Implement handling of special case Dropbox and Upload folders

[rbdr/mobius] / hotline / transaction_handlers.go
diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go

index d7a77e2f58a12aaa19594b3b7bf75ae752fd50f1..c17510a53d214da3c054d322d72704f8cff9ce82 100644 (file)
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -9,6 +9,7 @@ import (
         "io/ioutil"
         "math/big"
         "os"
         "io/ioutil"
         "math/big"
         "os"
+       "path"
         "sort"
         "strings"
         "time"
         "sort"
         "strings"
         "time"
@@ -44,13 +45,10 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Name: "tranNotifyDeleteUser",
         },
         tranAgreed: {
                 Name: "tranNotifyDeleteUser",
         },
         tranAgreed: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranAgreed",
                 Handler: HandleTranAgreed,
         },
         tranChatSend: {
                 Name:    "tranAgreed",
                 Handler: HandleTranAgreed,
         },
         tranChatSend: {
-               Access:  accessSendChat,
-               DenyMsg: "You are not allowed to participate in chat.",
                 Handler: HandleChatSend,
                 Name:    "tranChatSend",
                 RequiredFields: []requiredField{
                 Handler: HandleChatSend,
                 Name:    "tranChatSend",
                 RequiredFields: []requiredField{
@@ -67,20 +65,16 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandleDelNewsArt,
         },
         tranDelNewsItem: {
                 Handler: HandleDelNewsArt,
         },
         tranDelNewsItem: {
-               Access: accessAlwaysAllow, // Granular access enforced inside the handler
                 // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
                 // TODO: Implement inside the handler
                 Name:    "tranDelNewsItem",
                 Handler: HandleDelNewsItem,
         },
         tranDeleteFile: {
                 // Has multiple access flags: News Delete Folder (37) or News Delete Category (35)
                 // TODO: Implement inside the handler
                 Name:    "tranDelNewsItem",
                 Handler: HandleDelNewsItem,
         },
         tranDeleteFile: {
-               Access:  accessAlwaysAllow, // Granular access enforced inside the handler
                 Name:    "tranDeleteFile",
                 Handler: HandleDeleteFile,
         },
         tranDeleteUser: {
                 Name:    "tranDeleteFile",
                 Handler: HandleDeleteFile,
         },
         tranDeleteUser: {
-               Access:  accessDeleteUser,
-               DenyMsg: "You are not allowed to delete accounts.",
                 Name:    "tranDeleteUser",
                 Handler: HandleDeleteUser,
         },
                 Name:    "tranDeleteUser",
                 Handler: HandleDeleteUser,
         },
@@ -109,12 +103,10 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandleGetClientConnInfoText,
         },
         tranGetFileInfo: {
                 Handler: HandleGetClientConnInfoText,
         },
         tranGetFileInfo: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranGetFileInfo",
                 Handler: HandleGetFileInfo,
         },
         tranGetFileNameList: {
                 Name:    "tranGetFileInfo",
                 Handler: HandleGetFileInfo,
         },
         tranGetFileNameList: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranGetFileNameList",
                 Handler: HandleGetFileNameList,
         },
                 Name:    "tranGetFileNameList",
                 Handler: HandleGetFileNameList,
         },
@@ -143,13 +135,11 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandleGetNewsCatNameList,
         },
         tranGetUser: {
                 Handler: HandleGetNewsCatNameList,
         },
         tranGetUser: {
-               Access:  accessOpenUser,
                 DenyMsg: "You are not allowed to view accounts.",
                 Name:    "tranGetUser",
                 Handler: HandleGetUser,
         },
         tranGetUserNameList: {
                 DenyMsg: "You are not allowed to view accounts.",
                 Name:    "tranGetUser",
                 Handler: HandleGetUser,
         },
         tranGetUserNameList: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranHandleGetUserNameList",
                 Handler: HandleGetUserNameList,
         },
                 Name:    "tranHandleGetUserNameList",
                 Handler: HandleGetUserNameList,
         },
@@ -166,17 +156,14 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandleInviteToChat,
         },
         tranJoinChat: {
                 Handler: HandleInviteToChat,
         },
         tranJoinChat: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranJoinChat",
                 Handler: HandleJoinChat,
         },
         tranKeepAlive: {
                 Name:    "tranJoinChat",
                 Handler: HandleJoinChat,
         },
         tranKeepAlive: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranKeepAlive",
                 Handler: HandleKeepAlive,
         },
         tranLeaveChat: {
                 Name:    "tranKeepAlive",
                 Handler: HandleKeepAlive,
         },
         tranLeaveChat: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranJoinChat",
                 Handler: HandleLeaveChat,
         },
                 Name:    "tranJoinChat",
                 Handler: HandleLeaveChat,
         },
@@ -230,14 +217,13 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandlePostNewsArt,
         },
         tranRejectChatInvite: {
                 Handler: HandlePostNewsArt,
         },
         tranRejectChatInvite: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranRejectChatInvite",
                 Handler: HandleRejectChatInvite,
         },
         tranSendInstantMsg: {
                 Access: accessAlwaysAllow,
                 Name:    "tranRejectChatInvite",
                 Handler: HandleRejectChatInvite,
         },
         tranSendInstantMsg: {
                 Access: accessAlwaysAllow,
-               //Access: accessSendPrivMsg,
-               //DenyMsg: "You are not allowed to send private messages",
+               // Access: accessSendPrivMsg,
+               // DenyMsg: "You are not allowed to send private messages",
                 Name:    "tranSendInstantMsg",
                 Handler: HandleSendInstantMsg,
                 RequiredFields: []requiredField{
                 Name:    "tranSendInstantMsg",
                 Handler: HandleSendInstantMsg,
                 RequiredFields: []requiredField{
@@ -251,17 +237,23 @@ var TransactionHandlers = map[uint16]TransactionType{
                 },
         },
         tranSetChatSubject: {
                 },
         },
         tranSetChatSubject: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranSetChatSubject",
                 Handler: HandleSetChatSubject,
         },
                 Name:    "tranSetChatSubject",
                 Handler: HandleSetChatSubject,
         },
+       tranMakeFileAlias: {
+               Name:    "tranMakeFileAlias",
+               Handler: HandleMakeAlias,
+               RequiredFields: []requiredField{
+                       {ID: fieldFileName, minLen: 1},
+                       {ID: fieldFilePath, minLen: 1},
+                       {ID: fieldFileNewPath, minLen: 1},
+               },
+       },
         tranSetClientUserInfo: {
         tranSetClientUserInfo: {
-               Access:  accessAlwaysAllow,
                 Name:    "tranSetClientUserInfo",
                 Handler: HandleSetClientUserInfo,
         },
         tranSetFileInfo: {
                 Name:    "tranSetClientUserInfo",
                 Handler: HandleSetClientUserInfo,
         },
         tranSetFileInfo: {
-               Access:  accessAlwaysAllow, // granular access is in the handler
                 Name:    "tranSetFileInfo",
                 Handler: HandleSetFileInfo,
         },
                 Name:    "tranSetFileInfo",
                 Handler: HandleSetFileInfo,
         },
@@ -272,13 +264,10 @@ var TransactionHandlers = map[uint16]TransactionType{
                 Handler: HandleSetUser,
         },
         tranUploadFile: {
                 Handler: HandleSetUser,
         },
         tranUploadFile: {
-               Access:  accessUploadFile,
-               DenyMsg: "You are not allowed to upload files.",
                 Name:    "tranUploadFile",
                 Handler: HandleUploadFile,
         },
         tranUploadFldr: {
                 Name:    "tranUploadFile",
                 Handler: HandleUploadFile,
         },
         tranUploadFldr: {
-               Access:  accessAlwaysAllow, // TODO: what should this be?
                 Name:    "tranUploadFldr",
                 Handler: HandleUploadFolder,
         },
                 Name:    "tranUploadFldr",
                 Handler: HandleUploadFolder,
         },
@@ -291,6 +280,11 @@ var TransactionHandlers = map[uint16]TransactionType{
  }
  
  func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  }
  
  func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !authorize(cc.Account.Access, accessSendChat) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to participate in chat."))
+               return res, err
+       }
+
         // Truncate long usernames
         trunc := fmt.Sprintf("%13s", cc.UserName)
         formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
         // Truncate long usernames
         trunc := fmt.Sprintf("%13s", cc.UserName)
         formattedMsg := fmt.Sprintf("\r%.14s:  %s", trunc, t.GetField(fieldData).Data)
@@ -346,13 +340,13 @@ func HandleChatSend(cc *ClientConn, t *Transaction) (res []Transaction, err erro
  //     101     Data    Optional
  //     214     Quoting message Optional
  //
  //     101     Data    Optional
  //     214     Quoting message Optional
  //
-//Fields used in the reply:
+// Fields used in the reply:
  // None
  func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         msg := t.GetField(fieldData)
         ID := t.GetField(fieldUserID)
         // TODO: Implement reply quoting
  // None
  func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         msg := t.GetField(fieldData)
         ID := t.GetField(fieldUserID)
         // TODO: Implement reply quoting
-       //options := transaction.GetField(hotline.fieldOptions)
+       // options := transaction.GetField(hotline.fieldOptions)
  
         res = append(res,
                 *NewTransaction(
  
         res = append(res,
                 *NewTransaction(
@@ -366,23 +360,18 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
         )
         id, _ := byteToInt(ID.Data)
  
         )
         id, _ := byteToInt(ID.Data)
  
-       //keys := make([]uint16, 0, len(cc.Server.Clients))
-       //for k := range cc.Server.Clients {
-       //      keys = append(keys, k)
-       //}
-
         otherClient := cc.Server.Clients[uint16(id)]
         if otherClient == nil {
                 return res, errors.New("ohno")
         }
  
         // Respond with auto reply if other client has it enabled
         otherClient := cc.Server.Clients[uint16(id)]
         if otherClient == nil {
                 return res, errors.New("ohno")
         }
  
         // Respond with auto reply if other client has it enabled
-       if len(*otherClient.AutoReply) > 0 {
+       if len(otherClient.AutoReply) > 0 {
                 res = append(res,
                         *NewTransaction(
                                 tranServerMsg,
                                 cc.ID,
                 res = append(res,
                         *NewTransaction(
                                 tranServerMsg,
                                 cc.ID,
-                               NewField(fieldData, *otherClient.AutoReply),
+                               NewField(fieldData, otherClient.AutoReply),
                                 NewField(fieldUserName, otherClient.UserName),
                                 NewField(fieldUserID, *otherClient.ID),
                                 NewField(fieldOptions, []byte{0, 1}),
                                 NewField(fieldUserName, otherClient.UserName),
                                 NewField(fieldUserID, *otherClient.ID),
                                 NewField(fieldOptions, []byte{0, 1}),
@@ -396,16 +385,16 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
  }
  
  func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  }
  
  func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := string(t.GetField(fieldFileName).Data)
-       filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+       fileName := t.GetField(fieldFileName).Data
+       filePath := t.GetField(fieldFilePath).Data
  
  
-       ffo, err := NewFlattenedFileObject(filePath, fileName)
+       ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
                 return res, err
         }
  
         res = append(res, cc.NewReply(t,
         if err != nil {
                 return res, err
         }
  
         res = append(res, cc.NewReply(t,
-               NewField(fieldFileName, []byte(fileName)),
+               NewField(fieldFileName, fileName),
                 NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature),
                 NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature),
                 NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment),
                 NewField(fieldFileTypeString, ffo.FlatFileInformationFork.TypeSignature),
                 NewField(fieldFileCreatorString, ffo.FlatFileInformationFork.CreatorSignature),
                 NewField(fieldFileComment, ffo.FlatFileInformationFork.Comment),
@@ -426,14 +415,24 @@ func HandleGetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
  // * 210       File comment    Optional
  // Fields used in the reply:   None
  func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  // * 210       File comment    Optional
  // Fields used in the reply:   None
  func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := string(t.GetField(fieldFileName).Data)
-       filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
-       //fileComment := t.GetField(fieldFileComment).Data
+       fileName := t.GetField(fieldFileName).Data
+       filePath := t.GetField(fieldFilePath).Data
+
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+       if err != nil {
+               return res, err
+       }
+
+       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, t.GetField(fieldFileNewName).Data)
+       if err != nil {
+               return nil, err
+       }
+
+       // fileComment := t.GetField(fieldFileComment).Data
         fileNewName := t.GetField(fieldFileNewName).Data
  
         if fileNewName != nil {
         fileNewName := t.GetField(fieldFileNewName).Data
  
         if fileNewName != nil {
-               path := filePath + "/" + fileName
-               fi, err := os.Stat(path)
+               fi, err := FS.Stat(fullFilePath)
                 if err != nil {
                         return res, err
                 }
                 if err != nil {
                         return res, err
                 }
@@ -450,9 +449,9 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
                         }
                 }
  
                         }
                 }
  
-               err = os.Rename(filePath+"/"+fileName, filePath+"/"+string(fileNewName))
+               err = os.Rename(fullFilePath, fullNewFilePath)
                 if os.IsNotExist(err) {
                 if os.IsNotExist(err) {
-                       res = append(res, cc.NewErrReply(t, "Cannot rename file "+fileName+" because it does not exist or cannot be found."))
+                       res = append(res, cc.NewErrReply(t, "Cannot rename file "+string(fileName)+" because it does not exist or cannot be found."))
                         return res, err
                 }
         }
                         return res, err
                 }
         }
@@ -467,16 +466,19 @@ func HandleSetFileInfo(cc *ClientConn, t *Transaction) (res []Transaction, err e
  // * 202       File path
  // Fields used in the reply: none
  func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  // * 202       File path
  // Fields used in the reply: none
  func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       fileName := string(t.GetField(fieldFileName).Data)
-       filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+       fileName := t.GetField(fieldFileName).Data
+       filePath := t.GetField(fieldFilePath).Data
  
  
-       path := filePath + fileName
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+       if err != nil {
+               return res, err
+       }
  
  
-       cc.Server.Logger.Debugw("Delete file", "src", path)
+       cc.Server.Logger.Debugw("Delete file", "src", fullFilePath)
  
  
-       fi, err := os.Stat(path)
+       fi, err := os.Stat(fullFilePath)
         if err != nil {
         if err != nil {
-               res = append(res, cc.NewErrReply(t, "Cannot delete file "+fileName+" because it does not exist or cannot be found."))
+               res = append(res, cc.NewErrReply(t, "Cannot delete file "+string(fileName)+" because it does not exist or cannot be found."))
                 return res, nil
         }
         switch mode := fi.Mode(); {
                 return res, nil
         }
         switch mode := fi.Mode(); {
@@ -492,7 +494,7 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
                 }
         }
  
                 }
         }
  
-       if err := os.RemoveAll(path); err != nil {
+       if err := os.RemoveAll(fullFilePath); err != nil {
                 return res, err
         }
  
                 return res, err
         }
  
@@ -503,13 +505,13 @@ func HandleDeleteFile(cc *ClientConn, t *Transaction) (res []Transaction, err er
  // HandleMoveFile moves files or folders. Note: seemingly not documented
  func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         fileName := string(t.GetField(fieldFileName).Data)
  // HandleMoveFile moves files or folders. Note: seemingly not documented
  func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         fileName := string(t.GetField(fieldFileName).Data)
-       filePath :=  cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
-       fileNewPath :=  cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
+       filePath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFilePath).Data)
+       fileNewPath := cc.Server.Config.FileRoot + ReadFilePath(t.GetField(fieldFileNewPath).Data)
  
         cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
  
  
         cc.Server.Logger.Debugw("Move file", "src", filePath+"/"+fileName, "dst", fileNewPath+"/"+fileName)
  
-       path := filePath + "/" + fileName
-       fi, err := os.Stat(path)
+       fp := filePath + "/" + fileName
+       fi, err := os.Stat(fp)
         if err != nil {
                 return res, err
         }
         if err != nil {
                 return res, err
         }
@@ -542,18 +544,33 @@ func HandleMoveFile(cc *ClientConn, t *Transaction) (res []Transaction, err erro
  
  func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         newFolderPath := cc.Server.Config.FileRoot
  
  func HandleNewFolder(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         newFolderPath := cc.Server.Config.FileRoot
+       folderName := string(t.GetField(fieldFileName).Data)
+
+       folderName = path.Join("/", folderName)
  
         // fieldFilePath is only present for nested paths
         if t.GetField(fieldFilePath).Data != nil {
                 var newFp FilePath
  
         // fieldFilePath is only present for nested paths
         if t.GetField(fieldFilePath).Data != nil {
                 var newFp FilePath
-               newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+               err := newFp.UnmarshalBinary(t.GetField(fieldFilePath).Data)
+               if err != nil {
+                       return nil, err
+               }
                 newFolderPath += newFp.String()
         }
                 newFolderPath += newFp.String()
         }
-       newFolderPath += "/" + string(t.GetField(fieldFileName).Data)
+       newFolderPath = path.Join(newFolderPath, folderName)
  
  
-       if err := os.Mkdir(newFolderPath, 0777); err != nil {
-               // TODO: Send error response to client
-               return []Transaction{}, err
+       // TODO: check path and folder name lengths
+
+       if _, err := FS.Stat(newFolderPath); !os.IsNotExist(err) {
+               msg := fmt.Sprintf("Cannot create folder \"%s\" because there is already a file or folder with that name.", folderName)
+               return []Transaction{cc.NewErrReply(t, msg)}, nil
+       }
+
+       // TODO: check for disallowed characters to maintain compatibility for original client
+
+       if err := FS.Mkdir(newFolderPath, 0777); err != nil {
+               msg := fmt.Sprintf("Cannot create folder \"%s\" because an error occurred.", folderName)
+               return []Transaction{cc.NewErrReply(t, msg)}, nil
         }
  
         res = append(res, cc.NewReply(t))
         }
  
         res = append(res, cc.NewReply(t))
@@ -615,16 +632,17 @@ func HandleSetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
                 }
         }
  
                 }
         }
  
-       // TODO: If we have just promoted a connected user to admin, notify
-       // connected clients to turn the user red
-
         res = append(res, cc.NewReply(t))
         return res, err
  }
  
  func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         res = append(res, cc.NewReply(t))
         return res, err
  }
  
  func HandleGetUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       userLogin := string(t.GetField(fieldUserLogin).Data)
-       account := cc.Server.Accounts[userLogin]
+       if !authorize(cc.Account.Access, accessOpenUser) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to view accounts."))
+               return res, err
+       }
+
+       account := cc.Server.Accounts[string(t.GetField(fieldUserLogin).Data)]
         if account == nil {
                 errorT := cc.NewErrReply(t, "Account does not exist.")
                 res = append(res, errorT)
         if account == nil {
                 errorT := cc.NewErrReply(t, "Account does not exist.")
                 res = append(res, errorT)
@@ -677,6 +695,11 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
  }
  
  func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  }
  
  func HandleDeleteUser(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !authorize(cc.Account.Access, accessDeleteUser) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to delete accounts."))
+               return res, err
+       }
+
         // TODO: Handle case where account doesn't exist; e.g. delete race condition
         login := DecodeUserString(t.GetField(fieldUserLogin).Data)
  
         // TODO: Handle case where account doesn't exist; e.g. delete race condition
         login := DecodeUserString(t.GetField(fieldUserLogin).Data)
  
@@ -776,27 +799,9 @@ func HandleGetUserNameList(cc *ClientConn, t *Transaction) (res []Transaction, e
         return res, err
  }
  
         return res, err
  }
  
-func (cc *ClientConn) notifyNewUserHasJoined() (res []Transaction, err error) {
-       // Notify other ccs that a new user has connected
-       cc.NotifyOthers(
-               *NewTransaction(
-                       tranNotifyChangeUser, nil,
-                       NewField(fieldUserName, cc.UserName),
-                       NewField(fieldUserID, *cc.ID),
-                       NewField(fieldUserIconID, *cc.Icon),
-                       NewField(fieldUserFlags, *cc.Flags),
-               ),
-       )
-
-       return res, nil
-}
-
  func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       bs := make([]byte, 2)
-       binary.BigEndian.PutUint16(bs, *cc.Server.NextGuestID)
-
+       cc.Agreed = true
         cc.UserName = t.GetField(fieldUserName).Data
         cc.UserName = t.GetField(fieldUserName).Data
-       *cc.ID = bs
         *cc.Icon = t.GetField(fieldUserIconID).Data
  
         options := t.GetField(fieldOptions).Data
         *cc.Icon = t.GetField(fieldUserIconID).Data
  
         options := t.GetField(fieldOptions).Data
@@ -818,12 +823,20 @@ func HandleTranAgreed(cc *ClientConn, t *Transaction) (res []Transaction, err er
  
         // Check auto response
         if optBitmap.Bit(autoResponse) == 1 {
  
         // Check auto response
         if optBitmap.Bit(autoResponse) == 1 {
-               *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+               cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
         } else {
         } else {
-               *cc.AutoReply = []byte{}
+               cc.AutoReply = []byte{}
         }
  
         }
  
-       _, _ = cc.notifyNewUserHasJoined()
+       cc.notifyOthers(
+               *NewTransaction(
+                       tranNotifyChangeUser, nil,
+                       NewField(fieldUserName, cc.UserName),
+                       NewField(fieldUserID, *cc.ID),
+                       NewField(fieldUserIconID, *cc.Icon),
+                       NewField(fieldUserFlags, *cc.Flags),
+               ),
+       )
  
         res = append(res, cc.NewReply(t))
  
  
         res = append(res, cc.NewReply(t))
  
@@ -979,9 +992,9 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
  
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
  
-       for _, path := range pathStrs {
-               cat = cats[path]
-               cats = cats[path].SubCats
+       for _, fp := range pathStrs {
+               cat = cats[fp]
+               cats = cats[fp].SubCats
         }
  
         nald := cat.GetNewsArtListData()
         }
  
         nald := cat.GetNewsArtListData()
@@ -992,7 +1005,7 @@ func HandleGetNewsArtNameList(cc *ClientConn, t *Transaction) (res []Transaction
  
  func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         // Request fields
  
  func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         // Request fields
-       // 325  News path
+       // 325  News fp
         // 326  News article ID
         // 327  News article data flavor
  
         // 326  News article ID
         // 327  News article data flavor
  
@@ -1001,9 +1014,9 @@ func HandleGetNewsArtData(cc *ClientConn, t *Transaction) (res []Transaction, er
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
  
         var cat NewsCategoryListData15
         cats := cc.Server.ThreadedNews.Categories
  
-       for _, path := range pathStrs {
-               cat = cats[path]
-               cats = cats[path].SubCats
+       for _, fp := range pathStrs {
+               cat = cats[fp]
+               cats = cats[fp].SubCats
         }
         newsArtID := t.GetField(fieldNewsArtID).Data
  
         }
         newsArtID := t.GetField(fieldNewsArtID).Data
  
@@ -1053,8 +1066,8 @@ func HandleDelNewsItem(cc *ClientConn, t *Transaction) (res []Transaction, err e
  
         delName := pathStrs[len(pathStrs)-1]
         if len(pathStrs) > 1 {
  
         delName := pathStrs[len(pathStrs)-1]
         if len(pathStrs) > 1 {
-               for _, path := range pathStrs[0 : len(pathStrs)-1] {
-                       cats = cats[path].SubCats
+               for _, fp := range pathStrs[0 : len(pathStrs)-1] {
+                       cats = cats[fp].SubCats
                 }
         }
  
                 }
         }
  
@@ -1114,7 +1127,7 @@ func HandlePostNewsArt(cc *ClientConn, t *Transaction) (res []Transaction, err e
         newArt := NewsArtData{
                 Title:         string(t.GetField(fieldNewsArtTitle).Data),
                 Poster:        string(cc.UserName),
         newArt := NewsArtData{
                 Title:         string(t.GetField(fieldNewsArtTitle).Data),
                 Poster:        string(cc.UserName),
-               Date:          NewsDate(),
+               Date:          toHotlineTime(time.Now()),
                 PrevArt:       []byte{0, 0, 0, 0},
                 NextArt:       []byte{0, 0, 0, 0},
                 ParentArt:     append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
                 PrevArt:       []byte{0, 0, 0, 0},
                 NextArt:       []byte{0, 0, 0, 0},
                 ParentArt:     append([]byte{0, 0}, t.GetField(fieldNewsArtID).Data...),
@@ -1170,9 +1183,15 @@ func HandleGetMsgs(cc *ClientConn, t *Transaction) (res []Transaction, err error
  
  func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         fileName := t.GetField(fieldFileName).Data
  
  func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         fileName := t.GetField(fieldFileName).Data
-       filePath := ReadFilePath(t.GetField(fieldFilePath).Data)
+       filePath := t.GetField(fieldFilePath).Data
+
+       var fp FilePath
+       err = fp.UnmarshalBinary(filePath)
+       if err != nil {
+               return res, err
+       }
  
  
-       ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot+filePath, string(fileName))
+       ffo, err := NewFlattenedFileObject(cc.Server.Config.FileRoot, filePath, fileName)
         if err != nil {
                 return res, err
         }
         if err != nil {
                 return res, err
         }
@@ -1180,11 +1199,9 @@ func HandleDownloadFile(cc *ClientConn, t *Transaction) (res []Transaction, err
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
-       cc.Server.Logger.Infow("File download", "path", filePath)
-
         ft := &FileTransfer{
                 FileName:        fileName,
         ft := &FileTransfer{
                 FileName:        fileName,
-               FilePath:        []byte(filePath),
+               FilePath:        filePath,
                 ReferenceNumber: transactionRef,
                 Type:            FileDownload,
         }
                 ReferenceNumber: transactionRef,
                 Type:            FileDownload,
         }
@@ -1245,7 +1262,11 @@ func HandleDownloadFolder(cc *ClientConn, t *Transaction) (res []Transaction, er
                 return res, err
         }
  
                 return res, err
         }
  
-       fullFilePath := fmt.Sprintf("%v%v", cc.Server.Config.FileRoot+fp.String(), string(fileTransfer.FileName))
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, t.GetField(fieldFilePath).Data, t.GetField(fieldFileName).Data)
+       if err != nil {
+               return res, err
+       }
+
         transferSize, err := CalcTotalSize(fullFilePath)
         if err != nil {
                 return res, err
         transferSize, err := CalcTotalSize(fullFilePath)
         if err != nil {
                 return res, err
@@ -1274,6 +1295,21 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
+       var fp FilePath
+       if t.GetField(fieldFilePath).Data != nil {
+               if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+                       return res, err
+               }
+       }
+
+       // Handle special cases for Upload and Drop Box folders
+       if !authorize(cc.Account.Access, accessUploadAnywhere) {
+               if !fp.IsUploadDir() && !fp.IsDropbox() {
+                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the folder \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(t.GetField(fieldFileName).Data))))
+                       return res, err
+               }
+       }
+
         fileTransfer := &FileTransfer{
                 FileName:        t.GetField(fieldFileName).Data,
                 FilePath:        t.GetField(fieldFilePath).Data,
         fileTransfer := &FileTransfer{
                 FileName:        t.GetField(fieldFileName).Data,
                 FilePath:        t.GetField(fieldFilePath).Data,
@@ -1288,33 +1324,47 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
         return res, err
  }
  
         return res, err
  }
  
+// HandleUploadFile
+// Special cases:
+// * If the target directory contains "uploads" (case insensitive)
  func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !authorize(cc.Account.Access, accessUploadFile) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
+               return res, err
+       }
+
         fileName := t.GetField(fieldFileName).Data
         filePath := t.GetField(fieldFilePath).Data
  
         fileName := t.GetField(fieldFileName).Data
         filePath := t.GetField(fieldFilePath).Data
  
+       var fp FilePath
+       if filePath != nil {
+               if err = fp.UnmarshalBinary(filePath); err != nil {
+                       return res, err
+               }
+       }
+
+       // Handle special cases for Upload and Drop Box folders
+       if !authorize(cc.Account.Access, accessUploadAnywhere) {
+               if !fp.IsUploadDir() && !fp.IsDropbox() {
+                       res = append(res, cc.NewErrReply(t, fmt.Sprintf("Cannot accept upload of the file \"%v\" because you are only allowed to upload to the \"Uploads\" folder.", string(fileName))))
+                       return res, err
+               }
+       }
+
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
         transactionRef := cc.Server.NewTransactionRef()
         data := binary.BigEndian.Uint32(transactionRef)
  
-       fileTransfer := &FileTransfer{
+       cc.Server.FileTransfers[data] = &FileTransfer{
                 FileName:        fileName,
                 FilePath:        filePath,
                 ReferenceNumber: transactionRef,
                 Type:            FileUpload,
         }
  
                 FileName:        fileName,
                 FilePath:        filePath,
                 ReferenceNumber: transactionRef,
                 Type:            FileUpload,
         }
  
-       cc.Server.FileTransfers[data] = fileTransfer
-
         res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
         return res, err
  }
  
         res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
         return res, err
  }
  
-// User options
-const (
-       refusePM     = 0
-       refuseChat   = 1
-       autoResponse = 2
-)
-
  func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         var icon []byte
         if len(t.GetField(fieldUserIconID).Data) == 4 {
  func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         var icon []byte
         if len(t.GetField(fieldUserIconID).Data) == 4 {
@@ -1332,23 +1382,17 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction,
                 optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
                 flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
  
                 optBitmap := big.NewInt(int64(binary.BigEndian.Uint16(options)))
                 flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(*cc.Flags)))
  
-               // Check refuse private PM option
-               if optBitmap.Bit(refusePM) == 1 {
-                       flagBitmap.SetBit(flagBitmap, userFlagRefusePM, 1)
-                       binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-               }
+               flagBitmap.SetBit(flagBitmap, userFlagRefusePM, optBitmap.Bit(refusePM))
+               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
  
  
-               // Check refuse private chat option
-               if optBitmap.Bit(refuseChat) == 1 {
-                       flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, 1)
-                       binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
-               }
+               flagBitmap.SetBit(flagBitmap, userFLagRefusePChat, optBitmap.Bit(refuseChat))
+               binary.BigEndian.PutUint16(*cc.Flags, uint16(flagBitmap.Int64()))
  
                 // Check auto response
                 if optBitmap.Bit(autoResponse) == 1 {
  
                 // Check auto response
                 if optBitmap.Bit(autoResponse) == 1 {
-                       *cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
+                       cc.AutoReply = t.GetField(fieldAutomaticResponse).Data
                 } else {
                 } else {
-                       *cc.AutoReply = []byte{}
+                       cc.AutoReply = []byte{}
                 }
         }
  
                 }
         }
  
@@ -1364,9 +1408,9 @@ func HandleSetClientUserInfo(cc *ClientConn, t *Transaction) (res []Transaction,
         return res, err
  }
  
         return res, err
  }
  
-// HandleKeepAlive response to keepalive transactions with an empty reply
-// HL 1.9.2 Client sends keepalive msg every 3 minutes
-// HL 1.2.3 Client doesn't send keepalives
+// HandleKeepAlive responds to keepalive transactions with an empty reply
+// * HL 1.9.2 Client sends keepalive msg every 3 minutes
+// * HL 1.2.3 Client doesn't send keepalives
  func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         res = append(res, cc.NewReply(t))
  
  func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
         res = append(res, cc.NewReply(t))
  
@@ -1374,14 +1418,29 @@ func HandleKeepAlive(cc *ClientConn, t *Transaction) (res []Transaction, err err
  }
  
  func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
  }
  
  func HandleGetFileNameList(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
-       filePath := cc.Server.Config.FileRoot
+       fullPath, err := readPath(
+               cc.Server.Config.FileRoot,
+               t.GetField(fieldFilePath).Data,
+               nil,
+       )
+       if err != nil {
+               return res, err
+       }
  
  
-       path := t.GetField(fieldFilePath).Data
-       if len(path) > 0 {
-               filePath = cc.Server.Config.FileRoot + ReadFilePath(path)
+       var fp FilePath
+       if t.GetField(fieldFilePath).Data != nil {
+               if err = fp.UnmarshalBinary(t.GetField(fieldFilePath).Data); err != nil {
+                       return res, err
+               }
         }
  
         }
  
-       fileNames, err := getFileNameList(filePath)
+       // Handle special case for drop box folders
+       if fp.IsDropbox() && !authorize(cc.Account.Access, accessViewDropBoxes) {
+               res = append(res, cc.NewReply(t))
+               return res, err
+       }
+
+       fileNames, err := getFileNameList(fullPath)
         if err != nil {
                 return res, err
         }
         if err != nil {
                 return res, err
         }
@@ -1578,3 +1637,41 @@ func HandleSetChatSubject(cc *ClientConn, t *Transaction) (res []Transaction, er
  
         return res, err
  }
  
         return res, err
  }
+
+// HandleMakeAlias makes a file alias using the specified path.
+// Fields used in the request:
+// 201 File name
+// 202 File path
+// 212 File new path   Destination path
+//
+// Fields used in the reply:
+// None
+func HandleMakeAlias(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       if !authorize(cc.Account.Access, accessMakeAlias) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to make aliases."))
+               return res, err
+       }
+       fileName := t.GetField(fieldFileName).Data
+       filePath := t.GetField(fieldFilePath).Data
+       fileNewPath := t.GetField(fieldFileNewPath).Data
+
+       fullFilePath, err := readPath(cc.Server.Config.FileRoot, filePath, fileName)
+       if err != nil {
+               return res, err
+       }
+
+       fullNewFilePath, err := readPath(cc.Server.Config.FileRoot, fileNewPath, fileName)
+       if err != nil {
+               return res, err
+       }
+
+       cc.Server.Logger.Debugw("Make alias", "src", fullFilePath, "dst", fullNewFilePath)
+
+       if err := FS.Symlink(fullFilePath, fullNewFilePath); err != nil {
+               res = append(res, cc.NewErrReply(t, "Error creating alias"))
+               return res, nil
+       }
+
+       res = append(res, cc.NewReply(t))
+       return res, err
+}