stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-19 19:09:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,803 Commits 4 Branches 0 Tags
058a84ed76df96aeb6ec082d16fe0d8f317faac2
Commit Graph

153 Commits

Author SHA1 Message Date
Bharat Mediratta
057e8d09af Convert a bunch of leftover kohana::show_404 calls to throw 
Kohana_404_Exception instead.  These are the ones where we used a
lower-case 'k' so my previous filter didn't catch it.
 2009-12-23 20:51:33 -08:00
Bharat Mediratta
0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
6bdb8c3d55 Correct inconsistent captialization. Fixes #906 2009-11-21 09:36:19 -08:00
Bharat Mediratta
1067e68292 Redesign the way that we consider page types to create buckets of page 
types, and a subtype for specifics.  Currently the top level bucket

   collection, item, other

Here are the core subtypes so far:

   collection: album, search, tag
   item: movie, photo
   other: login, reset, comment-fragment, comment

It's legal to create new page_subtypes whenever you want.  Use the
appropriate page_type to get the coarse grain behavior that you want.
 2009-11-17 14:04:45 -08:00
Chad Kieffer
dbe6476255 Remove width class from add group form, it sizes the form's elements, not the form itself. 2009-11-06 20:26:09 -07:00
Tim Almdal
1c428df9e0 Revert "Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag." 
This reverts commit 04bf50bfb4.
 2009-10-31 16:16:47 -07:00
Tim Almdal
ddf8734a41 Caught a few more incorrect capitalizations. 2009-10-30 08:33:31 -07:00
Tim Almdal
04bf50bfb4 Use an event 'check_user_name_exists' to validate the input name is already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag. 2009-10-29 17:09:01 -07:00
Tim Almdal
3b4a64c698 Check the minimum length when adding or modifying users via the admin screen. 2009-10-27 14:21:59 -07:00
Tim Almdal
1347a30050 Add a password strength meter. 2009-10-27 12:23:48 -07:00
Tim Almdal
156a99beef Set the minimum password length to 5. The gallery owner can change this in the advance settings. 2009-10-27 10:13:52 -07:00
Tim Almdal
2dcd8f8a25 When we are changing the password using the change password from as part of the password reset, the input value is in the post[hash] variable as opposed to the get(key) value. This should fix ticket #850. 2009-10-27 07:35:28 -07:00
Tim Almdal
0a6b540092 Merge branch 'master' into talmdal_dev 
Conflicts:
	modules/server_add/helpers/server_add_theme.php
 2009-10-24 07:28:22 -07:00
Chad Kieffer
3814186592 Created user.css. Moved user-related form css to the new sheet. 2009-10-23 22:25:36 -06:00
Tim Almdal
2e998664d5 move controllers and views to the user module to make the Identity Provider refactor smaller 2009-10-23 09:23:02 -07:00
Tim Almdal
3c936d661a Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class 2009-10-22 13:11:03 -07:00
Tim Almdal
098b57bf18 Simplify the user interface by moving the password reset functionality into the user module 
Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names.
Make sure all the unit tests work.
 2009-10-19 12:53:44 -07:00
Tim Almdal
78ee4193b7 Remove all non Identity API methods from Identity.php. Created an MY_Session class to provide the user state changes in the session and a login.php helper that has the login form. 2009-10-16 10:06:58 -07:00
Tim Almdal
bc241e44c2 Cleanup merge of user/group helpers into Identity interface. Reduce redundant code in the user module and remove references to the Identity helper from the user module as the user module should be able to access things directly. Simplify the get_user_list api method to just accept an array of ids to return user objects for. 2009-10-16 08:55:26 -07:00
Tim Almdal
00eacd659f Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module. 2009-10-16 08:53:31 -07:00
Tim Almdal
be6765336e Finish integrating the move of the user edit/update functions into the user module. The premise is that the plugable user module will provide the update screens if the user backend supports updates. 2009-10-16 08:53:30 -07:00
Tim Almdal
7e4c0e7135 Merge branch 'master' into talmdal_dev 2009-10-15 09:05:44 -07:00
Tim Almdal
f5dd8d487e Move all the edit/update forms for users and groups back to the user module. 2009-10-15 08:56:31 -07:00
Tim Almdal
1ca835cea7 Merge branch 'master' into talmdal_dev 2009-10-15 07:58:46 -07:00
Tim Almdal
0d5d4c81bc Move the ui for user adminsitration back to the user module. 2009-10-14 21:20:30 -07:00
Tim Almdal
2af4806011 Refactor the ui component of the user module into the gallery core module. 2009-10-13 13:19:17 -07:00
Tim Almdal
00ee91837f Convert direct lookups for the user table using ORM to using the user::lookup_by_name and user_lookup API methods. 
Convert the Admin_User controller
Convert the login and password change controller
Change the item model to call user::lookup to get the owner.
On the log model, delete the relationship between the log and user table, and replace with a
call to user::lookup
(cherry picked from commit 194cc3b27a)
Create the get_user_list, lookup_by_name, lookup_by_hash and get_group_list api functions
 2009-10-09 01:26:35 -07:00
Tim Almdal
f67bfd0992 Change the users.php controller so its no longer restful. The problem with our approach to restfulness is that it assumes that the resource will be found in the gallery database. It may well be there, but in the case of using plugable drivers for users management, there are no guarantees that it is in our database or it could be in a ldap directory. So it was just easier to remove the restfulness and just call user::lookup instead. 
(cherry picked from commit b3211cb2a8)
 2009-10-08 23:22:07 -07:00
Tim Almdal
7f38d6ff29 Change the focus of the user module from providing user/group management to providing the default Identity implementation. 
* Remove the user_event callbacks and move them to the gallery_event callbacks. This will insure that the active user is always loaded (because the gallery callbacks are always called first) to its available to other gallery_ready handlers.  Moved the method set_request_locale to the locales helper as it is more related to locales.
* Move the user controllers and views into the gallery module.
* Move the theme and block processing out of the user module and into core.
 2009-10-06 18:30:12 -07:00
Tim Almdal
8285cd58e2 Handle the filters on Identity/Gallery::list_users and Identity/Gallery::list_groups 2009-10-05 18:10:39 -07:00
Tim Almdal
194cc3b27a First pass on converting calls to the Identity interface. Will worry about writes and saves later. 
Convert the Admin_User controller
Convert the login and password change controller
Change the item model to call user::lookup to get the owner.
On the log model, delete the relationship between the log and user table, and replace with a
call to user::lookup
 2009-10-05 16:28:16 -07:00
Chad Kieffer
3e6ba7acc3 Renamed most, if not all css selectors from gName to g-name. Moved a few shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features. 2009-10-04 00:27:22 -06:00
Andy Staudacher
e168e0dfae CSRF / auth fixes, golden data file checkpoint 2009-09-15 21:50:48 -07:00
Bharat Mediratta
7fddd2aced Use abs_url() inside url::redirect() calls so that we don't just wind 
up tacking onto the base url.
 2009-09-10 21:31:50 -07:00
Bharat Mediratta
2aad580f53 Move specialized (pretty) url generation back into Item_Model so that 
we're not relying on overriding url::site() to do tricks around item
urls.  This means that you won't get item urls by doing
url::site("albums/37"), for example, but it also means that we won't
get pretty urls where we don't expect them (like in the action of a
<form> element).

Incidentally, this will help us move over to using the slug format
because if you've got a bad character in a url, the edit forms will
now work on it since they'll be id based.
 2009-09-08 13:44:52 -07:00
Andy Staudacher
75e99c9ea3 When changing user preferences, reset the session based locale preferences. 2009-09-04 11:17:11 -07:00
Andy Staudacher
b9bd1681a3 Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. 2009-08-29 22:54:20 -07:00
Andy Staudacher
a5dfc81a8f Merge commit 'upstream/master' 
Conflicts:

	modules/akismet/views/admin_akismet.html.php
	modules/comment/helpers/comment_rss.php
	modules/gallery/helpers/gallery_rss.php
	modules/gallery/libraries/I18n.php
	modules/gallery/views/permissions_browse.html.php
	modules/gallery/views/simple_uploader.html.php
	modules/info/views/info_block.html.php
	modules/organize/controllers/organize.php
	modules/organize/views/organize.html.php
	modules/organize/views/organize_album.html.php
	themes/default/views/album.html.php
	themes/default/views/movie.html.php
	themes/default/views/photo.html.php
 2009-08-29 14:17:48 -07:00
Andy Staudacher
c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). 
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
 2009-08-29 12:48:40 -07:00
Bharat Mediratta
e586389f65 Don't ask for csrf when we're resetting passwords. They're not gonna have one. Duh! 
Fixes #642.
 2009-08-27 13:29:45 -07:00
Bharat Mediratta
67d4ae21d5 Clean up user form events. Thanks to Ben Smith (glooper). 2009-07-29 17:43:12 -07:00
Tim Almdal
00cd2b646d fix for ticket #574. The user->url database wasn't being set when the user was updated via the admin panel. 2009-07-25 15:00:57 -07:00
Bharat Mediratta
1fbdf1a1e0 Add form processing events: 
user_add_form_admin            admin adding a user
 user_edit_form_admin           admin editing a user
 user_add_form_admin_completed  successfully added a user (admin)
 user_edit_form                 user editing their own settings
 user_edit_form_completed       successfully edited a user (admin and user editing own settings)
 2009-07-23 10:35:52 -07:00
Bharat Mediratta
80f48b084a In the logout link, urlencode the continue url so that ampersands, etc 
don't break encapsulation.  In the logout controller, don't run the
url through url::redirect because that uses url::site().  Just set the
Location header directly.

This fixes ticket #483.
 2009-07-21 13:02:20 -07:00
Bharat Mediratta
2864aceb81 Add missing ) dropped in 8f9a943f. 2009-07-16 10:58:42 -07:00
Bharat Mediratta
8f9a943f55 Fix a bunch of XSS vulnerabilities turned up by manual inspection 
using the checklist in ticket #385.
 2009-07-01 17:57:39 -07:00
Bharat Mediratta
cf9e3db32e Actually save the url when editing user information. 
Fixes ticket #363.
 2009-06-10 21:13:34 -07:00
Tim Almdal
f0ea6d532c Create a new method in MY_url.php "get_item_from_uri" which loads the item 
based on the uri.  Then use this helper method in logout.php to insure that
the guest user has access to the "continue" uri.  If they don't redirect to
the root album and let it deal with access issues.

Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
 2009-06-09 21:45:43 +08:00
Bharat Mediratta
d5d5284f05 Don't ask for CSRF token when trying to view the password reset form. 2009-06-06 12:52:44 -07:00