-ghost-hover-bg); +} + +#folderTreeContainer li.load-more > .btn.btn-ghost:focus-visible { + outline: 2px solid #8ab4f8; + outline-offset: 2px; +} + +/* tiny spinner when busy */ +#folderTreeContainer li.load-more > .btn[aria-busy="true"]::before { + content: ""; + width: 12px; height: 12px; + border-radius: 50%; + border: 2px solid currentColor; + border-right-color: transparent; + display: inline-block; + animation: filr-spin .8s linear infinite; +} +@keyframes filr-spin { to { transform: rotate(360deg); } } \ No newline at end of file diff --git a/public/index.html b/public/index.html index 7eb5a79..a1ac6b0 100644 --- a/public/index.html +++ b/public/index.html @@ -277,14 +277,24 @@ diff --git a/public/js/folderManager.js b/public/js/folderManager.js index a1d356a..383694a 100644 --- a/public/js/folderManager.js +++ b/public/js/folderManager.js @@ -1,4 +1,6 @@ -// folderManager.js +// public/js/folderManager.js +// Lazy folder tree with persisted expansion, root DnD, color-carry on moves, and state migration. +// Smart initial selection: if the default folder isn't viewable, pick the first accessible folder (BFS). import { loadFileList } from './fileListView.js?v={{APP_QVER}}'; import { showToast, escapeHTML, attachEnterKeyListener } from './domUtils.js?v={{APP_QVER}}'; @@ -7,21 +9,18 @@ import { openFolderShareModal } from './folderShareModal.js?v={{APP_QVER}}'; import { fetchWithCsrf } from './auth.js?v={{APP_QVER}}'; import { loadCsrfToken } from './appCore.js?v={{APP_QVER}}'; + +const PAGE_LIMIT = 100; + /* ---------------------- Helpers: safe JSON + state ----------------------*/ - -// Robust JSON reader that surfaces server errors (with status) async function safeJson(res) { const text = await res.text(); let body = null; try { body = text ? JSON.parse(text) : null; } catch { /* ignore */ } - if (!res.ok) { - const msg = - (body && (body.error || body.message)) || - (text && text.trim()) || - `HTTP ${res.status}`; + const msg = (body && (body.error || body.message)) || (text && text.trim()) || `HTTP ${res.status}`; const err = new Error(msg); err.status = res.status; throw err; @@ -29,70 +28,109 @@ async function safeJson(res) { return body ?? {}; } -/* ---------------------- - Helper Functions (Data/State) -----------------------*/ +function disableAllFolderControls() { + ['createFolderBtn','moveFolderBtn','renameFolderBtn','colorFolderBtn','deleteFolderBtn','shareFolderBtn'] + .forEach(id => setControlEnabled(document.getElementById(id), false)); +} -// Formats a folder name for display (e.g. adding indentations). +function markOptionLocked(optEl, locked) { + if (!optEl) return; + optEl.classList.toggle('locked', !!locked); + + // Disable DnD when locked + if (locked) optEl.removeAttribute('draggable'); + + // Refresh the icon with padlock overlay + const iconEl = optEl.querySelector('.folder-icon'); + if (iconEl) { + const currentKind = iconEl?.dataset?.kind || 'empty'; + iconEl.innerHTML = folderSVG(currentKind, { locked: !!locked }); + } +} + +/* ---------------------- + Simple format + parent helpers (exported for other modules) +----------------------*/ export function formatFolderName(folder) { if (typeof folder !== "string") return ""; if (folder.indexOf("/") !== -1) { const parts = folder.split("/"); let indent = ""; - for (let i = 1; i < parts.length; i++) { - indent += "\u00A0\u00A0\u00A0\u00A0"; // 4 non-breaking spaces per level - } + for (let i = 1; i < parts.length; i++) indent += "\\u00A0\\u00A0\\u00A0\\u00A0"; return indent + parts[parts.length - 1]; - } else { - return folder; } + return folder; } - -// Build a tree structure from a flat array of folder paths. -function buildFolderTree(folders) { - const tree = {}; - folders.forEach(folderPath => { - if (typeof folderPath !== "string") return; - const parts = folderPath.split('/'); - let current = tree; - parts.forEach(part => { - if (!current[part]) current[part] = {}; - current = current[part]; - }); - }); - return tree; -} - -/* ---------------------- - Folder Tree State (Save/Load) -----------------------*/ -function loadFolderTreeState() { - const state = localStorage.getItem("folderTreeState"); - return state ? JSON.parse(state) : {}; -} - -function saveFolderTreeState(state) { - localStorage.setItem("folderTreeState", JSON.stringify(state)); -} -/* ---------------------- - Transient UI guards (click suppression) -----------------------*/ -let _suppressToggleUntil = 0; -function suppressNextToggle(ms = 300) { - _suppressToggleUntil = performance.now() + ms; -} - -// Helper for getting the parent folder. export function getParentFolder(folder) { if (folder === "root") return "root"; const lastSlash = folder.lastIndexOf("/"); return lastSlash === -1 ? "root" : folder.substring(0, lastSlash); } -/* ---------------------- - Breadcrumb Functions - ----------------------*/ +function normalizeItem(it) { + if (it == null) return null; + if (typeof it === 'string') return { name: it, locked: false, hasSubfolders: undefined, nonEmpty: undefined }; + if (typeof it === 'object') { + const nm = String(it.name ?? '').trim(); + if (!nm) return null; + return { + name: nm, + locked: !!it.locked, + hasSubfolders: (typeof it.hasSubfolders === 'boolean') ? it.hasSubfolders : undefined, + nonEmpty: (typeof it.nonEmpty === 'boolean') ? it.nonEmpty : undefined, + }; + } + return null; +} +/* ---------------------- + Folder Tree State (Save/Load) +----------------------*/ +// ---- peekHasFolders helper (chevron truth from listChildren) ---- +if (!window._frPeekCache) window._frPeekCache = new Map(); +function peekHasFolders(folder) { + try { + const cache = window._frPeekCache; + if (cache.has(folder)) return cache.get(folder); + const p = (async () => { + try { + const res = await fetchChildrenOnce(folder); + return !!(Array.isArray(res?.items) && res.items.length > 0) || !!res?.nextCursor; + } catch { return false; } + })(); + cache.set(folder, p); + return p; + } catch { return Promise.resolve(false); } +} +// small helper to clear peek cache for specific folders (or all if none provided) +function clearPeekCache(folders) { + try { + const c = window._frPeekCache; + if (!c) return; + if (!folders || !folders.length) { c.clear(); return; } + folders.forEach(f => c.delete(f)); + } catch {} +} +try { window.peekHasFolders = peekHasFolders; } catch {} +// ---- end peekHasFolders ---- + +function loadFolderTreeState() { + const state = localStorage.getItem("folderTreeState"); + return state ? JSON.parse(state) : {}; +} +function saveFolderTreeState(state) { + localStorage.setItem("folderTreeState", JSON.stringify(state)); +} + +/* ---------------------- + Transient UI guards (click suppression) +----------------------*/ +let _suppressToggleUntil = 0; +function suppressNextToggle(ms = 300) { _suppressToggleUntil = performance.now() + ms; } + +/* ---------------------- + Capability helpers +----------------------*/ function setControlEnabled(el, enabled) { if (!el) return; if ('disabled' in el) el.disabled = !enabled; @@ -101,195 +139,465 @@ function setControlEnabled(el, enabled) { el.style.pointerEvents = enabled ? '' : 'none'; el.style.opacity = enabled ? '' : '0.5'; } - async function applyFolderCapabilities(folder) { - const res = await fetch(`/api/folder/capabilities.php?folder=${encodeURIComponent(folder)}`, { credentials: 'include' }); - if (!res.ok) return; - const caps = await res.json(); - window.currentFolderCaps = caps; - - const isRoot = (folder === 'root'); - - setControlEnabled(document.getElementById('createFolderBtn'), !!caps.canCreate); - setControlEnabled(document.getElementById('moveFolderBtn'), !!caps.canMoveFolder); - setControlEnabled(document.getElementById('renameFolderBtn'), !isRoot && !!caps.canRename); - setControlEnabled(document.getElementById('colorFolderBtn'), !isRoot && !!caps.canRename); - setControlEnabled(document.getElementById('deleteFolderBtn'), !isRoot && !!caps.canDelete); - setControlEnabled(document.getElementById('shareFolderBtn'), !isRoot && !!caps.canShareFolder); + try { + const res = await fetch(`/api/folder/capabilities.php?folder=${encodeURIComponent(folder)}`, { credentials: 'include' }); + if (!res.ok) { disableAllFolderControls(); return; } + const caps = await res.json(); + window.currentFolderCaps = caps; + const isRoot = (folder === 'root'); + setControlEnabled(document.getElementById('createFolderBtn'), !!caps.canCreate); + setControlEnabled(document.getElementById('moveFolderBtn'), !!caps.canMoveFolder); + setControlEnabled(document.getElementById('renameFolderBtn'), !isRoot && !!caps.canRename); + setControlEnabled(document.getElementById('colorFolderBtn'), !isRoot && !!caps.canEdit); + setControlEnabled(document.getElementById('deleteFolderBtn'), !isRoot && !!caps.canDeleteFolder); + setControlEnabled(document.getElementById('shareFolderBtn'), !isRoot && !!caps.canShareFolder); + } catch { + disableAllFolderControls(); + } +} +// returns boolean whether user can view given folder +async function canViewFolder(folder) { + try { + const res = await fetch(`/api/folder/capabilities.php?folder=${encodeURIComponent(folder)}`, { credentials: 'include' }); + if (!res.ok) return false; + const caps = await res.json(); + // prefer explicit flag; otherwise compose from older keys + return !!(caps.canView ?? caps.canRead ?? caps.canReadOwn ?? caps.isAdmin); + } catch { return false; } } -// --- Breadcrumb Delegation Setup --- +/** + * BFS: starting at `startFolder`, find the first folder the user can view. + * - Skips "trash" and "profile_pics" + * - Honors server-side "locked" from listChildren, but still double-checks capabilities + * - Hard limit to avoid endless walks + */ +async function findFirstAccessibleFolder(startFolder = 'root') { + const MAX_VISITS = 3000; + const visited = new Set(); + const q = [startFolder]; + + while (q.length && visited.size < MAX_VISITS) { + const f = q.shift(); + if (!f || visited.has(f)) continue; + visited.add(f); + + // Check viewability + if (await canViewFolder(f)) return f; + + // Enqueue children for BFS + try { + const payload = await fetchChildrenOnce(f); + const items = (payload?.items || []); + for (const it of items) { + const name = (typeof it === 'string') ? it : (it && it.name); + if (!name) continue; + const lower = String(name).toLowerCase(); + if (lower === 'trash' || lower === 'profile_pics') continue; + const child = (f === 'root') ? name : `${f}/${name}`; + if (!visited.has(child)) q.push(child); + } + // If there are more pages, we only need one page to keep BFS order lightweight + } catch { /* ignore and continue */ } + } + return null; // none found +} +function showNoAccessEmptyState() { + const host = + document.getElementById('fileListContainer') || + document.getElementById('fileList') || + document.querySelector('.file-list-container'); + + if (!host) return; + + // Clear whatever was there (e.g., “No Files Found”) + host.innerHTML = ` +
    + ${t('no_access') || 'You do not have access to this resource.'} +
    + `; +} +/* ---------------------- + Breadcrumb +----------------------*/ +function renderBreadcrumbFragment(folderPath) { + const frag = document.createDocumentFragment(); + const path = (typeof folderPath === 'string' && folderPath.length) ? folderPath : 'root'; + const crumbs = path.split('/').filter(Boolean); + let acc = ''; + for (let i = 0; i < crumbs.length; i++) { + const part = crumbs[i]; + acc = (i === 0) ? part : (acc + '/' + part); + const span = document.createElement('span'); + span.className = 'breadcrumb-link'; + span.dataset.folder = acc; + span.textContent = part; + frag.appendChild(span); + if (i < crumbs.length - 1) { + const sep = document.createElement('span'); + sep.className = 'file-breadcrumb-sep'; + sep.textContent = '›'; + frag.appendChild(sep); + } + } + return frag; +} +export function updateBreadcrumbTitle(folder) { + const titleEl = document.getElementById("fileListTitle"); + if (!titleEl) return; + titleEl.textContent = ""; + titleEl.appendChild(document.createTextNode(t("files_in") + " (")); + titleEl.appendChild(renderBreadcrumbFragment(folder)); + titleEl.appendChild(document.createTextNode(")")); + setupBreadcrumbDelegation(); + bindFolderManagerContextMenu(); +} export function setupBreadcrumbDelegation() { const container = document.getElementById("fileListTitle"); - if (!container) { - console.error("Breadcrumb container (fileListTitle) not found."); - return; - } - // Remove any existing event listeners to avoid duplicates. + if (!container) return; container.removeEventListener("click", breadcrumbClickHandler); container.removeEventListener("dragover", breadcrumbDragOverHandler); container.removeEventListener("dragleave", breadcrumbDragLeaveHandler); container.removeEventListener("drop", breadcrumbDropHandler); - - // Attach delegated listeners container.addEventListener("click", breadcrumbClickHandler); container.addEventListener("dragover", breadcrumbDragOverHandler); container.addEventListener("dragleave", breadcrumbDragLeaveHandler); container.addEventListener("drop", breadcrumbDropHandler); } - -// Click handler via delegation -function breadcrumbClickHandler(e) { +async function breadcrumbClickHandler(e) { const link = e.target.closest(".breadcrumb-link"); if (!link) return; - e.stopPropagation(); e.preventDefault(); - const folder = link.dataset.folder; - window.currentFolder = folder; - localStorage.setItem("lastOpenedFolder", folder); - - updateBreadcrumbTitle(folder); - applyFolderCapabilities(folder); - expandTreePath(folder, { persist: false, includeLeaf: false }); - document.querySelectorAll(".folder-option").forEach(el => el.classList.remove("selected")); - const target = document.querySelector(`.folder-option[data-folder="${folder}"]`); - if (target) target.classList.add("selected"); - applyFolderCapabilities(window.currentFolder); - - loadFileList(folder); + await selectFolder(folder); // will toast + bail if not allowed } - -// Dragover handler via delegation function breadcrumbDragOverHandler(e) { const link = e.target.closest(".breadcrumb-link"); if (!link) return; e.preventDefault(); link.classList.add("drop-hover"); } - -// Dragleave handler via delegation function breadcrumbDragLeaveHandler(e) { const link = e.target.closest(".breadcrumb-link"); if (!link) return; link.classList.remove("drop-hover"); } - -// Drop handler via delegation function breadcrumbDropHandler(e) { const link = e.target.closest(".breadcrumb-link"); if (!link) return; e.preventDefault(); link.classList.remove("drop-hover"); const dropFolder = link.getAttribute("data-folder"); + handleDropOnFolder(e, dropFolder); +} - let dragData; +/* ---------------------- + Folder-only scope (server truthy) +----------------------*/ +async function checkUserFolderPermission() { + const username = localStorage.getItem("username") || ""; try { - dragData = JSON.parse(e.dataTransfer.getData("application/json")); - } catch (_) { /* noop */ } + const res = await fetchWithCsrf("/api/getUserPermissions.php", { + method: "GET", + credentials: "include" + }); + const permissionsData = await safeJson(res); + const isFolderOnly = + !!(permissionsData && permissionsData[username] && permissionsData[username].folderOnly); + window.userFolderOnly = isFolderOnly; + localStorage.setItem("folderOnly", isFolderOnly ? "true" : "false"); + if (isFolderOnly && username) { + localStorage.setItem("lastOpenedFolder", username); + window.currentFolder = username; + } + return isFolderOnly; + } catch { + window.userFolderOnly = false; + localStorage.setItem("folderOnly", "false"); + return false; + } +} - // FOLDER MOVE FALLBACK (folder->folder) - if (!dragData) { - const plain = (e.dataTransfer && e.dataTransfer.getData("application/x-filerise-folder")) || - (e.dataTransfer && e.dataTransfer.getData("text/plain")) || ""; - const sourceFolder = String(plain || "").trim(); - if (!sourceFolder || sourceFolder === "root") return; +/* ---------------------- + Local state and caches +----------------------*/ +const _folderCountCache = new Map(); // folderPath -> {folders, files} +const _inflightCounts = new Map(); // folderPath -> Promise +const _nonEmptyCache = new Map(); // folderPath -> bool +const _childCache = new Map(); // folderPath -> {items, nextCursor} - if (dropFolder === sourceFolder || (dropFolder + "/").startsWith(sourceFolder + "/")) { - showToast("Invalid destination.", 4000); - return; +// --- Capability cache so we don't spam /capabilities.php +const _capViewCache = new Map(); +async function canViewFolderCached(folder) { + if (_capViewCache.has(folder)) return _capViewCache.get(folder); + const p = canViewFolder(folder).then(Boolean).catch(() => false); + _capViewCache.set(folder, p); + return p; +} + +// Returns true if `folder` has any *unlocked* descendant within maxDepth. +// Uses listChildren’s locked flag; depth defaults to 2 (fast). +async function hasUnlockedDescendant(folder, maxDepth = 2) { + try { + if (maxDepth <= 0) return false; + const { items = [] } = await fetchChildrenOnce(folder); + // Any direct unlocked child? + for (const it of items) { + const name = typeof it === 'string' ? it : it?.name; + const locked = typeof it === 'object' ? !!it.locked : false; + if (!name) continue; + if (!locked) return true; // found an unlocked child + } + // Otherwise, go one level deeper (light, bounded) + if (maxDepth > 1) { + for (const it of items) { + const name = typeof it === 'string' ? it : it?.name; + if (!name) continue; + const child = folder === 'root' ? name : `${folder}/${name}`; + // Skip known non-folders, but listChildren only returns dirs for us + if (await hasUnlockedDescendant(child, maxDepth - 1)) return true; + } + } + } catch {} + return false; +} + +async function chooseInitialFolder(effectiveRoot, selectedFolder) { + // 1) explicit selection + if (selectedFolder && await canViewFolderCached(selectedFolder)) return selectedFolder; + + // 2) sticky lastOpenedFolder + const last = localStorage.getItem("lastOpenedFolder"); + if (last && await canViewFolderCached(last)) return last; + + // 3) NEW: if root itself is viewable, prefer (Root) + if (await canViewFolderCached(effectiveRoot)) return effectiveRoot; + + // 4) first TOP-LEVEL child that’s directly viewable + try { + const { items = [] } = await fetchChildrenOnce(effectiveRoot); + const topNames = items.map(it => (typeof it === 'string' ? it : it?.name)).filter(Boolean); + + for (const name of topNames) { + const child = effectiveRoot === 'root' ? name : `${effectiveRoot}/${name}`; + if (await canViewFolderCached(child)) return child; } - fetchWithCsrf("/api/folder/moveFolder.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - credentials: "include", - body: JSON.stringify({ source: sourceFolder, destination: dropFolder }) - }) - .then(safeJson) - .then(data => { - if (data && !data.error) { - showToast(`Folder moved to ${dropFolder}!`); - // Make icons reflect new emptiness without reload -refreshFolderIcon(dragData.sourceFolder); -refreshFolderIcon(dropFolder); + // 5) first TOP-LEVEL child with any viewable descendant + for (const name of topNames) { + const child = effectiveRoot === 'root' ? name : `${effectiveRoot}/${name}`; + if (await hasUnlockedDescendant(child, 2)) return child; + } + } catch {} - if (window.currentFolder && - (window.currentFolder === sourceFolder || window.currentFolder.startsWith(sourceFolder + "/"))) { - const base = sourceFolder.split("/").pop(); - const newPath = (dropFolder === "root" ? "" : dropFolder + "/") + base; - - // carry color without await - const oldColor = window.folderColorMap[sourceFolder]; - if (oldColor) { - saveFolderColor(newPath, oldColor) - .then(() => saveFolderColor(sourceFolder, '')) - .catch(() => { }); - } - - window.currentFolder = newPath; - } - - return loadFolderTree().then(() => { - try { expandTreePath(window.currentFolder || "root", { persist: false, includeLeaf: false }); } catch (_) { } - loadFileList(window.currentFolder || "root"); - }); - } else { - showToast("Error: " + (data && data.error || "Could not move folder"), 5000); - } - }) - .catch(err => { - console.error("Error moving folder:", err); - showToast("Error moving folder", 5000); - }); - - return; - } - - // File(s) drop path (unchanged) - const filesToMove = dragData.files ? dragData.files : (dragData.fileName ? [dragData.fileName] : []); - if (filesToMove.length === 0) return; - - fetchWithCsrf("/api/file/moveFiles.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - credentials: "include", - body: JSON.stringify({ - source: dragData.sourceFolder, - files: filesToMove, - destination: dropFolder - }) - }) - .then(safeJson) - .then(data => { - if (data.success) { - showToast(`File(s) moved successfully to ${dropFolder}!`); - loadFileList(dragData.sourceFolder); - refreshFolderIcon(dragData.sourceFolder); - refreshFolderIcon(dropFolder); - } else { - showToast("Error moving files: " + (data.error || "Unknown error")); - } - }) - .catch(error => { - console.error("Error moving files via drop on breadcrumb:", error); - showToast("Error moving files."); - }); + // 6) fallback: BFS + return await findFirstAccessibleFolder(effectiveRoot); } -// ---- Folder Colors (state + helpers) ---- -window.folderColorMap = {}; // { "path": "#RRGGBB", ... } +function fetchJSONWithTimeout(url, ms = 3000) { + const ctrl = new AbortController(); + const tid = setTimeout(() => ctrl.abort(), ms); + return fetch(url, { credentials: 'include', signal: ctrl.signal }) + .then(r => r.ok ? r.json() : { folders: 0, files: 0 }) + .catch(() => ({ folders: 0, files: 0 })) + .finally(() => clearTimeout(tid)); +} +const MAX_CONCURRENT_COUNT_REQS = 6; +let _activeCountReqs = 0; +const _countReqQueue = []; +function _runCount(url) { + return new Promise(resolve => { + const start = () => { + _activeCountReqs++; + fetchJSONWithTimeout(url, 2500) + .then(resolve) + .finally(() => { + _activeCountReqs--; + const next = _countReqQueue.shift(); + if (next) next(); + }); + }; + if (_activeCountReqs < MAX_CONCURRENT_COUNT_REQS) start(); + else _countReqQueue.push(start); + }); +} +async function fetchFolderCounts(folder) { + if (_folderCountCache.has(folder)) return _folderCountCache.get(folder); + if (_inflightCounts.has(folder)) return _inflightCounts.get(folder); + const url = `/api/folder/isEmpty.php?folder=${encodeURIComponent(folder)}&t=${Date.now()}`; + const p = _runCount(url).then(data => { + const result = { folders: Number(data?.folders || 0), files: Number(data?.files || 0) }; + _folderCountCache.set(folder, result); + _inflightCounts.delete(folder); + return result; + }); + _inflightCounts.set(folder, p); + return p; +} +function invalidateFolderCaches(folder) { + if (!folder) return; + _folderCountCache.delete(folder); + _nonEmptyCache.delete(folder); + _inflightCounts.delete(folder); + _childCache.delete(folder); +} -async function loadFolderColors() { +// Expand root -> ... -> parent chain for a target folder and persist that state +async function expandAncestors(targetFolder) { try { - const r = await fetch('/api/folder/getFolderColors.php', { credentials: 'include' }); - if (!r.ok) return (window.folderColorMap = {}); - window.folderColorMap = await r.json() || {}; - } catch { window.folderColorMap = {}; } + // Always expand root first + if (!targetFolder || targetFolder === 'root') return; + + // (rest of the function unchanged) + const st = loadFolderTreeState(); + st['root'] = 'block'; + saveFolderTreeState(st); + const rootUl = getULForFolder('root'); + if (rootUl) { + rootUl.classList.add('expanded'); rootUl.classList.remove('collapsed'); + const rr = document.getElementById('rootRow'); + if (rr) rr.setAttribute('aria-expanded', 'true'); + await ensureChildrenLoaded('root', rootUl); + } + + const parts = String(targetFolder || '').split('/').filter(Boolean); + // we only need to expand up to the parent of the leaf + const parents = parts.slice(0, -1); + let acc = ''; + const newState = loadFolderTreeState(); + for (let i = 0; i < parents.length; i++) { + acc = (i === 0) ? parents[0] : `${acc}/${parents[i]}`; + const ul = getULForFolder(acc); + if (!ul) continue; + ul.classList.add('expanded'); ul.classList.remove('collapsed'); + const li = document.querySelector(`.folder-option[data-folder="${CSS.escape(acc)}"]`)?.closest('li[role="treeitem"]'); + if (li) li.setAttribute('aria-expanded', 'true'); + newState[acc] = 'block'; + await ensureChildrenLoaded(acc, ul); + } + saveFolderTreeState(newState); + } catch {} } -// tiny color utils +/* ---------------------- + SVG icon helpers +----------------------*/ +export function folderSVG(kind = 'empty', { locked = false } = {}) { + const gid = 'g' + Math.random().toString(36).slice(2, 8); + return ` +`; +} +function setFolderIconForOption(optEl, kind) { + const iconEl = optEl.querySelector('.folder-icon'); + if (!iconEl) return; + const isLocked = optEl.classList.contains('locked'); + iconEl.dataset.kind = kind; + iconEl.innerHTML = folderSVG(kind, { locked: isLocked }); +} +export function refreshFolderIcon(folder) { + invalidateFolderCaches(folder); + ensureFolderIcon(folder); +} +function ensureFolderIcon(folder) { + const opt = document.querySelector(`.folder-option[data-folder="${CSS.escape(folder)}"]`); + if (!opt) return; + + setFolderIconForOption(opt, 'empty'); + + Promise.all([ + fetchFolderCounts(folder).catch(() => ({ folders: 0, files: 0 })), + peekHasFolders(folder).catch(() => false) + ]).then(([cnt, hasKids]) => { + const folders = Number(cnt?.folders || 0); + const files = Number(cnt?.files || 0); + const hasAny = (folders + files) > 0; + + setFolderIconForOption(opt, hasAny ? 'paper' : 'empty'); + updateToggleForOption(folder, !!hasKids || folders > 0); + }).catch(() => {}); +} + +/* ---------------------- + Toggle (chevron) helper +----------------------*/ +function updateToggleForOption(folder, hasChildren) { + const opt = document.querySelector(`.folder-option[data-folder="${CSS.escape(folder)}"]`); + if (!opt) return; + const row = opt.closest('.folder-row'); + if (!row) return; + + let btn = row.querySelector('button.folder-toggle'); + let spacer = row.querySelector('.folder-spacer'); + + if (hasChildren) { + if (!btn) { + btn = document.createElement('button'); + btn.type = 'button'; + btn.className = 'folder-toggle'; + btn.setAttribute('data-folder', folder); + btn.setAttribute('aria-label', 'Expand'); + if (spacer) spacer.replaceWith(btn); + else row.insertBefore(btn, opt); + } + } else { + if (btn) { + const newSpacer = document.createElement('span'); + newSpacer.className = 'folder-spacer'; + newSpacer.setAttribute('aria-hidden', 'true'); + btn.replaceWith(newSpacer); + } else if (!spacer) { + spacer = document.createElement('span'); + spacer.className = 'folder-spacer'; + spacer.setAttribute('aria-hidden', 'true'); + row.insertBefore(spacer, opt); + } + } +} + +/* ---------------------- + Colors +----------------------*/ +window.folderColorMap = window.folderColorMap || {}; function hexToHsl(hex) { hex = hex.replace('#', ''); if (hex.length === 3) hex = hex.split('').map(c => c + c).join(''); @@ -320,10 +628,10 @@ function hslToHex(h, s, l) { }; return '#' + f(0) + f(8) + f(4); } -function lighten(hex, amt = 12) { +function lighten(hex, amt = 14) { const { h, s, l } = hexToHsl(hex); return hslToHex(h, s, Math.min(100, l + amt)); } -function darken(hex, amt = 18) { +function darken(hex, amt = 22) { const { h, s, l } = hexToHsl(hex); return hslToHex(h, s, Math.max(0, l - amt)); } @@ -343,8 +651,8 @@ function applyFolderColorToOption(folder, hex) { } const front = hex; // main - const back = lighten(hex, 14); // body (slightly lighter) - const stroke = darken(hex, 22); // outline + const back = lighten(hex, 14); // body (slightly lighter) + const stroke = darken(hex, 22); // outline el.style.setProperty('--filr-folder-front', front); el.style.setProperty('--filr-folder-back', back); @@ -367,17 +675,190 @@ async function saveFolderColor(folder, colorHexOrEmpty) { if (!res.ok || data.error) throw new Error(data.error || `HTTP ${res.status}`); // update local map & apply if (data.color) window.folderColorMap[folder] = data.color; -else delete window.folderColorMap[folder]; -applyFolderColorToOption(folder, data.color || ''); + else delete window.folderColorMap[folder]; + applyFolderColorToOption(folder, data.color || ''); -// notify other views (fileListView's strip) -window.dispatchEvent(new CustomEvent('folderColorChanged', { - detail: { folder, color: data.color || '' } -})); + // notify other views (fileListView's strip) + window.dispatchEvent(new CustomEvent('folderColorChanged', { + detail: { folder, color: data.color || '' } + })); -return data; + return data; } +async function loadFolderColors() { + try { + const r = await fetch('/api/folder/getFolderColors.php', { credentials: 'include' }); + if (!r.ok) { window.folderColorMap = {}; return; } + window.folderColorMap = await r.json() || {}; + } catch { window.folderColorMap = {}; } +} + +/* ---------------------- + Expansion state migration on move/rename +----------------------*/ +function migrateExpansionStateOnMove(sourceFolder, newPath, ensureOpenParents = []) { + const st = loadFolderTreeState(); + const keys = Object.keys(st); + const next = { ...st }; + let changed = false; + + for (const k of keys) { + if (k === sourceFolder || k.startsWith(sourceFolder + '/')) { + const suffix = k.slice(sourceFolder.length); + delete next[k]; + next[newPath + suffix] = st[k]; // carry same 'block'/'none' + changed = true; + } + } + // keep destination parents open to show the moved node + ensureOpenParents.forEach(p => { if (p) next[p] = 'block'; }); + + if (changed || ensureOpenParents.length) saveFolderTreeState(next); +} + +/* ---------------------- + Fetch children (lazy) +----------------------*/ +async function fetchChildrenOnce(folder) { + if (_childCache.has(folder)) return _childCache.get(folder); + const qs = new URLSearchParams({ folder }); + qs.set('limit', String(PAGE_LIMIT)); + const res = await fetch(`/api/folder/listChildren.php?${qs.toString()}`, { method: 'GET', credentials: 'include' }); + const body = await safeJson(res); + + const raw = Array.isArray(body.items) ? body.items : []; + const items = raw + .map(normalizeItem) + .filter(Boolean) + .filter(it => { + const s = it.name.toLowerCase(); + return s !== 'trash' && s !== 'profile_pics'; + }); + + const payload = { items, nextCursor: body.nextCursor ?? null }; + _childCache.set(folder, payload); + return payload; +} +async function loadMoreChildren(folder, ulEl, moreLi) { + const cached = _childCache.get(folder); + const cursor = cached?.nextCursor || null; + + const qs = new URLSearchParams({ folder }); + if (cursor) qs.set('cursor', cursor); + qs.set('limit', String(PAGE_LIMIT)); + + const res = await fetch(`/api/folder/listChildren.php?${qs.toString()}`, { method: 'GET', credentials: 'include' }); + const body = await safeJson(res); + + const raw = Array.isArray(body.items) ? body.items : []; + const newItems = raw + .map(normalizeItem) + .filter(Boolean) + .filter(it => { + const s = it.name.toLowerCase(); + return s !== 'trash' && s !== 'profile_pics'; + }); + + const nextCursor = body.nextCursor ?? null; + + newItems.forEach(it => { + const li = makeChildLi(folder, it); + ulEl.insertBefore(li, moreLi); + const full = (folder === 'root') ? it.name : `${folder}/${it.name}`; + try { applyFolderColorToOption(full, (window.folderColorMap||{})[full] || ''); } catch {} + ensureFolderIcon(full); + }); + + const merged = (cached?.items || []).concat(newItems); + if (nextCursor) _childCache.set(folder, { items: merged, nextCursor }); + else { + moreLi.remove(); + _childCache.set(folder, { items: merged, nextCursor: null }); + } + + primeChildToggles(ulEl); + const hasKids = !!ulEl.querySelector(':scope > li.folder-item'); + updateToggleForOption(folder, hasKids); +} +async function ensureChildrenLoaded(folder, ulEl) { + const cached = _childCache.get(folder); + let items, nextCursor; + if (cached) { items = cached.items; nextCursor = cached.nextCursor; } + else { + const res = await fetchChildrenOnce(folder); + items = res.items; nextCursor = res.nextCursor; _childCache.set(folder, { items, nextCursor }); + } + + if (!ulEl._renderedOnce) { + items.forEach(it => { + const li = makeChildLi(folder, it); + ulEl.appendChild(li); + const full = (folder === 'root') ? it.name : `${folder}/${it.name}`; + try { applyFolderColorToOption(full, (window.folderColorMap||{})[full] || ''); } catch {} + ensureFolderIcon(full); + }); + ulEl._renderedOnce = true; + } + + let moreLi = ulEl.querySelector('.load-more'); + if (nextCursor && !moreLi) { + moreLi = document.createElement('li'); + moreLi.className = 'load-more'; + moreLi.innerHTML = ``; + moreLi.querySelector('button')?.addEventListener('click', async (e) => { + const btn = e.currentTarget; + const prev = btn.textContent; + btn.disabled = true; + btn.setAttribute('aria-busy', 'true'); + btn.textContent = (t('loading') || 'Loading…'); + try { + await loadMoreChildren(folder, ulEl, moreLi); + } finally { + // If moreLi still exists (not removed because we reached the end), restore + if (document.body.contains(moreLi)) { + btn.disabled = false; + btn.removeAttribute('aria-busy'); + btn.textContent = (t('load_more') || 'Load more'); + } + } + }); + ulEl.appendChild(moreLi); + } else if (!nextCursor && moreLi) { + moreLi.remove(); + } + + + primeChildToggles(ulEl); + const hasKidsNow = !!ulEl.querySelector(':scope > li.folder-item'); + updateToggleForOption(folder, hasKidsNow); + peekHasFolders(folder).then(h => { try { updateToggleForOption(folder, !!h); } catch {} }); +} + +/* ---------------------- + Prime icons/chevrons for a UL +----------------------*/ +function primeChildToggles(ulEl) { + ulEl.querySelectorAll('.folder-option[data-folder]').forEach(opt => { + const f = opt.dataset.folder; + try { setFolderIconForOption(opt, 'empty'); } catch {} + + Promise.all([ + fetchFolderCounts(f).catch(() => ({ folders: 0, files: 0 })), + peekHasFolders(f).catch(() => false) + ]).then(([cnt, hasKids]) => { + const folders = Number(cnt?.folders || 0); + const files = Number(cnt?.files || 0); + const hasAny = (folders + files) > 0; + + try { setFolderIconForOption(opt, hasAny ? 'paper' : 'empty'); } catch {} + // IMPORTANT: chevron is true if EITHER we have subfolders (peek) OR counts say so + try { updateToggleForOption(f, !!hasKids || folders > 0); } catch {} + }); + }); +} + + export function openColorFolderModal(folder) { const existing = window.folderColorMap[folder] || ''; const defaultHex = existing || '#f6b84e'; @@ -394,11 +875,12 @@ export function openColorFolderModal(folder) { margin-top:12px; padding:10px 12px; border-radius:12px; border:1px solid var(--border-color, #ddd); background: var(--bg, transparent); + flex-wrap: wrap; } body.dark-mode #colorFolderModal .folder-preview { --border-color:#444; --bg: rgba(255,255,255,.02); } - #colorFolderModal .folder-preview .folder-icon { width:56px; height:56px; display:inline-block } + #colorFolderModal .folder-preview .folder-icon { width:56px; height:56px; display:inline-block; flex: 0 0 56px; } #colorFolderModal .folder-preview svg { width:56px; height:56px; display:block } /* Use the same variable names you already apply on folder rows */ #colorFolderModal .folder-preview .folder-back { fill:var(--filr-folder-back, #f0d084) } @@ -407,7 +889,15 @@ export function openColorFolderModal(folder) { #colorFolderModal .folder-preview .paper { fill:#fff; stroke:#d0d0d0; stroke-width:.6 } #colorFolderModal .folder-preview .paper-fold { fill:#ececec } #colorFolderModal .folder-preview .paper-line { stroke:#c8c8c8; stroke-width:.8 } - #colorFolderModal .folder-preview .label { font-weight:600; user-select:none } + #colorFolderModal .folder-preview .label { + font-weight:600; user-select:none; + max-width: calc(100% - 70px); + white-space: normal; + overflow-wrap: anywhere; + word-break: break-word; + line-height: 1.25; + font-size: clamp(12px, 2.4vw, 16px); + } /* High-contrast ghost button just for this modal */ #colorFolderModal .btn-ghost { @@ -431,8 +921,8 @@ export function openColorFolderModal(folder) { } -
    -

    ${t('color_folder')}: ${escapeHTML(folder)}

    +
    +

    ${t('color_folder')}: ${escapeHTML(folder)}

    ×
    @@ -507,406 +997,183 @@ export function openColorFolderModal(folder) { } }); } - /* ---------------------- - Check Current User's Folder-Only Permission + DOM builders & DnD ----------------------*/ -// Authoritatively determine from the server; still write to localStorage for UI, -// but ignore any preexisting localStorage override for security. -async function checkUserFolderPermission() { - const username = localStorage.getItem("username") || ""; - try { - const res = await fetchWithCsrf("/api/getUserPermissions.php", { - method: "GET", - credentials: "include" +function makeChildLi(parentPath, item) { + const it = normalizeItem(item); + if (!it) return document.createElement('li'); + const { name, locked } = it; + + const fullPath = parentPath === 'root' ? name : `${parentPath}/${name}`; + const li = document.createElement('li'); + li.className = 'folder-item'; + li.setAttribute('role', 'treeitem'); + li.setAttribute('aria-expanded', 'false'); + + const optClass = 'folder-option' + (locked ? ' locked' : ''); + li.innerHTML = ` +
    + + + + ${escapeHTML(name)} + +
    + + `; + + const opt = li.querySelector('.folder-option'); + const ul = li.querySelector(':scope > ul.folder-tree'); + + // If server told us about subfolders or non-empty, apply immediately +if (typeof item.hasSubfolders === 'boolean') { + updateToggleForOption(fullPath, item.hasSubfolders); + // Also stash on DOM so primeChildToggles can see it without refetch + opt.dataset.hasSubs = item.hasSubfolders ? '1' : '0'; +} +if (typeof item.nonEmpty === 'boolean') { + setFolderIconForOption(opt, item.nonEmpty ? 'paper' : 'empty'); + opt.dataset.nonEmpty = item.nonEmpty ? '1' : '0'; +} + + if (!locked) { + opt.addEventListener('dragstart', (ev) => { + try { ev.dataTransfer.setData("application/x-filerise-folder", fullPath); } catch {} + try { ev.dataTransfer.setData("text/plain", fullPath); } catch {} + ev.dataTransfer.effectAllowed = "move"; + }); + opt.addEventListener("dragover", folderDragOverHandler); + opt.addEventListener("dragleave", folderDragLeaveHandler); + opt.addEventListener("drop", (e) => handleDropOnFolder(e, fullPath)); + opt.addEventListener("click", () => selectFolder(fullPath)); + } else { + opt.addEventListener('click', async (e) => { + e.preventDefault(); e.stopPropagation(); + if (!ul) return; + const willExpand = !ul.classList.contains('expanded'); + ul.classList.toggle('expanded', willExpand); + ul.classList.toggle('collapsed', !willExpand); + li.setAttribute('aria-expanded', String(willExpand)); + const st = loadFolderTreeState(); st[fullPath] = willExpand ? 'block' : 'none'; saveFolderTreeState(st); + if (willExpand) await ensureChildrenLoaded(fullPath, ul); }); - const permissionsData = await safeJson(res); - - const isFolderOnly = - !!(permissionsData && - permissionsData[username] && - permissionsData[username].folderOnly); - - window.userFolderOnly = isFolderOnly; - localStorage.setItem("folderOnly", isFolderOnly ? "true" : "false"); - - if (isFolderOnly && username) { - localStorage.setItem("lastOpenedFolder", username); - window.currentFolder = username; - } - return isFolderOnly; - } catch (err) { - console.error("Error fetching user permissions:", err); - window.userFolderOnly = false; - localStorage.setItem("folderOnly", "false"); - return false; - } -} - -// Invalidate client-side folder "non-empty" caches -function invalidateFolderCaches(folder) { - if (!folder) return; - _folderCountCache.delete(folder); - _nonEmptyCache.delete(folder); - _inflightCounts.delete(folder); -} - -// Public: force a fresh count + icon for a folder row -export function refreshFolderIcon(folder) { - invalidateFolderCaches(folder); - ensureFolderIcon(folder); -} - -// ---------------- SVG icons + icon helpers ---------------- -const _nonEmptyCache = new Map(); - -/** Return inline SVG string for either an empty folder or folder-with-paper */ -/* ---------------------- - Folder icon (SVG + fetch + cache) -----------------------*/ - -// shared by folder tree + folder strip -export function folderSVG(kind = 'empty') { - const gid = 'g' + Math.random().toString(36).slice(2, 8); - - // tweak these - const PAPER_SHIFT_Y = -1.2; // move paper up (negative = up) - const INK_SHIFT_Y = -0.8; // extra lift for the blue lines - - return ` -`; -} - -const _folderCountCache = new Map(); -const _inflightCounts = new Map(); - -// --- tiny fetch helper with timeout -function fetchJSONWithTimeout(url, ms = 3000) { - const ctrl = new AbortController(); - const tid = setTimeout(() => ctrl.abort(), ms); - return fetch(url, { credentials: 'include', signal: ctrl.signal }) - .then(r => r.ok ? r.json() : { folders: 0, files: 0 }) - .catch(() => ({ folders: 0, files: 0 })) - .finally(() => clearTimeout(tid)); -} - -// --- simple concurrency limiter (prevents 100 simultaneous requests) -const MAX_CONCURRENT_COUNT_REQS = 6; -let _activeCountReqs = 0; -const _countReqQueue = []; - -function _runCount(url) { - return new Promise(resolve => { - const start = () => { - _activeCountReqs++; - fetchJSONWithTimeout(url, 2500) - .then(resolve) - .finally(() => { - _activeCountReqs--; - const next = _countReqQueue.shift(); - if (next) next(); - }); - }; - if (_activeCountReqs < MAX_CONCURRENT_COUNT_REQS) start(); - else _countReqQueue.push(start); - }); -} - -async function fetchFolderCounts(folder) { - if (_folderCountCache.has(folder)) return _folderCountCache.get(folder); - if (_inflightCounts.has(folder)) return _inflightCounts.get(folder); - - // cache-bust query param to avoid any proxy/cdn caching - const url = `/api/folder/isEmpty.php?folder=${encodeURIComponent(folder)}&t=${Date.now()}`; - - const p = _runCount(url).then(data => { - const result = { - folders: Number(data?.folders || 0), - files: Number(data?.files || 0), - }; - _folderCountCache.set(folder, result); - _inflightCounts.delete(folder); - return result; - }); - - _inflightCounts.set(folder, p); - return p; -} - -function setFolderIconForOption(optEl, kind) { - const iconEl = optEl.querySelector('.folder-icon'); - if (!iconEl) return; - iconEl.dataset.kind = kind; - iconEl.innerHTML = folderSVG(kind); -} - -function ensureFolderIcon(folder) { - const opt = document.querySelector(`.folder-option[data-folder="${CSS.escape(folder)}"]`); - if (!opt) return; - // Set a neutral default first so layout is stable - setFolderIconForOption(opt, 'empty'); - - fetchFolderCounts(folder).then(({ folders, files }) => { - setFolderIconForOption(opt, (folders + files) > 0 ? 'paper' : 'empty'); - }); -} -/** Set a folder row’s icon to 'empty' or 'paper' */ -function setFolderIcon(folderPath, kind) { - const iconEl = document.querySelector(`.folder-option[data-folder="${folderPath}"] .folder-icon`); - if (!iconEl) return; - if (iconEl.dataset.icon === kind) return; - iconEl.dataset.icon = kind; - iconEl.innerHTML = folderSVG(kind); -} - -/** Fast local heuristic: mark 'paper' if we can see any subfolders under this LI */ -function markNonEmptyIfHasChildren(folderPath) { - const option = document.querySelector(`.folder-option[data-folder="${folderPath}"]`); - if (!option) return false; - const li = option.closest('li[role="treeitem"]'); - const childUL = li ? li.querySelector(':scope > ul') : null; - const hasChildNodes = !!(childUL && childUL.querySelector('li')); - if (hasChildNodes) { setFolderIcon(folderPath, 'paper'); _nonEmptyCache.set(folderPath, true); } - return hasChildNodes; -} - -/** ACL-aware check for files: call a tiny stats endpoint (see part C) */ -async function fetchFolderNonEmptyACL(folderPath) { - if (_nonEmptyCache.has(folderPath)) return _nonEmptyCache.get(folderPath); - const { folders, files } = await fetchFolderCounts(folderPath); - const nonEmpty = (folders + files) > 0; - _nonEmptyCache.set(folderPath, nonEmpty); - return nonEmpty; -} - - -/* ---------------------- - DOM Building Functions for Folder Tree -----------------------*/ -function renderFolderTree(tree, parentPath = "", defaultDisplay = "block") { - const state = loadFolderTreeState(); - let html = ``; - return html; + return li; } - -function expandTreePath(path, opts = {}) { - const { force = false, persist = false, includeLeaf = false } = opts; - const state = loadFolderTreeState(); - const parts = (path || '').split('/').filter(Boolean); - let cumulative = ''; - - const lastIndex = includeLeaf ? parts.length - 1 : Math.max(0, parts.length - 2); - - parts.forEach((part, i) => { - cumulative = i === 0 ? part : `${cumulative}/${part}`; - if (i > lastIndex) return; // skip leaf unless asked - - const option = document.querySelector(`.folder-option[data-folder="${CSS.escape(cumulative)}"]`); - if (!option) return; - - const li = option.closest('li[role="treeitem"]'); - const nestedUl = li ? li.querySelector(':scope > ul') : null; - if (!nestedUl) return; - - const shouldExpand = force || state[cumulative] === 'block'; - nestedUl.classList.toggle('expanded', shouldExpand); - nestedUl.classList.toggle('collapsed', !shouldExpand); - li.setAttribute('aria-expanded', String(!!shouldExpand)); - - if (persist && shouldExpand) { - state[cumulative] = 'block'; - } - }); - - if (persist) saveFolderTreeState(state); -} - +function folderDragOverHandler(event) { event.preventDefault(); event.currentTarget.classList.add("drop-hover"); } +function folderDragLeaveHandler(event) { event.currentTarget.classList.remove("drop-hover"); } /* ---------------------- - Drag & Drop Support for Folder Tree Nodes + Color-carry helper (fix #2) ----------------------*/ -function folderDragOverHandler(event) { - event.preventDefault(); - event.currentTarget.classList.add("drop-hover"); +async function carryFolderColor(sourceFolder, newPath) { + const oldColor = window.folderColorMap[sourceFolder]; + if (!oldColor) return; + try { + await saveFolderColor(newPath, oldColor); + await saveFolderColor(sourceFolder, ''); + } catch {} } -function folderDragLeaveHandler(event) { - event.currentTarget.classList.remove("drop-hover"); -} - -function folderDropHandler(event) { +/* ---------------------- + Handle drop (files or folders) +----------------------*/ +function handleDropOnFolder(event, dropFolder) { event.preventDefault(); - event.currentTarget.classList.remove("drop-hover"); - const dropFolder = event.currentTarget.getAttribute("data-folder"); + event.currentTarget?.classList?.remove("drop-hover"); let dragData = null; try { const jsonStr = event.dataTransfer.getData("application/json") || ""; if (jsonStr) dragData = JSON.parse(jsonStr); - } catch (e) { - console.error("Invalid drag data", e); - return; - } + } catch { /* noop */ } - // FOLDER MOVE FALLBACK (folder->folder) + // FOLDER->FOLDER move fallback if (!dragData) { const plain = (event.dataTransfer && event.dataTransfer.getData("application/x-filerise-folder")) || (event.dataTransfer && event.dataTransfer.getData("text/plain")) || ""; const sourceFolder = String(plain || "").trim(); if (!sourceFolder || sourceFolder === "root") return; - if (dropFolder === sourceFolder || (dropFolder + "/").startsWith(sourceFolder + "/")) { - showToast("Invalid destination.", 4000); - return; + showToast("Invalid destination.", 4000); return; } + // snapshot current expansion state (to re-apply later) + const preState = loadFolderTreeState(); + fetchWithCsrf("/api/folder/moveFolder.php", { method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", body: JSON.stringify({ source: sourceFolder, destination: dropFolder }) - }) - .then(safeJson) - .then(data => { - if (data && !data.error) { - showToast(`Folder moved to ${dropFolder}!`); + }).then(safeJson).then(async (data) => { + if (data && !data.error) { + const base = sourceFolder.split("/").pop(); + const newPath = (dropFolder === "root" ? "" : dropFolder + "/") + base; - if (window.currentFolder && - (window.currentFolder === sourceFolder || window.currentFolder.startsWith(sourceFolder + "/"))) { - const base = sourceFolder.split("/").pop(); - const newPath = (dropFolder === "root" ? "" : dropFolder + "/") + base; + // carry color + await carryFolderColor(sourceFolder, newPath); - // carry color without await - const oldColor = window.folderColorMap[sourceFolder]; - if (oldColor) { - saveFolderColor(newPath, oldColor) - .then(() => saveFolderColor(sourceFolder, '')) - .catch(() => { }); - } + // migrate expansion + keep dest open + migrateExpansionStateOnMove(sourceFolder, newPath, [dropFolder, getParentFolder(dropFolder)]); + // refresh parents (incremental) + const srcParent = getParentFolder(sourceFolder); + const dstParent = dropFolder; + invalidateFolderCaches(srcParent); + invalidateFolderCaches(dstParent); + clearPeekCache([srcParent, dstParent, sourceFolder, newPath]); + + const srcUl = getULForFolder(srcParent); + const dstUl = getULForFolder(dstParent); + if (srcUl) { srcUl._renderedOnce = false; srcUl.innerHTML = ""; await ensureChildrenLoaded(srcParent, srcUl); } + if (dstUl) { dstUl._renderedOnce = false; dstUl.innerHTML = ""; await ensureChildrenLoaded(dstParent, dstUl); } + + // destination now definitely has a child folder → force chevron immediately + updateToggleForOption(dstParent, true); + ensureFolderIcon(dstParent); + + // source may have lost its last child folder → recompute from the live DOM + const _srcUlLive = getULForFolder(srcParent); + updateToggleForOption(srcParent, !!(_srcUlLive && _srcUlLive.querySelector(':scope > li.folder-item'))); + + // re-apply all saved expansions so nothing "closes" + await expandAndLoadSavedState(); + + // update selection/current folder (if you were inside moved subtree) + if (window.currentFolder) { + if (window.currentFolder === sourceFolder) { window.currentFolder = newPath; + } else if (window.currentFolder.startsWith(sourceFolder + "/")) { + const suffix = window.currentFolder.slice(sourceFolder.length); // includes leading '/' + window.currentFolder = newPath + suffix; } - - return loadFolderTree().then(() => { - try { expandTreePath(window.currentFolder || "root", { persist: false, includeLeaf: false }); } catch (_) { } - loadFileList(window.currentFolder || "root"); - }); - } else { - showToast("Error: " + (data && data.error || "Could not move folder"), 5000); + localStorage.setItem("lastOpenedFolder", window.currentFolder); } - }) - .catch(err => { - console.error("Error moving folder:", err); - showToast("Error moving folder", 5000); - }); + // icons + breadcrumb + file list + refreshFolderIcon(srcParent); + refreshFolderIcon(dstParent); + showToast(`Folder moved to ${dropFolder}!`); + updateBreadcrumbTitle(window.currentFolder || newPath); + loadFileList(window.currentFolder || newPath); + + // ensure the moved node is visible & selected + selectFolder(window.currentFolder || newPath); + + } else { + showToast("Error: " + (data && data.error || "Could not move folder"), 5000); + } + }).catch(err => { + console.error("Error moving folder:", err); + showToast("Error moving folder", 5000); + }); return; } - // File(s) drop path (unchanged) + // File(s) move const filesToMove = dragData.files ? dragData.files : (dragData.fileName ? [dragData.fileName] : []); if (filesToMove.length === 0) return; @@ -914,85 +1181,135 @@ function folderDropHandler(event) { method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", - body: JSON.stringify({ - source: dragData.sourceFolder, - files: filesToMove, - destination: dropFolder - }) - }) - .then(safeJson) - .then(data => { - if (data.success) { - showToast(`File(s) moved successfully to ${dropFolder}!`); - loadFileList(dragData.sourceFolder); - refreshFolderIcon(dragData.sourceFolder); - refreshFolderIcon(dropFolder); - } else { - showToast("Error moving files: " + (data.error || "Unknown error")); - } - }) - .catch(error => { - console.error("Error moving files via drop:", error); - showToast("Error moving files."); - }); + body: JSON.stringify({ source: dragData.sourceFolder, files: filesToMove, destination: dropFolder }) + }).then(safeJson).then(data => { + if (data.success) { + showToast(`File(s) moved successfully to ${dropFolder}!`); + refreshFolderIcon(dragData.sourceFolder); + refreshFolderIcon(dropFolder); + loadFileList(dragData.sourceFolder); + } else { + showToast("Error moving files: " + (data.error || "Unknown error")); + } + }).catch(() => showToast("Error moving files.")); } /* ---------------------- - Main Folder Tree Rendering and Event Binding + Selection + helpers ----------------------*/ -// Safe breadcrumb DOM builder -function renderBreadcrumbFragment(folderPath) { - const frag = document.createDocumentFragment(); +function getULForFolder(folder) { + if (folder === 'root') return document.getElementById('rootChildren'); + const opt = document.querySelector(`.folder-option[data-folder="${CSS.escape(folder)}"]`); + const li = opt ? opt.closest('li[role="treeitem"]') : null; + return li ? li.querySelector(':scope > ul.folder-tree') : null; +} +async function selectFolder(selected) { + const container = document.getElementById('folderTreeContainer'); + if (!container) return; - // Defensive normalize - const path = (typeof folderPath === 'string' && folderPath.length) ? folderPath : 'root'; - const crumbs = path.split('/').filter(s => s !== ''); // no empty segments - - let acc = ''; - for (let i = 0; i < crumbs.length; i++) { - const part = crumbs[i]; - acc = (i === 0) ? part : (acc + '/' + part); - - const span = document.createElement('span'); - span.className = 'breadcrumb-link'; - span.dataset.folder = acc; - span.textContent = part; - frag.appendChild(span); - - if (i < crumbs.length - 1) { - const sep = document.createElement('span'); - sep.className = 'file-breadcrumb-sep'; - sep.textContent = '›'; - frag.appendChild(sep); + // If the node is in the tree, trust its locked class. + let opt = container.querySelector(`.folder-option[data-folder="${CSS.escape(selected)}"]`); + let allowed = true; + applyFolderCapabilities(selected); + if (opt && opt.classList.contains('locked')) { + allowed = false; + } else if (!opt) { + // Not in DOM → preflight capabilities so breadcrumbs (and other callers) + // can't jump into forbidden folders. + try { + allowed = await canViewFolder(selected); + } catch { + allowed = false; } } - return frag; + if (!allowed) { + showToast(t('no_access') || "You do not have access to this resource."); + return; // do NOT change currentFolder or lastOpenedFolder + } + + // At this point we’re allowed. If the node isn’t visible yet, open its parents + // so the tree reflects where we are going. + if (!opt && selected && selected !== 'root') { + const parts = selected.split('/').filter(Boolean); + const st = loadFolderTreeState(); + let acc = ''; + for (let i = 0; i < parts.length; i++) { + acc = i === 0 ? parts[i] : `${acc}/${parts[i]}`; + st[acc] = 'block'; + } + saveFolderTreeState(st); + // Materialize the opened branches + await expandAndLoadSavedState(); + opt = container.querySelector(`.folder-option[data-folder="${CSS.escape(selected)}"]`); + } + + // Visual selection + container.querySelectorAll(".folder-option").forEach(el => el.classList.remove("selected")); + if (opt) opt.classList.add("selected"); + + // Update state + UI + window.currentFolder = selected; + localStorage.setItem("lastOpenedFolder", selected); + updateBreadcrumbTitle(selected); + applyFolderCapabilities(selected); + ensureFolderIcon(selected); + loadFileList(selected); + + // Expand the selected node’s UL if present + const ul = getULForFolder(selected); + if (ul) { + ul.classList.add('expanded'); + ul.classList.remove('collapsed'); + const parentLi = selected === 'root' + ? document.getElementById('rootRow') + : (opt ? opt.closest('li[role="treeitem"]') : null); + if (parentLi) parentLi.setAttribute('aria-expanded', 'true'); + + const st = loadFolderTreeState(); + st[selected] = 'block'; + saveFolderTreeState(st); + try { await ensureChildrenLoaded(selected, ul); primeChildToggles(ul); } catch {} + } } -export function updateBreadcrumbTitle(folder) { - const titleEl = document.getElementById("fileListTitle"); - if (!titleEl) return; - titleEl.textContent = ""; - titleEl.appendChild(document.createTextNode(t("files_in") + " (")); - titleEl.appendChild(renderBreadcrumbFragment(folder)); - titleEl.appendChild(document.createTextNode(")")); - setupBreadcrumbDelegation(); - // Ensure context menu delegation is hooked to the dynamic breadcrumb container - bindFolderManagerContextMenu(); +/* ---------------------- + Expand saved state at boot +----------------------*/ +async function expandAndLoadSavedState() { + const st = loadFolderTreeState(); + const openKeys = Object.keys(st).filter(k => st[k] === 'block'); + openKeys.sort((a, b) => a.split('/').length - b.split('/').length); + + for (const key of openKeys) { + const ul = getULForFolder(key); + if (!ul) continue; + ul.classList.add('expanded'); + ul.classList.remove('collapsed'); + + let li; + if (key === 'root') { + li = document.getElementById('rootRow'); + } else { + const opt = document.querySelector(`.folder-option[data-folder="${CSS.escape(key)}"]`); + li = opt ? opt.closest('li[role="treeitem"]') : null; + } + if (li) li.setAttribute('aria-expanded', 'true'); + try { await ensureChildrenLoaded(key, ul); } catch {} + } } +/* ---------------------- + Main: loadFolderTree +----------------------*/ export async function loadFolderTree(selectedFolder) { try { - // Check if the user has folder-only permission (server-authoritative). await checkUserFolderPermission(); - - // Determine effective root folder. const username = localStorage.getItem("username") || "root"; let effectiveRoot = "root"; let effectiveLabel = "(Root)"; if (window.userFolderOnly && username) { - effectiveRoot = username; // personal root + effectiveRoot = username; effectiveLabel = `(Root)`; localStorage.setItem("lastOpenedFolder", username); window.currentFolder = username; @@ -1000,511 +1317,201 @@ export async function loadFolderTree(selectedFolder) { window.currentFolder = localStorage.getItem("lastOpenedFolder") || "root"; } - // Fetch folder list from the server (server enforces scope). - const res = await fetchWithCsrf('/api/folder/getFolderList.php', { - method: 'GET', - credentials: 'include' - }); - - if (res.status === 401) { - showToast("Session expired. Please log in again."); - window.location.href = "/api/auth/logout.php"; - return; - } - if (res.status === 403) { - showToast("You don't have permission to view folders."); - return; - } - - const folderData = await safeJson(res); - - let folders = []; - if (Array.isArray(folderData) && folderData.length && typeof folderData[0] === "object" && folderData[0].folder) { - folders = folderData.map(item => item.folder); - } else if (Array.isArray(folderData)) { - folders = folderData; - } - - // Remove any global "root" entry (server shouldn't return it, but be safe). - folders = folders.filter(folder => folder.toLowerCase() !== "root"); - - // If restricted, filter client-side view to subtree for UX (server still enforces). - if (window.userFolderOnly && effectiveRoot !== "root") { - folders = folders.filter(folder => folder.startsWith(effectiveRoot + "/")); - localStorage.setItem("lastOpenedFolder", effectiveRoot); - window.currentFolder = effectiveRoot; - } - - localStorage.setItem("lastOpenedFolder", window.currentFolder); - - // Render the folder tree. const container = document.getElementById("folderTreeContainer"); - if (!container) { - console.error("Folder tree container not found."); - return; - } + if (!container) return; const state0 = loadFolderTreeState(); const rootOpen = state0[effectiveRoot] !== 'none'; let html = ` -
    - - - - ${effectiveLabel} - -
    -`; - - if (folders.length > 0) { - const tree = buildFolderTree(folders); - // 👇 pass the root's saved state down to first level - html += renderFolderTree(tree, "", rootOpen ? "block" : "none"); - } +
    + + + + ${escapeHTML(effectiveLabel)} + +
    + + `; container.innerHTML = html; - await loadFolderColors(); - try { applyAllFolderColors(container); } catch (e) { - console.warn('applyAllFolderColors failed:', e); - } - - const st = loadFolderTreeState(); - const rootUl = container.querySelector('#rootRow + ul'); - if (rootUl) { - const expanded = (st[effectiveRoot] ?? 'block') === 'block'; - rootUl.classList.toggle('expanded', expanded); - rootUl.classList.toggle('collapsed', !expanded); - const rr = container.querySelector('#rootRow'); - if (rr) rr.setAttribute('aria-expanded', String(expanded)); - } - - // Prime icons for everything visible - primeFolderIcons(container); - - function primeFolderIcons(scopeEl) { - const opts = scopeEl.querySelectorAll('.folder-option[data-folder]'); - opts.forEach(opt => { - const f = opt.getAttribute('data-folder'); - // Optional: if there are obvious children in DOM, show 'paper' immediately as a hint - const li = opt.closest('li[role="treeitem"]'); - const hasChildren = !!(li && li.querySelector(':scope > ul > li')); - setFolderIconForOption(opt, hasChildren ? 'paper' : 'empty'); - // Then confirm with server (files count) - ensureFolderIcon(f); - }); - } - - // Attach drag/drop event listeners. - container.querySelectorAll(".folder-option").forEach(el => { - const fp = el.getAttribute('data-folder'); - markNonEmptyIfHasChildren(fp); - // Provide folder path payload for folder->folder DnD - el.addEventListener("dragstart", (ev) => { - const src = el.getAttribute("data-folder"); - try { ev.dataTransfer.setData("application/x-filerise-folder", src); } catch (e) { } - try { ev.dataTransfer.setData("text/plain", src); } catch (e) { } - ev.dataTransfer.effectAllowed = "move"; - }); - - el.addEventListener("dragover", folderDragOverHandler); - el.addEventListener("dragleave", folderDragLeaveHandler); - el.addEventListener("drop", folderDropHandler); - }); - - if (selectedFolder) { - window.currentFolder = selectedFolder; - } - localStorage.setItem("lastOpenedFolder", window.currentFolder); - - // Initial breadcrumb + file list - updateBreadcrumbTitle(window.currentFolder); - applyFolderCapabilities(window.currentFolder); - ensureFolderIcon(window.currentFolder); - loadFileList(window.currentFolder); - - // Show ancestors so the current selection is visible, but don't persist - if (window.currentFolder && window.currentFolder !== effectiveRoot) { - expandTreePath(window.currentFolder, { force: true, persist: true, includeLeaf: false }); - } - - const selectedEl = container.querySelector(`.folder-option[data-folder="${window.currentFolder}"]`); - if (selectedEl) { - container.querySelectorAll(".folder-option").forEach(item => item.classList.remove("selected")); - selectedEl.classList.add("selected"); - } - - // Folder-option click: update selection, breadcrumbs, and file list - container.querySelectorAll(".folder-option").forEach(el => { - // Provide folder path payload for folder->folder DnD - el.addEventListener("dragstart", (ev) => { - const src = el.getAttribute("data-folder"); - try { ev.dataTransfer.setData("application/x-filerise-folder", src); } catch (e) { } - try { ev.dataTransfer.setData("text/plain", src); } catch (e) { } - ev.dataTransfer.effectAllowed = "move"; - }); - - el.addEventListener("click", function (e) { - e.stopPropagation(); - container.querySelectorAll(".folder-option").forEach(item => item.classList.remove("selected")); - this.classList.add("selected"); - const selected = this.getAttribute("data-folder"); - window.currentFolder = selected; - localStorage.setItem("lastOpenedFolder", selected); - - updateBreadcrumbTitle(selected); - applyFolderCapabilities(selected); - ensureFolderIcon(selected); - loadFileList(selected); - }); - }); - - // --- One delegated toggle handler (robust) --- - (function bindToggleDelegation() { - const container = document.getElementById('folderTreeContainer'); - if (!container || container._toggleBound) return; - container._toggleBound = true; - - container.addEventListener('click', (e) => { - if (performance.now() < _suppressToggleUntil) { - e.stopPropagation(); - e.preventDefault(); - return; + // Determine root's lock state + const rootOpt = container.querySelector('.root-folder-option'); + let rootLocked = false; + try { + const res = await fetch(`/api/folder/capabilities.php?folder=${encodeURIComponent(effectiveRoot)}`, { credentials: 'include' }); + if (res.ok) { + const caps = await res.json(); + const canView = !!(caps.canView ?? caps.canRead ?? caps.canReadOwn ?? caps.isAdmin); + rootLocked = !canView; + } + } catch {} + if (rootOpt && rootLocked) markOptionLocked(rootOpt, true); + applyFolderCapabilities(effectiveRoot); + // Root DnD + prime icon/chevron + { + const ro = rootOpt; + if (ro) { + const isLocked = ro.classList.contains('locked'); + if (!isLocked) { + ro.addEventListener('dragover', folderDragOverHandler); + ro.addEventListener('dragleave', folderDragLeaveHandler); + ro.addEventListener('drop', (e) => handleDropOnFolder(e, effectiveRoot)); } + try { setFolderIconForOption(ro, 'empty'); } catch {} + fetchFolderCounts(effectiveRoot).then(({ folders, files }) => { + const hasAny = (folders + files) > 0; + try { setFolderIconForOption(ro, hasAny ? 'paper' : 'empty'); } catch {} + return peekHasFolders(effectiveRoot).then(hasKids => { + try { updateToggleForOption(effectiveRoot, !!hasKids || folders > 0); } catch {} + }); + }).catch(() => {}); + } + } + + // Delegated toggle + if (!container._toggleBound) { + container._toggleBound = true; + container.addEventListener('click', async (e) => { + if (performance.now() < _suppressToggleUntil) { e.stopPropagation(); e.preventDefault(); return; } const btn = e.target.closest('button.folder-toggle'); if (!btn || !container.contains(btn)) return; e.stopPropagation(); - const folderPath = btn.getAttribute('data-folder'); - let siblingUl = null; - let expandedTarget = null; - - // Root toggle? - if (btn.closest('#rootRow')) { - siblingUl = container.querySelector('#rootRow + ul'); - expandedTarget = document.getElementById('rootRow'); - } else { - const li = btn.closest('li[role="treeitem"]'); - if (!li) return; - siblingUl = li.querySelector(':scope > ul'); - expandedTarget = li; - } - if (!siblingUl) return; - - const expanded = !siblingUl.classList.contains('expanded'); - siblingUl.classList.toggle('expanded', expanded); - siblingUl.classList.toggle('collapsed', !expanded); - if (expandedTarget) expandedTarget.setAttribute('aria-expanded', String(expanded)); - - const state = loadFolderTreeState(); - state[folderPath] = expanded ? 'block' : 'none'; - saveFolderTreeState(state); + const ul = getULForFolder(folderPath); + if (!ul) return; + const willExpand = !ul.classList.contains('expanded'); + ul.classList.toggle('expanded', willExpand); + ul.classList.toggle('collapsed', !willExpand); + const li = folderPath === 'root' + ? document.getElementById('rootRow') + : (document.querySelector(`.folder-option[data-folder="${CSS.escape(folderPath)}"]`)?.closest('li[role="treeitem"]')); + if (li) li.setAttribute('aria-expanded', String(willExpand)); + const st = loadFolderTreeState(); st[folderPath] = willExpand ? 'block' : 'none'; saveFolderTreeState(st); + if (willExpand) await ensureChildrenLoaded(folderPath, ul); }, true); - })(); - } catch (error) { - console.error("Error loading folder tree:", error); - if (error.status === 403) { - showToast("You don't have permission to view folders."); + // Delegated folder-option click + container.addEventListener("click", function(e) { + const opt = e.target.closest(".folder-option"); + if (!opt || !container.contains(opt)) return; + e.stopPropagation(); + + if (opt.classList.contains('locked')) { + // Toggle expansion, don't select + const folderPath = opt.getAttribute('data-folder'); + const ul = getULForFolder(folderPath); + if (!ul) return; + const willExpand = !ul.classList.contains('expanded'); + ul.classList.toggle('expanded', willExpand); + ul.classList.toggle('collapsed', !willExpand); + const li = opt.closest('li[role="treeitem"]'); + if (li) li.setAttribute('aria-expanded', String(willExpand)); + const st = loadFolderTreeState(); st[folderPath] = willExpand ? 'block' : 'none'; saveFolderTreeState(st); + if (willExpand) ensureChildrenLoaded(folderPath, ul); + return; + } + + selectFolder(opt.getAttribute("data-folder") || 'root'); + }); } + + await loadFolderColors(); + applyAllFolderColors(container); + + // Root: load its children if open + const rc = document.getElementById('rootChildren'); + if (rc && rootOpen) { + await ensureChildrenLoaded(effectiveRoot, rc); + primeChildToggles(rc); + const hasKids = !!rc.querySelector('li.folder-item'); + updateToggleForOption(effectiveRoot, hasKids); + } + + // Expand + render all previously opened nodes + await expandAndLoadSavedState(); + + // ---------- Smart initial selection (sticky + top-level preference) ---------- +let target = await chooseInitialFolder(effectiveRoot, selectedFolder); + +if (!target) { + const ro = document.querySelector('.root-folder-option'); + if (ro) ro.classList.add('selected'); + + // Show explicit no_access in the files pane + showNoAccessEmptyState(); + applyFolderCapabilities(effectiveRoot); + showToast(t('no_access') || "You do not have access to this resource."); + return; +} + +// Ensure the path to target is visibly open in the tree (even if ancestors are locked) +await expandAncestors(target); + +// Persist and select +localStorage.setItem("lastOpenedFolder", target); +selectFolder(target); +// --------------------------------------------------------------------------- + // -------------------------------------------- + + } catch (err) { + console.error("Error loading folder tree:", err); + if (err.status === 403) showToast("You don't have permission to view folders."); } } -// For backward compatibility. -export function loadFolderList(selectedFolder) { - loadFolderTree(selectedFolder); -} +export function loadFolderList(selectedFolder) { loadFolderTree(selectedFolder); } // compat /* ---------------------- - Folder Management (Rename, Delete, Create) + Context menu (minimal hook) ----------------------*/ -const renameBtn = document.getElementById("renameFolderBtn"); -if (renameBtn) renameBtn.addEventListener("click", openRenameFolderModal); - -const deleteBtn = document.getElementById("deleteFolderBtn"); -if (deleteBtn) deleteBtn.addEventListener("click", openDeleteFolderModal); - -export function openRenameFolderModal() { - const selectedFolder = window.currentFolder || "root"; - if (!selectedFolder || selectedFolder === "root") { - showToast("Please select a valid folder to rename."); - return; - } - const parts = selectedFolder.split("/"); - const input = document.getElementById("newRenameFolderName"); - const modal = document.getElementById("renameFolderModal"); - if (!input || !modal) return; - input.value = parts[parts.length - 1]; - modal.style.display = "block"; - setTimeout(() => { - input.focus(); - input.select(); - }, 100); -} - -const cancelRename = document.getElementById("cancelRenameFolder"); -if (cancelRename) { - cancelRename.addEventListener("click", function () { - const modal = document.getElementById("renameFolderModal"); - const input = document.getElementById("newRenameFolderName"); - if (modal) modal.style.display = "none"; - if (input) input.value = ""; - }); -} -attachEnterKeyListener("renameFolderModal", "submitRenameFolder"); - -const submitRename = document.getElementById("submitRenameFolder"); -if (submitRename) { - submitRename.addEventListener("click", function (event) { - event.preventDefault(); - const selectedFolder = window.currentFolder || "root"; - const input = document.getElementById("newRenameFolderName"); - if (!input) return; - const newNameBasename = input.value.trim(); - if (!newNameBasename || newNameBasename === selectedFolder.split("/").pop()) { - showToast("Please enter a valid new folder name."); - return; - } - const parentPath = getParentFolder(selectedFolder); - const newFolderFull = parentPath === "root" ? newNameBasename : parentPath + "/" + newNameBasename; - - fetchWithCsrf("/api/folder/renameFolder.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - credentials: "include", - body: JSON.stringify({ oldFolder: window.currentFolder, newFolder: newFolderFull }) - }) - .then(safeJson) - .then(data => { - if (data.success) { - showToast("Folder renamed successfully!"); - window.currentFolder = newFolderFull; - - // carry color without await - const oldPath = selectedFolder; - const oldColor = window.folderColorMap[oldPath]; - if (oldColor) { - saveFolderColor(newFolderFull, oldColor) - .then(() => saveFolderColor(oldPath, '')) - .catch(() => { }); - } - - localStorage.setItem("lastOpenedFolder", newFolderFull); - loadFolderList(newFolderFull); - } else { - showToast("Error: " + (data.error || "Could not rename folder")); - } - }) - .catch(error => console.error("Error renaming folder:", error)) - .finally(() => { - const modal = document.getElementById("renameFolderModal"); - const input2 = document.getElementById("newRenameFolderName"); - if (modal) modal.style.display = "none"; - if (input2) input2.value = ""; - }); - }); -} - -// === Move Folder Modal helper (shared by button + context menu) === -export function openMoveFolderUI(sourceFolder) { - const modal = document.getElementById('moveFolderModal'); - const targetSel = document.getElementById('moveFolderTarget'); - - // If you right-clicked a different folder than currently selected, use that - if (sourceFolder && sourceFolder !== 'root') { - window.currentFolder = sourceFolder; - } - - // Fill target dropdown - if (targetSel) { - targetSel.innerHTML = ''; - fetch('/api/folder/getFolderList.php', { credentials: 'include' }) - .then(r => r.json()) - .then(list => { - if (Array.isArray(list) && list.length && typeof list[0] === 'object' && list[0].folder) { - list = list.map(it => it.folder); - } - // Root option - const rootOpt = document.createElement('option'); - rootOpt.value = 'root'; rootOpt.textContent = '(Root)'; - targetSel.appendChild(rootOpt); - - (list || []) - .filter(f => f && f !== 'trash' && f !== (window.currentFolder || '')) - .forEach(f => { - const o = document.createElement('option'); - o.value = f; o.textContent = f; - targetSel.appendChild(o); - }); - }) - .catch(() => { /* no-op */ }); - } - - if (modal) modal.style.display = 'block'; -} - -export function openDeleteFolderModal() { - const selectedFolder = window.currentFolder || "root"; - if (!selectedFolder || selectedFolder === "root") { - showToast("Please select a valid folder to delete."); - return; - } - const msgEl = document.getElementById("deleteFolderMessage"); - const modal = document.getElementById("deleteFolderModal"); - if (!msgEl || !modal) return; - msgEl.textContent = "Are you sure you want to delete folder " + selectedFolder + "?"; - modal.style.display = "block"; -} - -const cancelDelete = document.getElementById("cancelDeleteFolder"); -if (cancelDelete) { - cancelDelete.addEventListener("click", function () { - const modal = document.getElementById("deleteFolderModal"); - if (modal) modal.style.display = "none"; - }); -} -attachEnterKeyListener("deleteFolderModal", "confirmDeleteFolder"); - -const confirmDelete = document.getElementById("confirmDeleteFolder"); -if (confirmDelete) { - confirmDelete.addEventListener("click", function () { - const selectedFolder = window.currentFolder || "root"; - - fetchWithCsrf("/api/folder/deleteFolder.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - credentials: "include", - body: JSON.stringify({ folder: selectedFolder }) - }) - .then(safeJson) - .then(data => { - if (data.success) { - showToast("Folder deleted successfully!"); - window.currentFolder = getParentFolder(selectedFolder); - const parentForIcon = getParentFolder(selectedFolder); -refreshFolderIcon(parentForIcon); - localStorage.setItem("lastOpenedFolder", window.currentFolder); - loadFolderList(window.currentFolder); - } else { - showToast("Error: " + (data.error || "Could not delete folder")); - } - }) - .catch(error => console.error("Error deleting folder:", error)) - .finally(() => { - const modal = document.getElementById("deleteFolderModal"); - if (modal) modal.style.display = "none"; - }); - }); -} - -const createBtn = document.getElementById("createFolderBtn"); -if (createBtn) { - createBtn.addEventListener("click", function () { - const modal = document.getElementById("createFolderModal"); - const input = document.getElementById("newFolderName"); - if (modal) modal.style.display = "block"; - if (input) input.focus(); - }); -} - -const cancelCreate = document.getElementById("cancelCreateFolder"); -if (cancelCreate) { - cancelCreate.addEventListener("click", function () { - const modal = document.getElementById("createFolderModal"); - const input = document.getElementById("newFolderName"); - if (modal) modal.style.display = "none"; - if (input) input.value = ""; - }); -} -attachEnterKeyListener("createFolderModal", "submitCreateFolder"); - -const submitCreate = document.getElementById("submitCreateFolder"); -if (submitCreate) { - submitCreate.addEventListener("click", async () => { - const input = document.getElementById("newFolderName"); - const folderInput = input ? input.value.trim() : ""; - if (!folderInput) return showToast("Please enter a folder name."); - - const selectedFolder = window.currentFolder || "root"; - const parent = selectedFolder === "root" ? "" : selectedFolder; - - // 1) Guarantee fresh CSRF - try { - await loadCsrfToken(); - } catch { - return showToast("Could not refresh CSRF token. Please reload."); - } - - // 2) Call with fetchWithCsrf - fetchWithCsrf("/api/folder/createFolder.php", { - method: "POST", - headers: { "Content-Type": "application/json" }, - credentials: "include", - body: JSON.stringify({ folderName: folderInput, parent }) - }) - .then(safeJson) - .then(data => { - if (!data.success) throw new Error(data.error || "Server rejected the request"); - showToast("Folder created!"); - const parentForIcon = parent || 'root'; -refreshFolderIcon(parentForIcon); - const full = parent ? `${parent}/${folderInput}` : folderInput; - window.currentFolder = full; - localStorage.setItem("lastOpenedFolder", full); - loadFolderList(full); - }) - .catch(e => { - showToast("Error creating folder: " + e.message); - }) - .finally(() => { - const modal = document.getElementById("createFolderModal"); - const input2 = document.getElementById("newFolderName"); - if (modal) modal.style.display = "none"; - if (input2) input2.value = ""; - }); - }); -} - -// ---------- CONTEXT MENU SUPPORT FOR FOLDER MANAGER ---------- async function folderManagerContextMenuHandler(e) { const target = e.target.closest(".folder-option, .breadcrumb-link"); if (!target) return; - e.preventDefault(); e.stopPropagation(); + // No menu on locked folders; just toggle expansion if it is a tree node + if (target.classList && target.classList.contains('locked')) { + const folder = target.getAttribute('data-folder') || ''; + const ul = getULForFolder(folder); + if (ul) { + const willExpand = !ul.classList.contains('expanded'); + ul.classList.toggle('expanded', willExpand); + ul.classList.toggle('collapsed', !willExpand); + const li = target.closest('li[role="treeitem"]'); + if (li) li.setAttribute('aria-expanded', String(willExpand)); + const st = loadFolderTreeState(); st[folder] = willExpand ? 'block' : 'none'; saveFolderTreeState(st); + if (willExpand) ensureChildrenLoaded(folder, ul); + } + return; + } + const folder = target.getAttribute("data-folder"); if (!folder) return; window.currentFolder = folder; - await applyFolderCapabilities(folder); // <-- await ensures fresh caps + await applyFolderCapabilities(folder); - // Visual selection - document.querySelectorAll(".folder-option, .breadcrumb-link") - .forEach(el => el.classList.remove("selected")); + document.querySelectorAll(".folder-option, .breadcrumb-link").forEach(el => el.classList.remove("selected")); target.classList.add("selected"); - const canColor = !!(window.currentFolderCaps && window.currentFolderCaps.canRename); - + const canColor = !!(window.currentFolderCaps && window.currentFolderCaps.canEdit); const menuItems = [ - { - label: t("create_folder"), action: () => { + { label: t("create_folder"), action: () => { const modal = document.getElementById("createFolderModal"); const input = document.getElementById("newFolderName"); if (modal) modal.style.display = "block"; if (input) input.focus(); - } - }, + } }, { label: t("move_folder"), action: () => openMoveFolderUI(folder) }, { label: t("rename_folder"), action: () => openRenameFolderModal() }, ...(canColor ? [{ label: t("color_folder"), action: () => openColorFolderModal(folder) }] : []), { label: t("folder_share"), action: () => openFolderShareModal(folder) }, { label: t("delete_folder"), action: () => openDeleteFolderModal() } ]; - showFolderManagerContextMenu(e.pageX, e.pageY, menuItems); } - export function showFolderManagerContextMenu(x, y, menuItems) { let menu = document.getElementById("folderManagerContextMenu"); if (!menu) { @@ -1516,49 +1523,30 @@ export function showFolderManagerContextMenu(x, y, menuItems) { menu.style.zIndex = "9999"; document.body.appendChild(menu); } - if (document.body.classList.contains("dark-mode")) { - menu.style.backgroundColor = "#2c2c2c"; - menu.style.border = "1px solid #555"; - menu.style.color = "#e0e0e0"; + menu.style.backgroundColor = "#2c2c2c"; menu.style.border = "1px solid #555"; menu.style.color = "#e0e0e0"; } else { - menu.style.backgroundColor = "#fff"; - menu.style.border = "1px solid #ccc"; - menu.style.color = "#000"; + menu.style.backgroundColor = "#fff"; menu.style.border = "1px solid #ccc"; menu.style.color = "#000"; } - menu.innerHTML = ""; menuItems.forEach(item => { - const menuItem = document.createElement("div"); - menuItem.textContent = item.label; - menuItem.style.padding = "5px 15px"; - menuItem.style.cursor = "pointer"; - - menuItem.addEventListener("mouseover", () => { - menuItem.style.backgroundColor = document.body.classList.contains("dark-mode") ? "#444" : "#f0f0f0"; - }); - menuItem.addEventListener("mouseout", () => { - menuItem.style.backgroundColor = ""; - }); - menuItem.addEventListener("click", () => { - item.action(); - hideFolderManagerContextMenu(); - }); - - menu.appendChild(menuItem); + const it = document.createElement("div"); + it.textContent = item.label; + it.style.padding = "5px 15px"; + it.style.cursor = "pointer"; + it.addEventListener("mouseover", () => { it.style.backgroundColor = document.body.classList.contains("dark-mode") ? "#444" : "#f0f0f0"; }); + it.addEventListener("mouseout", () => { it.style.backgroundColor = ""; }); + it.addEventListener("click", () => { item.action(); hideFolderManagerContextMenu(); }); + menu.appendChild(it); }); - menu.style.left = `${x}px`; - menu.style.top = `${y}px`; + menu.style.top = `${y}px`; menu.style.display = "block"; } - export function hideFolderManagerContextMenu() { const menu = document.getElementById("folderManagerContextMenu"); if (menu) menu.style.display = "none"; } - -// Delegate contextmenu so it works with dynamically re-rendered breadcrumbs function bindFolderManagerContextMenu() { const tree = document.getElementById("folderTreeContainer"); if (tree) { @@ -1570,7 +1558,6 @@ function bindFolderManagerContextMenu() { }; tree.addEventListener("contextmenu", tree._ctxHandler, false); } - const title = document.getElementById("fileListTitle"); if (title) { if (title._ctxHandler) title.removeEventListener("contextmenu", title._ctxHandler, false); @@ -1582,60 +1569,201 @@ function bindFolderManagerContextMenu() { title.addEventListener("contextmenu", title._ctxHandler, false); } } +document.addEventListener("click", hideFolderManagerContextMenu); -document.addEventListener("click", function () { - hideFolderManagerContextMenu(); +/* ---------------------- + Rename / Delete / Create hooks +----------------------*/ +export function openRenameFolderModal() { + const selectedFolder = window.currentFolder || "root"; + if (!selectedFolder || selectedFolder === "root") { showToast("Please select a valid folder to rename."); return; } + const parts = selectedFolder.split("/"); + const input = document.getElementById("newRenameFolderName"); + const modal = document.getElementById("renameFolderModal"); + if (!input || !modal) return; + input.value = parts[parts.length - 1]; + modal.style.display = "block"; + setTimeout(() => { input.focus(); input.select(); }, 100); +} +const cancelRename = document.getElementById("cancelRenameFolder"); +if (cancelRename) cancelRename.addEventListener("click", function () { + const modal = document.getElementById("renameFolderModal"); + const input = document.getElementById("newRenameFolderName"); + if (modal) modal.style.display = "none"; + if (input) input.value = ""; }); +attachEnterKeyListener("renameFolderModal", "submitRenameFolder"); +const submitRename = document.getElementById("submitRenameFolder"); +if (submitRename) submitRename.addEventListener("click", function (event) { + event.preventDefault(); + const selectedFolder = window.currentFolder || "root"; + const input = document.getElementById("newRenameFolderName"); + if (!input) return; + const newNameBasename = input.value.trim(); + if (!newNameBasename || newNameBasename === selectedFolder.split("/").pop()) { + showToast("Please enter a valid new folder name."); return; + } + const parentPath = getParentFolder(selectedFolder); + const newFolderFull = parentPath === "root" ? newNameBasename : parentPath + "/" + newNameBasename; + fetchWithCsrf("/api/folder/renameFolder.php", { + method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", + body: JSON.stringify({ oldFolder: window.currentFolder, newFolder: newFolderFull }) + }).then(safeJson).then(async data => { + if (data.success) { + showToast("Folder renamed successfully!"); + const oldPath = selectedFolder; + window.currentFolder = newFolderFull; + localStorage.setItem("lastOpenedFolder", newFolderFull); -document.addEventListener("DOMContentLoaded", function () { - document.addEventListener("keydown", function (e) { - const tag = e.target.tagName ? e.target.tagName.toLowerCase() : ""; - if (tag === "input" || tag === "textarea" || (e.target && e.target.isContentEditable)) { - return; - } - if (e.key === "Delete" || e.key === "Backspace" || e.keyCode === 46 || e.keyCode === 8) { - if (window.currentFolder && window.currentFolder !== "root") { - e.preventDefault(); - openDeleteFolderModal(); - } + // carry color on rename as well + await carryFolderColor(oldPath, newFolderFull); + + // migrate expansion state like move and keep parent open + migrateExpansionStateOnMove(oldPath, newFolderFull, [parentPath]); + + // refresh parent list incrementally (preserves other branches) + const parent = parentPath; + invalidateFolderCaches(parent); + clearPeekCache([parent, oldPath, newFolderFull]); + const ul = getULForFolder(parent); + if (ul) { ul._renderedOnce = false; ul.innerHTML = ""; await ensureChildrenLoaded(parent, ul); } + + // restore any open nodes we had saved + await expandAndLoadSavedState(); + + // re-select the renamed node + selectFolder(newFolderFull); + } else { + showToast("Error: " + (data.error || "Could not rename folder")); } + }).catch(err => console.error("Error renaming folder:", err)).finally(() => { + const modal = document.getElementById("renameFolderModal"); + const input2 = document.getElementById("newRenameFolderName"); + if (modal) modal.style.display = "none"; + if (input2) input2.value = ""; }); }); -document.addEventListener("DOMContentLoaded", function () { - const shareFolderBtn = document.getElementById("shareFolderBtn"); - if (shareFolderBtn) { - shareFolderBtn.addEventListener("click", () => { - const selectedFolder = window.currentFolder || "root"; - if (!selectedFolder || selectedFolder === "root") { - showToast("Please select a valid folder to share."); - return; - } - openFolderShareModal(selectedFolder); - }); - } else { - console.warn("shareFolderBtn element not found in the DOM."); - } +export function openDeleteFolderModal() { + const selectedFolder = window.currentFolder || "root"; + if (!selectedFolder || selectedFolder === "root") { showToast("Please select a valid folder to delete."); return; } + const msgEl = document.getElementById("deleteFolderMessage"); + const modal = document.getElementById("deleteFolderModal"); + if (!msgEl || !modal) return; + msgEl.textContent = "Are you sure you want to delete folder " + selectedFolder + "?"; + modal.style.display = "block"; +} +const cancelDelete = document.getElementById("cancelDeleteFolder"); +if (cancelDelete) cancelDelete.addEventListener("click", function () { + const modal = document.getElementById("deleteFolderModal"); + if (modal) modal.style.display = "none"; +}); +attachEnterKeyListener("deleteFolderModal", "confirmDeleteFolder"); +const confirmDelete = document.getElementById("confirmDeleteFolder"); +if (confirmDelete) confirmDelete.addEventListener("click", async function () { + const selectedFolder = window.currentFolder || "root"; + fetchWithCsrf("/api/folder/deleteFolder.php", { + method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", + body: JSON.stringify({ folder: selectedFolder }) + }).then(safeJson).then(async data => { + if (data.success) { + showToast("Folder deleted successfully!"); + const parent = getParentFolder(selectedFolder); + window.currentFolder = parent; + localStorage.setItem("lastOpenedFolder", parent); + invalidateFolderCaches(parent); + clearPeekCache([parent, selectedFolder]); + const ul = getULForFolder(parent); + if (ul) { ul._renderedOnce = false; ul.innerHTML = ""; await ensureChildrenLoaded(parent, ul); } + selectFolder(parent); + } else { + showToast("Error: " + (data.error || "Could not delete folder")); + } + }).catch(err => console.error("Error deleting folder:", err)).finally(() => { + const modal = document.getElementById("deleteFolderModal"); + if (modal) modal.style.display = "none"; + }); }); -document.addEventListener("DOMContentLoaded", function () { - const colorFolderBtn = document.getElementById("colorFolderBtn"); - if (colorFolderBtn) { - colorFolderBtn.addEventListener("click", () => { - const selectedFolder = window.currentFolder || "root"; - if (!selectedFolder || selectedFolder === "root") { - showToast(t('please_select_valid_folder') || "Please select a valid folder."); - return; - } - openColorFolderModal(selectedFolder); - }); - } else { - console.warn("colorFolderBtn element not found in the DOM."); - } +const createBtn = document.getElementById("createFolderBtn"); +if (createBtn) createBtn.addEventListener("click", function () { + const modal = document.getElementById("createFolderModal"); + const input = document.getElementById("newFolderName"); + if (modal) modal.style.display = "block"; + if (input) input.focus(); +}); +const cancelCreate = document.getElementById("cancelCreateFolder"); +if (cancelCreate) cancelCreate.addEventListener("click", function () { + const modal = document.getElementById("createFolderModal"); + const input = document.getElementById("newFolderName"); + if (modal) modal.style.display = "none"; + if (input) input.value = ""; +}); +attachEnterKeyListener("createFolderModal", "submitCreateFolder"); +const submitCreate = document.getElementById("submitCreateFolder"); +if (submitCreate) submitCreate.addEventListener("click", async () => { + const input = document.getElementById("newFolderName"); + const folderInput = input ? input.value.trim() : ""; + if (!folderInput) return showToast("Please enter a folder name."); + const selectedFolder = window.currentFolder || "root"; + const parent = selectedFolder === "root" ? "" : selectedFolder; + + try { await loadCsrfToken(); } catch { return showToast("Could not refresh CSRF token. Please reload."); } + + fetchWithCsrf("/api/folder/createFolder.php", { + method: "POST", headers: { "Content-Type": "application/json" }, credentials: "include", + body: JSON.stringify({ folderName: folderInput, parent }) + }).then(safeJson).then(async data => { + if (!data.success) throw new Error(data.error || "Server rejected the request"); + showToast("Folder created!"); + const parentFolder = parent || 'root'; + const parentUL = getULForFolder(parentFolder); + const full = parent ? `${parent}/${folderInput}` : folderInput; + + if (parentUL) { + const li = makeChildLi(parentFolder, folderInput); + const moreLi = parentUL.querySelector('.load-more'); + parentUL.insertBefore(li, moreLi || null); + try { applyFolderColorToOption(full, (window.folderColorMap || {})[full] || ''); } catch {} + const opt = li.querySelector('.folder-option'); + if (opt) setFolderIconForOption(opt, 'empty'); + ensureFolderIcon(full); + updateToggleForOption(parentFolder, true); + invalidateFolderCaches(parentFolder); + clearPeekCache([parentFolder, full]); + } + + window.currentFolder = full; + localStorage.setItem("lastOpenedFolder", full); + selectFolder(full); + + }).catch(e => showToast("Error creating folder: " + e.message)).finally(() => { + const modal = document.getElementById("createFolderModal"); + const input2 = document.getElementById("newFolderName"); + if (modal) modal.style.display = "none"; + if (input2) input2.value = ""; + }); }); -// Initial context menu delegation bind -bindFolderManagerContextMenu(); +/* ---------------------- + Move (modal) + Color carry + State migration as well +----------------------*/ +export function openMoveFolderUI(sourceFolder) { + const modal = document.getElementById('moveFolderModal'); + const targetSel = document.getElementById('moveFolderTarget'); + if (sourceFolder && sourceFolder !== 'root') window.currentFolder = sourceFolder; + if (targetSel) { + targetSel.innerHTML = ''; + fetch('/api/folder/getFolderList.php', { credentials: 'include' }).then(r => r.json()).then(list => { + if (Array.isArray(list) && list.length && typeof list[0] === 'object' && list[0].folder) list = list.map(it => it.folder); + const rootOpt = document.createElement('option'); rootOpt.value = 'root'; rootOpt.textContent = '(Root)'; targetSel.appendChild(rootOpt); + (list || []).filter(f => f && f !== 'trash' && f !== (window.currentFolder || '')).forEach(f => { + const o = document.createElement('option'); o.value = f; o.textContent = f; targetSel.appendChild(o); + }); + }).catch(() => {}); + } + if (modal) modal.style.display = 'block'; +} document.addEventListener("DOMContentLoaded", () => { const moveBtn = document.getElementById('moveFolderBtn'); @@ -1644,14 +1772,11 @@ document.addEventListener("DOMContentLoaded", () => { const cancelBtn = document.getElementById('cancelMoveFolder'); const confirmBtn = document.getElementById('confirmMoveFolder'); - if (moveBtn) { - moveBtn.addEventListener('click', () => { - const cf = window.currentFolder || 'root'; - if (!cf || cf === 'root') { showToast('Select a non-root folder to move.'); return; } - openMoveFolderUI(cf); - }); - } - + if (moveBtn) moveBtn.addEventListener('click', () => { + const cf = window.currentFolder || 'root'; + if (!cf || cf === 'root') { showToast('Select a non-root folder to move.'); return; } + openMoveFolderUI(cf); + }); if (cancelBtn) cancelBtn.addEventListener('click', () => { if (modal) modal.style.display = 'none'; }); if (confirmBtn) confirmBtn.addEventListener('click', async () => { @@ -1664,6 +1789,9 @@ document.addEventListener("DOMContentLoaded", () => { showToast('Invalid destination'); return; } + // snapshot expansion before move + const preState = loadFolderTreeState(); + try { const res = await fetch('/api/folder/moveFolder.php', { method: 'POST', credentials: 'include', @@ -1672,23 +1800,131 @@ document.addEventListener("DOMContentLoaded", () => { }); const data = await safeJson(res); if (res.ok && data && !data.error) { - showToast('Folder moved'); - if (modal) modal.style.display = 'none'; - await loadFolderTree(); const base = source.split('/').pop(); const newPath = (destination === 'root' ? '' : destination + '/') + base; - const oldColor = window.folderColorMap[source]; - if (oldColor) { - try { - await saveFolderColor(newPath, oldColor); - await saveFolderColor(source, ''); - } catch (_) { } + + // carry color + await carryFolderColor(source, newPath); + + // migrate expansion + migrateExpansionStateOnMove(source, newPath, [destination, getParentFolder(destination)]); + + // refresh parents + const srcParent = getParentFolder(source); + const dstParent = destination; + invalidateFolderCaches(srcParent); invalidateFolderCaches(dstParent); + clearPeekCache([srcParent, dstParent, source, newPath]); + + const srcUl = getULForFolder(srcParent); const dstUl = getULForFolder(dstParent); + updateToggleForOption(srcParent, !!srcUl && !!srcUl.querySelector(':scope > li.folder-item')); + if (srcUl) { srcUl._renderedOnce = false; srcUl.innerHTML = ""; await ensureChildrenLoaded(srcParent, srcUl); } + if (dstUl) { dstUl._renderedOnce = false; dstUl.innerHTML = ""; await ensureChildrenLoaded(dstParent, dstUl); } + + updateToggleForOption(dstParent, true); + ensureFolderIcon(dstParent); + const _srcUlLive = getULForFolder(srcParent); + updateToggleForOption(srcParent, !!(_srcUlLive && _srcUlLive.querySelector(':scope > li.folder-item'))); + + // re-apply expansions + await expandAndLoadSavedState(); + + // update currentFolder + if (window.currentFolder === source) { + window.currentFolder = newPath; + } else if (window.currentFolder && window.currentFolder.startsWith(source + '/')) { + const suffix = window.currentFolder.slice(source.length); + window.currentFolder = newPath + suffix; } - window.currentFolder = newPath; - loadFileList(window.currentFolder || 'root'); + localStorage.setItem("lastOpenedFolder", window.currentFolder || newPath); + + if (modal) modal.style.display = 'none'; + refreshFolderIcon(srcParent); refreshFolderIcon(dstParent); + showToast('Folder moved'); + selectFolder(window.currentFolder || newPath); + } else { showToast('Error: ' + (data && data.error || 'Move failed')); } } catch (e) { console.error(e); showToast('Move failed'); } }); }); + +/* ---------------------- + Expand path helper +----------------------*/ +function expandTreePath(path, opts = {}) { + const { force = false, persist = false, includeLeaf = false } = opts; + const state = loadFolderTreeState(); + const parts = (path || '').split('/').filter(Boolean); + let cumulative = ''; + const lastIndex = includeLeaf ? parts.length - 1 : Math.max(0, parts.length - 2); + parts.forEach((part, i) => { + cumulative = i === 0 ? part : `${cumulative}/${part}`; + if (i > lastIndex) return; + const option = document.querySelector(`.folder-option[data-folder="${CSS.escape(cumulative)}"]`); + if (!option) return; + const li = option.closest('li[role="treeitem"]'); + const nestedUl = li ? li.querySelector(':scope > ul') : null; + if (!nestedUl) return; + const shouldExpand = force || state[cumulative] === 'block'; + nestedUl.classList.toggle('expanded', shouldExpand); + nestedUl.classList.toggle('collapsed', !shouldExpand); + li.setAttribute('aria-expanded', String(!!shouldExpand)); + if (persist && shouldExpand) state[cumulative] = 'block'; + }); + if (persist) saveFolderTreeState(state); +} + +/* ---------------------- + Wire toolbar buttons that were inert (rename/delete) +----------------------*/ +document.addEventListener("DOMContentLoaded", () => { + const renameBtn = document.getElementById("renameFolderBtn"); + if (renameBtn) renameBtn.addEventListener("click", () => { + const cf = window.currentFolder || "root"; + if (!cf || cf === "root") { showToast("Please select a valid folder to rename."); return; } + openRenameFolderModal(); + }); + + const deleteBtn = document.getElementById("deleteFolderBtn"); + if (deleteBtn) deleteBtn.addEventListener("click", () => { + const cf = window.currentFolder || "root"; + if (!cf || cf === "root") { showToast("Please select a valid folder to delete."); return; } + openDeleteFolderModal(); + }); +}); + +/* ---------------------- + Global key & minor binds +----------------------*/ +document.addEventListener("keydown", function (e) { + const tag = e.target.tagName ? e.target.tagName.toLowerCase() : ""; + if (tag === "input" || tag === "textarea" || (e.target && e.target.isContentEditable)) return; + if (e.key === "Delete" || e.key === "Backspace" || e.keyCode === 46 || e.keyCode === 8) { + if (window.currentFolder && window.currentFolder !== "root") { + e.preventDefault(); + openDeleteFolderModal(); + } + } +}); +document.addEventListener("DOMContentLoaded", function () { + const shareFolderBtn = document.getElementById("shareFolderBtn"); + if (shareFolderBtn) { + shareFolderBtn.addEventListener("click", () => { + const selectedFolder = window.currentFolder || "root"; + if (!selectedFolder || selectedFolder === "root") { showToast("Please select a valid folder to share."); return; } + openFolderShareModal(selectedFolder); + }); + } + const colorFolderBtn = document.getElementById("colorFolderBtn"); + if (colorFolderBtn) { + colorFolderBtn.addEventListener("click", () => { + const selectedFolder = window.currentFolder || "root"; + if (!selectedFolder || selectedFolder === "root") { showToast(t('please_select_valid_folder') || "Please select a valid folder."); return; } + openColorFolderModal(selectedFolder); + }); + } +}); + +// Initial context menu delegation bind +bindFolderManagerContextMenu(); diff --git a/public/js/i18n.js b/public/js/i18n.js index cfc49a1..8065059 100644 --- a/public/js/i18n.js +++ b/public/js/i18n.js @@ -318,7 +318,19 @@ const translations = { "reset_default": "Reset", "save_color": "Save", "folder_color_saved": "Folder color saved.", - "folder_color_cleared": "Folder color reset." + "folder_color_cleared": "Folder color reset.", + "load_more": "Load more", + "loading": "Loading...", + "no_access": "You do not have access to this resource.", + "please_select_valid_folder": "Please select a valid folder.", + "folder_help_click_view": "Click a folder in the tree to view its files.", + "folder_help_expand_chevrons": "Use chevrons to expand/collapse. Locked folders (padlock) can expand but can’t be opened.", + "folder_help_context_menu": "Right-click a folder for quick actions: Create, Move, Rename, Share, Color, Delete.", + "folder_help_drag_drop": "Drag a folder onto another folder or a breadcrumb to move it.", + "folder_help_load_more": "For long lists, click “Load more” to fetch the next page of folders.", + "folder_help_last_folder": "Your last opened folder is remembered. If you lose access, we pick the first allowed folder automatically.", + "folder_help_breadcrumbs": "Use the breadcrumb to jump up the path. You can also drop onto a breadcrumb.", + "folder_help_permissions": "Buttons enable/disable based on your permissions for the selected folder." }, es: { "please_log_in_to_continue": "Por favor, inicie sesión para continuar.", diff --git a/src/controllers/FolderController.php b/src/controllers/FolderController.php index d561301..11af0bd 100644 --- a/src/controllers/FolderController.php +++ b/src/controllers/FolderController.php @@ -6,6 +6,7 @@ require_once PROJECT_ROOT . '/src/models/FolderModel.php'; require_once PROJECT_ROOT . '/src/models/UserModel.php'; require_once PROJECT_ROOT . '/src/lib/ACL.php'; require_once PROJECT_ROOT . '/src/models/FolderMeta.php'; +require_once PROJECT_ROOT . '/src/lib/FS.php'; class FolderController { @@ -31,6 +32,10 @@ class FolderController return $headers; } + public static function listChildren(string $folder, string $user, array $perms, ?string $cursor = null, int $limit = 500): array { + return FolderModel::listChildren($folder, $user, $perms, $cursor, $limit); + } + /** Stats for a folder (currently: empty/non-empty via folders/files counts). */ public static function stats(string $folder, string $user, array $perms): array { @@ -38,6 +43,161 @@ class FolderController return FolderModel::countVisible($folder, $user, $perms); } + /** Capabilities for UI buttons/menus (unchanged semantics; just centralized). */ + public static function capabilities(string $folder, string $username): array + { + $folder = ACL::normalizeFolder($folder); + $perms = self::loadPermsFor($username); + + $isAdmin = ACL::isAdmin($perms); + $folderOnly = self::boolFrom($perms, 'folderOnly','userFolderOnly','UserFolderOnly'); + $readOnly = !empty($perms['readOnly']); + $disableUpload = !empty($perms['disableUpload']); + + $isOwner = ACL::isOwner($username, $perms, $folder); + + $inScope = self::inUserFolderScope($folder, $username, $perms, $isAdmin, $folderOnly); + + $canViewBase = $isAdmin || ACL::canRead($username, $perms, $folder); + $canViewOwn = $isAdmin || ACL::canReadOwn($username, $perms, $folder); + $canShareBase = $isAdmin || ACL::canShare($username, $perms, $folder); + + $gCreateBase = $isAdmin || ACL::canCreate($username, $perms, $folder); + $gRenameBase = $isAdmin || ACL::canRename($username, $perms, $folder); + $gDeleteBase = $isAdmin || ACL::canDelete($username, $perms, $folder); + $gMoveBase = $isAdmin || ACL::canMove($username, $perms, $folder); + $gUploadBase = $isAdmin || ACL::canUpload($username, $perms, $folder); + $gEditBase = $isAdmin || ACL::canEdit($username, $perms, $folder); + $gCopyBase = $isAdmin || ACL::canCopy($username, $perms, $folder); + $gExtractBase = $isAdmin || ACL::canExtract($username, $perms, $folder); + $gShareFile = $isAdmin || ACL::canShareFile($username, $perms, $folder); + $gShareFolder = $isAdmin || ACL::canShareFolder($username, $perms, $folder); + + $canView = $canViewBase && $inScope; + + $canUpload = $gUploadBase && !$readOnly && !$disableUpload && $inScope; + $canCreate = $gCreateBase && !$readOnly && $inScope; + $canRename = $gRenameBase && !$readOnly && $inScope; + $canDelete = $gDeleteBase && !$readOnly && $inScope; + $canDeleteFile = $gDeleteBase && !$readOnly && $inScope; + + $canDeleteFolder = !$readOnly && $inScope && ( + $isAdmin || + $isOwner || + ACL::canManage($username, $perms, $folder) || + $gDeleteBase // if your ACL::canDelete should also allow folder deletes + ); + + $canReceive = ($gUploadBase || $gCreateBase || $isAdmin) && !$readOnly && !$disableUpload && $inScope; + $canMoveIn = $canReceive; + + $canEdit = $gEditBase && !$readOnly && $inScope; + $canCopy = $gCopyBase && !$readOnly && $inScope; + $canExtract = $gExtractBase && !$readOnly && $inScope; + + $canShareEff = $canShareBase && $inScope; + $canShareFile = $gShareFile && $inScope; + $canShareFold = $gShareFolder && $inScope; + + $isRoot = ($folder === 'root'); + $canMoveFolder = false; + if ($isRoot) { + $canRename = false; + $canDelete = false; + $canShareFold = false; + } else { + $canMoveFolder = (ACL::canManage($username, $perms, $folder) || ACL::isOwner($username, $perms, $folder)) + && !$readOnly; + } + + $owner = null; + try { if (class_exists('FolderModel') && method_exists('FolderModel','getOwnerFor')) $owner = FolderModel::getOwnerFor($folder); } catch (\Throwable $e) {} + + return [ + 'user' => $username, + 'folder' => $folder, + 'isAdmin' => $isAdmin, + 'flags' => [ + 'folderOnly' => $folderOnly, + 'readOnly' => $readOnly, + 'disableUpload' => $disableUpload, + ], + 'owner' => $owner, + + 'canView' => $canView, + 'canViewOwn' => $canViewOwn, + + 'canUpload' => $canUpload, + 'canCreate' => $canCreate, + 'canRename' => $canRename, + 'canDelete' => $canDeleteFile, + 'canDeleteFolder' => $canDeleteFolder, + + 'canMoveIn' => $canMoveIn, + 'canMove' => $canMoveIn, // legacy alias + 'canMoveFolder' => $canMoveFolder, + + 'canEdit' => $canEdit, + 'canCopy' => $canCopy, + 'canExtract' => $canExtract, + + 'canShare' => $canShareEff, // legacy umbrella + 'canShareFile' => $canShareFile, + 'canShareFolder' => $canShareFold, + ]; + } + + /* --------------------------- + Private helpers (caps) + ----------------------------*/ + private static function loadPermsFor(string $u): array { + try { + if (function_exists('loadUserPermissions')) { + $p = loadUserPermissions($u); + return is_array($p) ? $p : []; + } + if (class_exists('userModel') && method_exists('userModel', 'getUserPermissions')) { + $all = userModel::getUserPermissions(); + if (is_array($all)) { + if (isset($all[$u])) return (array)$all[$u]; + $lk = strtolower($u); + if (isset($all[$lk])) return (array)$all[$lk]; + } + } + } catch (\Throwable $e) {} + return []; + } + + private static function boolFrom(array $a, string ...$keys): bool { + foreach ($keys as $k) if (!empty($a[$k])) return true; + return false; + } + + private static function isOwnerOrAncestorOwner(string $user, array $perms, string $folder): bool { + $f = ACL::normalizeFolder($folder); + if (ACL::isOwner($user, $perms, $f)) return true; + while ($f !== '' && strcasecmp($f, 'root') !== 0) { + $pos = strrpos($f, '/'); + if ($pos === false) break; + $f = substr($f, 0, $pos); + if ($f === '' || strcasecmp($f, 'root') === 0) break; + if (ACL::isOwner($user, $perms, $f)) return true; + } + return false; + } + + private static function inUserFolderScope(string $folder, string $u, array $perms, bool $isAdmin, bool $folderOnly): bool { + if ($isAdmin) return true; + if (!$folderOnly) return true; // normal users: global scope + + $f = ACL::normalizeFolder($folder); + if ($f === 'root' || $f === '') { + return self::isOwnerOrAncestorOwner($u, $perms, $f); + } + if ($f === $u || str_starts_with($f, $u . '/')) return true; + return self::isOwnerOrAncestorOwner($u, $perms, $f); + } + private static function requireCsrf(): void { self::ensureSession(); @@ -1123,8 +1283,11 @@ class FolderController $map = FolderMeta::getMap(); $out = []; foreach ($map as $folder => $hex) { - $folder = FolderMeta::normalizeFolder($folder); - if (ACL::canRead($user, $perms, $folder)) $out[$folder] = $hex; + $folder = FolderMeta::normalizeFolder((string)$folder); + if ($folder === 'root') continue; // don’t bother exposing root + if (ACL::canRead($user, $perms, $folder) || ACL::canReadOwn($user, $perms, $folder)) { + $out[$folder] = $hex; + } } echo json_encode($out, JSON_UNESCAPED_SLASHES); } @@ -1153,21 +1316,29 @@ class FolderController $body = json_decode(file_get_contents('php://input') ?: "{}", true) ?: []; $folder = FolderMeta::normalizeFolder((string)($body['folder'] ?? 'root')); - $color = isset($body['color']) ? (string)$body['color'] : ''; + $raw = array_key_exists('color', $body) ? (string)$body['color'] : ''; - // Treat “customize color” as rename-level capability (your convention) - if (!ACL::canRename($user, $perms, $folder)) { + if ($folder === 'root') { + http_response_code(400); + echo json_encode(['error' => 'Cannot set color on root']); + return; + } + + // >>> Require canEdit (not canRename) <<< + if (!ACL::canEdit($user, $perms, $folder) && !ACL::isAdmin($perms)) { http_response_code(403); echo json_encode(['error' => 'Forbidden']); return; } try { - $res = FolderMeta::setColor($folder, $color === '' ? null : $color); + // empty string clears; non-empty must be valid #RGB or #RRGGBB + $hex = ($raw === '') ? null : FolderMeta::normalizeHex($raw); + $res = FolderMeta::setColor($folder, $hex); echo json_encode(['success' => true] + $res, JSON_UNESCAPED_SLASHES); } catch (\InvalidArgumentException $e) { http_response_code(400); - echo json_encode(['error' => $e->getMessage()]); + echo json_encode(['error' => 'Invalid color']); } } diff --git a/src/controllers/MediaController.php b/src/controllers/MediaController.php index ff5f201..297e19f 100644 --- a/src/controllers/MediaController.php +++ b/src/controllers/MediaController.php @@ -44,9 +44,6 @@ class MediaController $f = trim((string)$f); return ($f==='' || strtolower($f)==='root') ? 'root' : $f; } - private function validFolder($f): bool { - return $f==='root' || (bool)preg_match(REGEX_FOLDER_NAME, $f); - } private function validFile($f): bool { $f = basename((string)$f); return $f !== '' && (bool)preg_match(REGEX_FILE_NAME, $f); @@ -56,6 +53,24 @@ class MediaController return ACL::canRead($username, $perms, $folder) ? null : "Forbidden"; } + private function validFolder($f): bool { + if ($f === 'root') return true; + // Validate per-segment against your REGEX_FOLDER_NAME + $parts = array_filter(explode('/', (string)$f), fn($p) => $p !== ''); + if (!$parts) return false; + foreach ($parts as $seg) { + if (!preg_match(REGEX_FOLDER_NAME, $seg)) return false; + } + return true; + } + + /** “View” means read OR read_own */ + private function canViewFolder(string $folder, string $username): bool { + $perms = loadUserPermissions($username) ?: []; + return ACL::canRead($username, $perms, $folder) + || ACL::canReadOwn($username, $perms, $folder); + } + /** POST /api/media/updateProgress.php */ public function updateProgress(): void { $this->jsonStart(); @@ -67,15 +82,15 @@ class MediaController $d = $this->readJson(); $folder = $this->normalizeFolder($d['folder'] ?? 'root'); $file = (string)($d['file'] ?? ''); - $seconds = isset($d['seconds']) ? floatval($d['seconds']) : 0.0; - $duration = isset($d['duration']) ? floatval($d['duration']) : null; + $seconds = isset($d['seconds']) ? (float)$d['seconds'] : 0.0; + $duration = isset($d['duration']) ? (float)$d['duration'] : null; $completed = isset($d['completed']) ? (bool)$d['completed'] : null; - $clear = isset($d['clear']) ? (bool)$d['clear'] : false; + $clear = !empty($d['clear']); if (!$this->validFolder($folder) || !$this->validFile($file)) { $this->out(['error'=>'Invalid folder/file'], 400); return; } - if ($this->enforceRead($folder, $u)) { $this->out(['error'=>'Forbidden'], 403); return; } + if (!$this->canViewFolder($folder, $u)) { $this->out(['error'=>'Forbidden'], 403); return; } if ($clear) { $ok = MediaModel::clearProgress($u, $folder, $file); @@ -102,7 +117,7 @@ class MediaController if (!$this->validFolder($folder) || !$this->validFile($file)) { $this->out(['error'=>'Invalid folder/file'], 400); return; } - if ($this->enforceRead($folder, $u)) { $this->out(['error'=>'Forbidden'], 403); return; } + if (!$this->canViewFolder($folder, $u)) { $this->out(['error'=>'Forbidden'], 403); return; } $row = MediaModel::getProgress($u, $folder, $file); $this->out(['state'=>$row]); @@ -123,7 +138,12 @@ class MediaController if (!$this->validFolder($folder)) { $this->out(['error'=>'Invalid folder'], 400); return; } - if ($this->enforceRead($folder, $u)) { $this->out(['error'=>'Forbidden'], 403); return; } + + // Soft-fail for restricted users: avoid noisy console 403s + if (!$this->canViewFolder($folder, $u)) { + $this->out(['map' => []]); // 200 OK, no leakage + return; + } $map = MediaModel::getFolderMap($u, $folder); $this->out(['map'=>$map]); diff --git a/src/lib/FS.php b/src/lib/FS.php new file mode 100644 index 0000000..1091edd --- /dev/null +++ b/src/lib/FS.php @@ -0,0 +1,87 @@ + 0 && $len <= 255; + } + + /** realpath($p) and ensure it remains inside $base (defends symlink escape). */ + public static function safeReal(string $baseReal, string $p): ?string { + $rp = realpath($p); + if ($rp === false) return null; + $base = rtrim($baseReal, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; + $rp2 = rtrim($rp, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; + if (strpos($rp2, $base) !== 0) return null; + return rtrim($rp, DIRECTORY_SEPARATOR); + } + + /** + * Small bounded DFS to learn if an unreadable folder has any readable descendant (for “locked” rows). + * $maxDepth intentionally small to avoid expensive scans. + */ + public static function hasReadableDescendant( + string $baseReal, + string $absPath, + string $relPath, + string $user, + array $perms, + int $maxDepth = 2 + ): bool { + if ($maxDepth <= 0 || !is_dir($absPath)) return false; + + $IGNORE = self::IGNORE(); + $SKIP = self::SKIP(); + + $items = @scandir($absPath) ?: []; + foreach ($items as $child) { + if ($child === '.' || $child === '..') continue; + if ($child[0] === '.') continue; + if (in_array($child, $IGNORE, true)) continue; + if (!self::isSafeSegment($child)) continue; + + $lower = strtolower($child); + if (in_array($lower, $SKIP, true)) continue; + + $abs = $absPath . DIRECTORY_SEPARATOR . $child; + if (!@is_dir($abs)) continue; + + // Resolve symlink safely + if (@is_link($abs)) { + $safe = self::safeReal($baseReal, $abs); + if ($safe === null || !is_dir($safe)) continue; + $abs = $safe; + } + + $rel = ($relPath === 'root') ? $child : ($relPath . '/' . $child); + + if (ACL::canRead($user, $perms, $rel) || ACL::canReadOwn($user, $perms, $rel)) { + return true; + } + if ($maxDepth > 1 && self::hasReadableDescendant($baseReal, $abs, $rel, $user, $perms, $maxDepth - 1)) { + return true; + } + } + return false; + } +} \ No newline at end of file diff --git a/src/models/FolderModel.php b/src/models/FolderModel.php index 1795462..e920db8 100644 --- a/src/models/FolderModel.php +++ b/src/models/FolderModel.php @@ -3,6 +3,7 @@ require_once PROJECT_ROOT . '/config/config.php'; require_once PROJECT_ROOT . '/src/lib/ACL.php'; +require_once PROJECT_ROOT . '/src/lib/FS.php'; class FolderModel { @@ -10,44 +11,228 @@ class FolderModel * Ownership mapping helpers (stored in META_DIR/folder_owners.json) * ============================================================ */ - public static function countVisible(string $folder, string $user, array $perms): array - { - // Normalize - $folder = ACL::normalizeFolder($folder); - - // ACL gate: if you can’t read, report empty (no leaks) - if (!$user || !ACL::canRead($user, $perms, $folder)) { - return ['folders' => 0, 'files' => 0]; - } - - // Resolve paths under UPLOAD_DIR - $root = rtrim((string)UPLOAD_DIR, '/\\'); - $path = ($folder === 'root') ? $root : ($root . '/' . $folder); - - $realRoot = @realpath($root); - $realPath = @realpath($path); - if ($realRoot === false || $realPath === false || strpos($realPath, $realRoot) !== 0) { - return ['folders' => 0, 'files' => 0]; - } - - // Count quickly, skipping UI-internal dirs - $folders = 0; $files = 0; - try { - foreach (new DirectoryIterator($realPath) as $f) { - if ($f->isDot()) continue; - $name = $f->getFilename(); - if ($name === 'trash' || $name === 'profile_pics') continue; - - if ($f->isDir()) $folders++; else $files++; - if ($folders > 0 || $files > 0) break; // short-circuit: we only care if empty vs not - } - } catch (\Throwable $e) { - // Stay quiet + safe - $folders = 0; $files = 0; - } - - return ['folders' => $folders, 'files' => $files]; - } + public static function countVisible(string $folder, string $user, array $perms): array + { + $folder = ACL::normalizeFolder($folder); + + // If the user can't view this folder at all, short-circuit (admin/read/read_own) + $canViewFolder = ACL::isAdmin($perms) + || ACL::canRead($user, $perms, $folder) + || ACL::canReadOwn($user, $perms, $folder); + if (!$canViewFolder) return ['folders' => 0, 'files' => 0]; + + $base = realpath((string)UPLOAD_DIR); + if ($base === false) return ['folders' => 0, 'files' => 0]; + + // Resolve target dir + ACL-relative prefix + if ($folder === 'root') { + $dir = $base; + $relPrefix = ''; + } else { + $parts = array_filter(explode('/', $folder), fn($p) => $p !== ''); + foreach ($parts as $seg) { + if (!self::isSafeSegment($seg)) return ['folders' => 0, 'files' => 0]; + } + $guess = $base . DIRECTORY_SEPARATOR . implode(DIRECTORY_SEPARATOR, $parts); + $dir = self::safeReal($base, $guess); + if ($dir === null || !is_dir($dir)) return ['folders' => 0, 'files' => 0]; + $relPrefix = implode('/', $parts); + } + + // Ignore lists (expandable) + $IGNORE = ['@eaDir', '#recycle', '.DS_Store', 'Thumbs.db']; + $SKIP = ['trash', 'profile_pics']; + + $entries = @scandir($dir); + if ($entries === false) return ['folders' => 0, 'files' => 0]; + + $hasChildFolder = false; + $hasFile = false; + + // Cap scanning to avoid pathological dirs + $MAX_SCAN = 4000; + $scanned = 0; + + foreach ($entries as $name) { + if (++$scanned > $MAX_SCAN) break; + + if ($name === '.' || $name === '..') continue; + if ($name[0] === '.') continue; + if (in_array($name, $IGNORE, true)) continue; + if (in_array(strtolower($name), $SKIP, true)) continue; + if (!self::isSafeSegment($name)) continue; + + $abs = $dir . DIRECTORY_SEPARATOR . $name; + + if (@is_dir($abs)) { + // Symlink defense on children + if (@is_link($abs)) { + $safe = self::safeReal($base, $abs); + if ($safe === null || !is_dir($safe)) continue; + } + // Only count child dirs the user can view (admin/read/read_own) + $childRel = ($relPrefix === '' ? $name : $relPrefix . '/' . $name); + if ( + ACL::isAdmin($perms) + || ACL::canRead($user, $perms, $childRel) + || ACL::canReadOwn($user, $perms, $childRel) + ) { + $hasChildFolder = true; + } + } elseif (@is_file($abs)) { + // Any file present is enough for the "files" flag once the folder itself is viewable + $hasFile = true; + } + + if ($hasChildFolder && $hasFile) break; // early exit + } + + return [ + 'folders' => $hasChildFolder ? 1 : 0, + 'files' => $hasFile ? 1 : 0, + ]; + } + + /* Helpers (private) */ + private static function isSafeSegment(string $name): bool + { + if ($name === '.' || $name === '..') return false; + if (strpos($name, '/') !== false || strpos($name, '\\') !== false) return false; + if (strpos($name, "\0") !== false) return false; + if (preg_match('/[\x00-\x1F]/u', $name)) return false; + $len = mb_strlen($name); + return $len > 0 && $len <= 255; + } + private static function safeReal(string $baseReal, string $p): ?string + { + $rp = realpath($p); + if ($rp === false) return null; + $base = rtrim($baseReal, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; + $rp2 = rtrim($rp, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR; + if (strpos($rp2, $base) !== 0) return null; + return rtrim($rp, DIRECTORY_SEPARATOR); + } + + public static function listChildren(string $folder, string $user, array $perms, ?string $cursor = null, int $limit = 500): array + { + $folder = ACL::normalizeFolder($folder); + $limit = max(1, min(2000, $limit)); + $cursor = ($cursor !== null && $cursor !== '') ? $cursor : null; + + $baseReal = realpath((string)UPLOAD_DIR); + if ($baseReal === false) return ['items' => [], 'nextCursor' => null]; + + // Resolve target directory + if ($folder === 'root') { + $dirReal = $baseReal; + $relPrefix = 'root'; + } else { + $parts = array_filter(explode('/', $folder), fn($p) => $p !== ''); + foreach ($parts as $seg) { + if (!FS::isSafeSegment($seg)) return ['items'=>[], 'nextCursor'=>null]; + } + $relPrefix = implode('/', $parts); + $dirGuess = $baseReal . DIRECTORY_SEPARATOR . implode(DIRECTORY_SEPARATOR, $parts); + $dirReal = FS::safeReal($baseReal, $dirGuess); + if ($dirReal === null || !is_dir($dirReal)) return ['items'=>[], 'nextCursor'=>null]; + } + + $IGNORE = FS::IGNORE(); + $SKIP = FS::SKIP(); // lowercased names to skip (e.g. 'trash', 'profile_pics') + + $entries = @scandir($dirReal); + if ($entries === false) return ['items'=>[], 'nextCursor'=>null]; + + $rows = []; // each: ['name'=>..., 'locked'=>bool, 'hasSubfolders'=>bool?, 'nonEmpty'=>bool?] + foreach ($entries as $item) { + if ($item === '.' || $item === '..') continue; + if ($item[0] === '.') continue; + if (in_array($item, $IGNORE, true)) continue; + if (!FS::isSafeSegment($item)) continue; + + $lower = strtolower($item); + if (in_array($lower, $SKIP, true)) continue; + + $full = $dirReal . DIRECTORY_SEPARATOR . $item; + if (!@is_dir($full)) continue; + + // Symlink defense + if (@is_link($full)) { + $safe = FS::safeReal($baseReal, $full); + if ($safe === null || !is_dir($safe)) continue; + $full = $safe; + } + + // ACL-relative path (for checks) + $rel = ($relPrefix === 'root') ? $item : $relPrefix . '/' . $item; + $canView = ACL::canRead($user, $perms, $rel) || ACL::canReadOwn($user, $perms, $rel); + $locked = !$canView; + + // ---- quick per-child stats (single-level scan, early exit) ---- + $hasSubs = false; // at least one subdirectory + $nonEmpty = false; // any direct entry (file or folder) + try { + $it = new \FilesystemIterator($full, \FilesystemIterator::SKIP_DOTS); + foreach ($it as $child) { + $name = $child->getFilename(); + if (!$name) continue; + if ($name[0] === '.') continue; + if (!FS::isSafeSegment($name)) continue; + if (in_array(strtolower($name), $SKIP, true)) continue; + + $nonEmpty = true; + + $isDir = $child->isDir(); + if (!$isDir && $child->isLink()) { + $linkReal = FS::safeReal($baseReal, $child->getPathname()); + $isDir = ($linkReal !== null && is_dir($linkReal)); + } + if ($isDir) { $hasSubs = true; break; } // early exit once we know there's a subfolder + } + } catch (\Throwable $e) { + // keep defaults + } + // --------------------------------------------------------------- + + if ($locked) { + // Show a locked row ONLY when this folder has a readable descendant + if (FS::hasReadableDescendant($baseReal, $full, $rel, $user, $perms, 2)) { + $rows[] = [ + 'name' => $item, + 'locked' => true, + 'hasSubfolders' => $hasSubs, // fine to keep structural chevrons + // nonEmpty intentionally omitted for locked nodes + ]; + } + } else { + $rows[] = [ + 'name' => $item, + 'locked' => false, + 'hasSubfolders' => $hasSubs, + 'nonEmpty' => $nonEmpty, + ]; + } + } + + // natural order + cursor pagination + usort($rows, fn($a, $b) => strnatcasecmp($a['name'], $b['name'])); + $start = 0; + if ($cursor !== null) { + $n = count($rows); + for ($i = 0; $i < $n; $i++) { + if (strnatcasecmp($rows[$i]['name'], $cursor) > 0) { $start = $i; break; } + $start = $i + 1; + } + } + $page = array_slice($rows, $start, $limit); + $nextCursor = null; + if ($start + count($page) < count($rows)) { + $last = $page[count($page)-1]; + $nextCursor = $last['name']; + } + + return ['items' => $page, 'nextCursor' => $nextCursor]; + } /** Load the folder → owner map. */ public static function getFolderOwners(): array @@ -213,40 +398,42 @@ class FolderModel // -------- Normalize incoming values (use ONLY the parameters) -------- $folderName = trim((string)$folderName); $parentIn = trim((string)$parent); - + // If the client sent a path in folderName (e.g., "bob/new-sub") and parent is root/empty, // derive parent = "bob" and folderName = "new-sub" so permission checks hit "bob". $normalized = ACL::normalizeFolder($folderName); - if ($normalized !== 'root' && strpos($normalized, '/') !== false && - ($parentIn === '' || strcasecmp($parentIn, 'root') === 0)) { + if ( + $normalized !== 'root' && strpos($normalized, '/') !== false && + ($parentIn === '' || strcasecmp($parentIn, 'root') === 0) + ) { $parentIn = trim(str_replace('\\', '/', dirname($normalized)), '/'); $folderName = basename($normalized); if ($parentIn === '' || strcasecmp($parentIn, 'root') === 0) $parentIn = 'root'; } - + $parent = ($parentIn === '' || strcasecmp($parentIn, 'root') === 0) ? 'root' : $parentIn; $folderName = trim($folderName); - if ($folderName === '') return ['success'=>false, 'error' => 'Folder name required']; - + if ($folderName === '') return ['success' => false, 'error' => 'Folder name required']; + // ACL key for new folder $newKey = ($parent === 'root') ? $folderName : ($parent . '/' . $folderName); - + // -------- Compose filesystem paths -------- $base = rtrim((string)UPLOAD_DIR, "/\\"); $parentRel = ($parent === 'root') ? '' : str_replace('/', DIRECTORY_SEPARATOR, $parent); $parentAbs = $parentRel ? ($base . DIRECTORY_SEPARATOR . $parentRel) : $base; $newAbs = $parentAbs . DIRECTORY_SEPARATOR . $folderName; - + // -------- Exists / sanity checks -------- - if (!is_dir($parentAbs)) return ['success'=>false, 'error' => 'Parent folder does not exist']; - if (is_dir($newAbs)) return ['success'=>false, 'error' => 'Folder already exists']; - + if (!is_dir($parentAbs)) return ['success' => false, 'error' => 'Parent folder does not exist']; + if (is_dir($newAbs)) return ['success' => false, 'error' => 'Folder already exists']; + // -------- Create directory -------- if (!@mkdir($newAbs, 0775, true)) { $err = error_get_last(); - return ['success'=>false, 'error' => 'Failed to create folder' . (!empty($err['message']) ? (': '.$err['message']) : '')]; + return ['success' => false, 'error' => 'Failed to create folder' . (!empty($err['message']) ? (': ' . $err['message']) : '')]; } - + // -------- Seed ACL -------- $inherit = defined('ACL_INHERIT_ON_CREATE') && ACL_INHERIT_ON_CREATE; try { @@ -265,9 +452,9 @@ class FolderModel } catch (Throwable $e) { // Roll back FS if ACL seeding fails @rmdir($newAbs); - return ['success'=>false, 'error' => 'Failed to seed ACL: ' . $e->getMessage()]; + return ['success' => false, 'error' => 'Failed to seed ACL: ' . $e->getMessage()]; } - + return ['success' => true, 'folder' => $newKey]; } @@ -318,7 +505,7 @@ class FolderModel // Validate names (per-segment) foreach ([$oldFolder, $newFolder] as $f) { - $parts = array_filter(explode('/', $f), fn($p)=>$p!==''); + $parts = array_filter(explode('/', $f), fn($p) => $p !== ''); if (empty($parts)) return ["error" => "Invalid folder name(s)."]; foreach ($parts as $seg) { if (!preg_match(REGEX_FOLDER_NAME, $seg)) { @@ -333,7 +520,7 @@ class FolderModel $base = realpath(UPLOAD_DIR); if ($base === false) return ["error" => "Uploads directory not configured correctly."]; - $newParts = array_filter(explode('/', $newFolder), fn($p) => $p!==''); + $newParts = array_filter(explode('/', $newFolder), fn($p) => $p !== ''); $newRel = implode('/', $newParts); $newPath = $base . DIRECTORY_SEPARATOR . implode(DIRECTORY_SEPARATOR, $newParts); @@ -508,7 +695,7 @@ class FolderModel return [ "record" => $record, "folder" => $relative, - "realFolderPath"=> $realFolderPath, + "realFolderPath" => $realFolderPath, "files" => $filesOnPage, "currentPage" => $currentPage, "totalPages" => $totalPages @@ -532,7 +719,7 @@ class FolderModel } $expires = time() + max(1, $expirationSeconds); - $hashedPassword= $password !== "" ? password_hash($password, PASSWORD_DEFAULT) : ""; + $hashedPassword = $password !== "" ? password_hash($password, PASSWORD_DEFAULT) : ""; $shareFile = META_DIR . "share_folder_links.json"; $links = file_exists($shareFile) @@ -560,7 +747,7 @@ class FolderModel // Build URL $https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') - || (($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') === 'https'); + || (($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? '') === 'https'); $scheme = $https ? 'https' : 'http'; $host = $_SERVER['HTTP_HOST'] ?? gethostbyname(gethostname()); $baseUrl = $scheme . '://' . rtrim($host, '/'); @@ -587,7 +774,7 @@ class FolderModel return ["error" => "This share link has expired."]; } - [$realFolderPath, , $err] = self::resolveFolderPath((string)$record['folder'], false); + [$realFolderPath,, $err] = self::resolveFolderPath((string)$record['folder'], false); if ($err || !is_dir($realFolderPath)) { return ["error" => "Shared folder not found."]; } @@ -615,8 +802,26 @@ class FolderModel // Max size & allowed extensions (mirror FileModel’s common types) $maxSize = 50 * 1024 * 1024; // 50 MB $allowedExtensions = [ - 'jpg','jpeg','png','gif','pdf','doc','docx','txt','xls','xlsx','ppt','pptx', - 'mp4','webm','mp3','mkv','csv','json','xml','md' + 'jpg', + 'jpeg', + 'png', + 'gif', + 'pdf', + 'doc', + 'docx', + 'txt', + 'xls', + 'xlsx', + 'ppt', + 'pptx', + 'mp4', + 'webm', + 'mp3', + 'mkv', + 'csv', + 'json', + 'xml', + 'md' ]; $shareFile = META_DIR . "share_folder_links.json"; @@ -655,7 +860,7 @@ class FolderModel // New safe filename $safeBase = preg_replace('/[^A-Za-z0-9_\-\.]/', '_', $uploadedName); - $newFilename= uniqid('', true) . "_" . $safeBase; + $newFilename = uniqid('', true) . "_" . $safeBase; $targetPath = $targetDir . DIRECTORY_SEPARATOR . $newFilename; if (!move_uploaded_file($fileUpload['tmp_name'], $targetPath)) { @@ -697,4 +902,4 @@ class FolderModel file_put_contents($shareFile, json_encode($links, JSON_PRETTY_PRINT), LOCK_EX); return true; } -} \ No newline at end of file +}