I've redone the browsing code but I have not implemented the adding
code.
1) Rename index() to browse() since index is too generic.
2) Simplify the data that we pass to _dialog and _tree
3) Change _tree to return list items only, so that the outer dialog
can be a <ul> for consistency.
4) Simplify the data structures so that we're not tracking checked vs.
unchecked status in the PHP code, it's all done in jquery where we
can do it with just a line or two of JS
5) use glob() which pretty much entirely replaces _get_children
the branch was never opened on the client. This should fix some of the issues
with the server_add as I was able to select the staging directory and then add
over 400 images in a multi-tier structure.
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
start task processing to fill in any subtrees that are selected, but were never expanded on the client. Added the loading icon.
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
1) Fixes Ticket #208
2) Fixes Ticket #190
3) Fixes an unticketed issue where two items could collide when
creating the thumbnail and/or resize. For example, loading a.flv and
a.jpg would have generated the same thumbnail image. This change adds
a random value to the name to avoid conflicts.
4) Added item::__set() to clear the relative path if the name changes
does not provide a sort order. Separate the directory and files, sort
them individually and then merge them together so directories are at
the top of the list
