Commit Graph
110 Commits
Author SHA1 Message Date
Bharat Mediratta 423daa52d5 Update copyright to 2011. 2011-01-21 23:01:06 -08:00
Bharat Mediratta 92f66058d3 Revert "Warn admins after login if their PHP install has the"
This reverts commit 612ddd7050.
2011-01-08 16:58:52 -08:00
Bharat Mediratta a8b0254e4a Improve the solution for #1545 by sorting the settings menu properly
to be naturally ordered and case insensitive.
2010-12-29 17:31:28 -08:00
Bharat Mediratta 612ddd7050 Warn admins after login if their PHP install has the
session.use_trans_sid feature enabled, since this will cause random
logouts.  Partial fix for #1316.
2010-12-18 11:55:04 -08:00
Bharat Mediratta dbb9b8b1c8 Sort the Admin > Settings menu instead of relying on module activation order.
Requires making Menu::get() return a reference.  Fixes #1545.
2010-12-17 22:19:46 -08:00
Bharat Mediratta 1a0d76c43e When moving a single item, just copy its permissions from its parent
album.  This is totally legal since an items permissions must be the
same as its parent's, and it's much faster for large installs where
a complete recalculation can be very costly.  Should fix #1360.
2010-09-13 22:23:09 -07:00
Bharat Mediratta 19750cb0d5 When deleting items, choose the first *viewable* peer as the album
cover.  Normally, all items are equally viewable, but in our unit
tests we occasionally have the scenario where peers have different
viewability settings which is internally consistent although only
possible if you set the fields manually.
2010-09-13 22:02:19 -07:00
Bharat Mediratta b4fb11f8d5 Only call $theme->item() if we're in a non admin theme. 2010-09-11 21:40:57 -07:00
Bharat Mediratta bfd92ac6f2 Use $theme->item() instead of $theme->item, otherwise
isset($theme->item) may return true even when we don't have an actual
Item_Model in there.
2010-09-11 21:38:46 -07:00
Bharat Mediratta fa1fe47b6a Use the absolute site url when logging out of the admin site else we
wind up with weird url doubling effects.  Fixes ticket #1342.
2010-09-06 22:13:41 -07:00
Bharat Mediratta 23b566e592 One more adjustment for ticket #1216. The packaging process forces
the default email address for admin to be unknown@unknown.com and when
that happens the gallery_event::user_updated() event listener fires
and sets the default values.  This is hard to work around, so let's
just roll with it and use unknown@unknown.com as our default placeholder.

So now, if an admin sets their email address and the current values
are unknown@unknown.com we adopt the admin's email address for the
site's mail_from/reply_to fields.
2010-09-01 23:52:19 -07:00
Bharat Mediratta 7477f0119c Explain wtf we're doing in user_updated. 2010-09-01 23:39:01 -07:00
Tim Almdal 04f6646b06 Hopefully the third and final patch for #1216. Set the default from and reply-to addresses to an empty string. The first time the user model is saved, set the sendmail from and reply-to addresses. Requires an update to gallery version 38. 2010-09-01 23:19:43 -07:00
Tim Almdal 1f621d9827 Refine the patch for #1216. If the admin user changes their email address update the sendmail from and reply_to fields in advanced settings. Also change this if the identity provider has changed. 2010-09-01 21:24:41 -07:00
Bharat Mediratta 04add75f6f Get rid of the move dialog and move option. Instead, replace it with
a call to Organize with the appropriate album open.  I have not yet
figured out how to get the SWF code to highlight the active image, but
that's coming.  Partial fix for #1204.
2010-08-22 00:27:24 -07:00
Bharat Mediratta dfb095a262 Add the ability to replace the source data file in Item_Model::save().
Refactor the rotate code in Quick_Controller to replace the data file,
and then have gallery_event::item_updated_data_file() pick up after
the change is saved, rebuild the image and handle album covers.  This
is much more portable than before and it will allow any mechanism (eg:
REST) to replace the source image.
2010-08-07 22:18:28 -07:00
Bharat Mediratta 9e9eed1187 Oops! Proper fix for #1201. My last fix just redirected back to the
main site, and didn't actually log you out.
2010-07-20 06:42:20 -07:00
Bharat Mediratta 86a91c11cf Redirect users away from admin to the main site if you click logout on
the admin dashboard.

Fixes ticket #1201
2010-07-15 12:51:35 -07:00
Bharat Mediratta fe2881a22a Rename Flash_Uploader to just Uploader. Modules that want to replace
this will just replace the controller.  This makes overriding that
much easier in the future.
2010-07-15 12:37:44 -07:00
Bharat Mediratta eb19192c4e If the target of an item move has no album cover, make the newly moved item the album cover.
Fixes ticket #1196.
2010-07-10 18:51:57 -07:00
Bharat Mediratta b20f9123dc Wrap album deletes in a batch so that we can handle lots of cascading
deletes in bulk.  This lets us avoid the problem where we continually
choose and delete album covers which makes deletes really slow.  It
probably also avoids huge amounts of notification emails (untested).

Fixes ticket #1190.
2010-07-10 18:25:23 -07:00
Bharat Mediratta 307e47c3d0 Pass along the from_id when editing albums in the context menu, and
also pass it along in the form creation code.  This fixes ticket #1183.
2010-07-10 11:45:45 -07:00
Bharat Mediratta 60126adc7e In the site menu, say "Delete album", "Delete photo" or "Delete movie"
as appropriate for the item type.  Fixes ticket #1175.
2010-07-04 20:40:50 -07:00
Bharat Mediratta 0d424a635d When we delete an item, make sure that we scrub it from any other
items that may have it in the album_cover_item_id column.  Fixes ticket #1172.
2010-07-03 14:25:33 -07:00
Bharat Mediratta d82863421d Rename "simple_uploader" to "flash_uploader" to make room for an HTML
uploader.
2010-06-20 21:10:22 -07:00
Bharat Mediratta c026da85cd Use "continue_url" instead of "continue" for consistency with the
reauth code.
2010-06-12 15:10:34 -07:00
Bharat Mediratta 63d95087bf Stop trying to parse the continue url in the logout controller because
it requires us to reproduce a bunch of complex routing logic.
Instead, just have the logout link generating code generate a link
that's visible to guests.
2010-06-12 13:35:12 -07:00
Bharat Mediratta 1d91e1b2dc Don't show the rotate links if the active user can't edit the photo. Fixes ticket #1157. Thanks to psvo. 2010-06-06 23:19:02 -07:00
Bharat Mediratta 1240878df0 Fix-ups for d98b85f7d3
- Pass the CSS selector of the active image in as an arg to site_menu
  so that quick operations know what they're operating on.
- Change the ids from g-{photo,movie}-id to the generic g-item-id
- Initialize ajax handlers for site menu on the photo and movie page
- Drop the movie context menu, it's now in the site menu
2010-05-14 16:55:15 -07:00
Chad Kieffer 163dd0eb93 Merge branch 'master' of github.com:gallery/gallery3 2010-05-14 17:16:22 -06:00
ckieffer d98b85f7d3 Drop context_menu for wind's photo/resize view. Move photo edit options to the site_menu. 2010-05-14 17:14:34 -06:00
Bharat Mediratta 9affa8ebbd Pick a new album cover when the photo that's the current cover is
deleted.  Fixes ticket #1083.
2010-05-10 22:11:59 -07:00
ckieffer 44753c5249 Deleted extra CSS class assignment for context_menu delete option. 2010-05-08 15:05:56 -06:00
Bharat Mediratta 6429110cd0 Merge branch 'master' of git://github.com/fpaterno/gallery3 2010-03-05 21:25:22 -08:00
Bharat Mediratta c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Florent Paterno e4ed7e983d Fix bug #1015 : repeated ids are prohibited 2010-03-01 17:23:56 +01:00
Andy Staudacher 6cbe0f78aa Revert "Fix Kohana's internal cache for Gallery's usage pattern."
This reverts commit 5ddd7c9677.
2010-02-21 21:07:55 -08:00
Andy Staudacher 5ddd7c9677 Fix Kohana's internal cache for Gallery's usage pattern.
Adds a core.internal_cache_read_only config variable to Kohana's internals.

Kohana's internal_cache for find_file wasn't working in Gallery because the cache would be emptied on each request after reading it from disk and before most lookups would run.
 1. Bootstrap sets initial core.modules (= include path): forge, kohana23_compat, gallery.
 2. Kohana::setup() loads find_file cache from disk.
 3. Gallery loads list of active modules and themes, and updates the core.modules value (=include path), which forces the internal find_file cache to be empties (which makes sense).
 4. Request processing starts, and thus 80% of all Kohana::find_file() triggered  is_file() invocations start off with an empty find_file cache.

In the case of my small Gallery installation, we're talking about 3100 is_file() invocations per request with or without internal_cache enabled. With this fix, this number is down to 800 invocations.

The basic idea is that we treat the cache as read only and don't write any (possibly dirty) values to it in memory until we're sure that the include path won't change later on in the request processing. Once we know the list of active modules and themes, we can update core.modules and finally flip the read-only state of the cache and start writing to it.
2010-02-21 20:04:06 -08:00
Bharat Mediratta d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Bharat Mediratta 7d98d4b7b9 Revert "Fix for ticket #491: Make user and group names translatable."
This reverts commit 4091219425.
2010-02-18 16:20:59 -08:00
Andy Staudacher 4091219425 Fix for ticket #491: Make user and group names translatable.
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
2010-02-14 19:26:34 -08:00
Andy StaudacherandTim Almdal 2dad1d7cd1 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-14 07:15:57 -08:00
Andy Staudacher f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area.
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
2010-02-07 15:37:32 -08:00
Bharat Mediratta eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta aff5d1cef4 Create the concept of a "failed authentication" as semantically
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
2010-02-07 08:45:10 -08:00
Bharat Mediratta 99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta 2bfcec9620 Prevent brute force login attacks by reducing login attempts to 1 per
minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
2010-01-30 19:48:57 -08:00
Bharat Mediratta 743fbe7696 Add page_type to the rotate and delete context menu items so that the
quick menu knows where to send you after the action is done.
2010-01-28 23:22:38 -08:00
Tim Almdal c51fe96820 Make the varible for the profile name more descriptive and clean the label 2010-01-28 09:27:27 -08:00
Tim Almdal cedbc82dcc Do all the html::clean|purify calls in the views and not the controller. Also clean the subject line and email message body of the contact user email. 2010-01-28 07:44:58 -08:00