photo permission denied

[jasoncheng]

currently post step:

1.photo #0 : media/upload (get friendica_preview_url) 2.photo #1 : media/upload (get friendica_preview_url) 3.photo #2 : media/upload (get friendica_preview_url) 4.statuses/update ( append photos url as BBCode to let post support multiple photos)

but, default, media/upload, photo would be private, we need to change permission, otherwise, public status + photos, other friendi.ca servers will got access denied photos )

but [ API: friendica/photo/update ], require photo_id is not step 1. or 2. or 3. media_id, it's a hash id so we need to get hash_id from friendica_preview_url, and call API: friendica/photo/update update one by one , to change allow_gid (empty for public or <1><2> for specific GroupID), meet our need

[jasoncheng]

permission set to right group or public, but still denied ....wanna cry; i won't give up

[jasoncheng]

Disable picture proxy, denied photo gone :)

[fabrixxm]

Disable picture proxy, denied photo gone :)

On which branch of friendica code?

[jasoncheng]

@fabrixxm my branch is latest develop (321c720e5d9c6732e02219d5fa356d90e0caec06)

[fabrixxm]

But the first image in this thread https://meld.de/display/00d81f2c-195c-239a-1482-807701372578 looks like it is in fact private...

the image is https://meld.de/photo/59477711415c239a0ff3012515306320-1.jpg :

(if you are logged on meld.de, try the links in a private window)

The last one in same thread ( https://meld.de/photo/15828470165c239bfc61453052825589-1.png ) is public and it works correctly via proxy ( https://kirgroup.com/proxy/c4/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE1ODI4NDcwMTY1YzIzOWJmYzYxNDUzMDUyODI1NTg5LTEucG5n.png )

[jasoncheng]

@fabrixxm just test again; my server uncheck [Disable picture proxy]

post on meld.de: https://meld.de/display/00d81f2c-165c-23be-99c8-ae8089789820 (public) meld.de photo: https://meld.de/photos/jasoncheng/image/18467922755c23be9523725086232982 (public)

and my server: https://jason.holi.chat/display/00d81f2c-165c-23be-99c8-ae8089789820 my server photo : https://jason.holi.chat/proxy/36/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE4NDY3OTIyNzU1YzIzYmU5NTIzNzI1MDg2MjMyOTgyLTEuanBn.jpg

[jasoncheng]

could be my server issue? if require my server account for debug, i can give it to you @fabrixxm ; BTW, it's holiday, you should take a rest, no need hurry; at least we can just disable it for now.

so system log: (but just notice)

PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 259 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 361 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 361 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 231 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 259 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318 PHP Notice: Undefined index: id in /var/www/html/friendica/src/Worker/Delivery.php on line 318

warning:

PHP Warning: Illegal string offset 'created' in /var/www/html/friendica/src/Worker/Notifier.php on line 148 PHP Notice: Uninitialized string offset: 0 in /var/www/html/friendica/src/Worker/Notifier

.php on line 148

[jasoncheng]

But the first image in this thread https://meld.de/display/00d81f2c-195c-239a-1482-807701372578 looks like it is in fact private...

the image is https://meld.de/photo/59477711415c239a0ff3012515306320-1.jpg :

(if you are logged on meld.de, try the links in a private window)

The last one in same thread ( https://meld.de/photo/15828470165c239bfc61453052825589-1.png ) is public and it works correctly via proxy ( https://kirgroup.com/proxy/c4/aHR0cHM6Ly9NRUxELmRlL3Bob3RvLzE1ODI4NDcwMTY1YzIzOWJmYzYxNDUzMDUyODI1NTg5LTEucG5n.png )

i forget what i done, sorry; so i test it again, logs on https://github.com/jasoncheng/dica/issues/121#issuecomment-450000857

[jasoncheng]

Status Update:

backslash denied photo show again(nosign.png) on post: https://meld.de/display/00d81f2c-185c-2b28-03b5-28d042269572 => public photo, but same network user cannot read image.

as mentions on #issue-394181221, it will set allow_cid, allow_gid, deny_cid, deny_gid to NULL

but Photo.php and Util/Security.php script, will generate sql commend when user is not come from browser

SELECT *  FROM `photo` WHERE `resource-id` LIKE '20657267135c2cc95c60007381438245'
AND scale <= 1 
AND allow_cid = '' AND allow_gid = '' AND deny_cid  = '' AND deny_gid  = ''
ORDER BY `scale`  DESC

so, public photo will return nosign.png

May i create PR on change this [Util/security.php] (https://github.com/friendica/friendica/blob/develop/src/Util/Security.php#L97) to

AND (allow_cid IS NULL OR allow_cid = '') AND (allow_gid IS NULL OR allow_gid = '') ...

[jasoncheng]

and also android client should change image cache policy consider: Cache-Control: no-store, no-cache, must-revalidate;

but...no idea how to did this right now, haha

[fabrixxm]

If access control fields in photo table are null, something is wrong. How do you upload the photos with nulls?

[jasoncheng]

@fabrixxm here: https://github.com/jasoncheng/dica/issues/121#issue-394181221

[fabrixxm]

The issue could be here https://github.com/friendica/friendica/blob/develop/include/api.php#L4119-L4122

If there are no "allow_cid" or any other in POST data, the value is set to null, but it should be set to empty string. I'll send a PR for this...

[jasoncheng]

@fabrixxm thank you so much for doing this 👍

[jasoncheng]

@fabrixxm that would be nice, also support video upload for media/update, haha

[fabrixxm]

meanwhile, a fix compatible with friendica versions before api code fix should to send to api/friendica/photo/create the four parameters (allow_cid, allow_gid, deny_cid, deny_gid) as empty strings

[jasoncheng]

let's do something in android client, before APIs change

[jasoncheng]

at meld.de, that's why backslash, unable to update photo permission (photo not available) but why??

01-07 15:44:55.315 27171 27282 D OkHttp  : --> POST https://meld.de/api/friendica/photo/update http/1.1
01-07 15:44:55.315 27171 27282 D OkHttp  : Content-Type: application/x-www-form-urlencoded
01-07 15:44:55.318 27171 27282 D OkHttp  : Content-Length: 103
01-07 15:44:55.322 27171 27282 D OkHttp  : photo_id=51431188435c3303599dd4f276864210&allow_gid=&deny_gid=&allow_cid=&deny_cid=&album=Wall%20Photos

01-07 15:44:57.862 27171 27282 D OkHttp  : <-- 400  https://meld.de/api/friendica/photo/update (2538ms)
01-07 15:44:57.863 27171 27282 D OkHttp  : date: Mon, 07 Jan 2019 07:44:57 GMT
01-07 15:44:57.863 27171 27282 D OkHttp  : server: Apache
01-07 15:44:57.863 27171 27282 D OkHttp  : expires: Thu, 19 Nov 1981 08:52:00 GMT
01-07 15:44:57.863 27171 27282 D OkHttp  : cache-control: no-store, no-cache, must-revalidate
01-07 15:44:57.863 27171 27282 D OkHttp  : pragma: no-cache
01-07 15:44:57.863 27171 27282 D OkHttp  : x-account-management-status: active; name="Cheng Shihchieh"; id="jasoncheng"
01-07 15:44:57.863 27171 27282 D OkHttp  : strict-transport-security: max-age=10368000; includeSubDomains; preload
01-07 15:44:57.863 27171 27282 D OkHttp  : content-type: application/json
01-07 15:44:57.866 27171 27282 D OkHttp  : {"status":{"error":"photo not available","code":"400 Bad Request","request":"api\/friendica\/photo\/update"}}

[jasoncheng]

it's look like i should use a correct album name instead of [Wall Photos] https://github.com/friendica/friendica/blob/develop/include/api.php#L4151

[jasoncheng]

01-07 16:07:36.113 29808 30093 D OkHttp  : <-- 200  https://meld.de/api/friendica/photo?photo_id=45399971815c3308b9cc131866618518 (2294ms)
01-07 16:07:36.113 29808 30093 D OkHttp  : date: Mon, 07 Jan 2019 08:07:35 GMT
01-07 16:07:36.113 29808 30093 D OkHttp  : server: Apache
01-07 16:07:36.113 29808 30093 D OkHttp  : expires: Thu, 19 Nov 1981 08:52:00 GMT
01-07 16:07:36.113 29808 30093 D OkHttp  : cache-control: no-store, no-cache, must-revalidate
01-07 16:07:36.114 29808 30093 D OkHttp  : pragma: no-cache
01-07 16:07:36.114 29808 30093 D OkHttp  : x-account-management-status: active; name="Cheng Shihchieh"; id="jasoncheng"
01-07 16:07:36.114 29808 30093 D OkHttp  : strict-transport-security: max-age=10368000; includeSubDomains; preload
01-07 16:07:36.114 29808 30093 D OkHttp  : content-type: application/json
01-07 16:07:36.120 29808 30093 D OkHttp  : {"created":"2019-01-07 08:07:21","edited":"2019-01-07 08:07:22","title":"","desc":"","album":"\u5899\u7167\u7247","filename":"DiCa2158657420030402906DiCa4610067424233946836.jpg","type":"image\/jpeg","height":2400,"width":3200,"profile":0,"allow_cid":"<190555>","deny_cid":"","allow_gid":"","deny_gid":"","id":"45399971815c3308b9cc131866618518","link":["https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-0.jpg","https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-1.jpg","https:\/\/MELD.de\/photo\/45399971815c3308b9cc131866618518-2.jpg"],"friendica_activities":{"like":[],"dislike":[],"attendyes":[],"attendno":[],"attendmaybe":[]},"friendica_comments":[],"rights_mismatch":true}

okay, it's work now;

Problem is:

my account on friendica album name is Chines name [牆照片], but [Wall Photos] is DiCa default album name; when setup permission of photo, require correct album name, so it's failure.

Temp solution:

i need to call friendica/photo, to get album name, and call (firendica/photo/update) update permission with correct album name. then, backslash will gone.

if possible API change ? then i can reduce extra API call.

• maybe API return album name, when execute media/upload API
• or friendica/photo/update remove album name condition

[fabrixxm]

mh.. imho, that function is quite a mess..

[jasoncheng]

mh.. imho, that function is quite a mess..

haha, understand :)