stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-07 20:19:20 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Changed access::user_can to force the owner of an item to have

Browse Source 
view permission on the parent. Added a whitelist of allowable
owner permissions.

If the requested permission is view and the user requesting access
is the owner, check that they have view permission to the parent.
This commit is contained in:
Tim Almdal
2009-07-26 09:29:29 -07:00
parent 809e52d80c
commit 0b97cfd6f0
2 changed files with 56 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
modules/gallery/tests/Access_Helper_Test.php
View File

@@ -101,6 +101,48 @@ class Access_Helper_Test extends Unit_Test_Case {
$this->assert_false(access::user_can($user, "view", $item), "Should be unable to view");
}
public function owner_can_view_album_test() {
$user = user::create("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
$user->save();
$root = ORM::factory("item", 1);
$item = album::create($root, rand(), "test album", $user->id);
$this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
}
public function owner_can_view_photo_test() {
$user = user::create("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
$user->save();
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album", $user->id);
$item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
$this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
}
public function owner_cant_view_photo_test() {
$user = user::create("access_test", "Access Test", "");
foreach ($user->groups as $group) {
$user->remove($group);
}
$user->save();
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
access::deny(group::everybody(), "view", $album);
$item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
$this->assert_false(access::user_can($user, "view", $item), "Should not be able to view");
}
public function adding_and_removing_items_adds_ands_removes_rows_test() {
$root = ORM::factory("item", 1);
$item = album::create($root, rand(), "test album");