stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 19:39:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
854 Commits 4 Branches 0 Tags
3a22e0a2dfd9fb45a1baccc11dff82d5e0070c8d
Commit Graph

37 Commits

Author SHA1 Message Date
Bharat Mediratta
672eca5337 Lots of deltas rolled up into a bigger change. Sorry for the mess. 
1) Deleted in-place-editing.  We'll be replacing this with a real edit
   system that groups settings together and is more coherent.

2) Tweaked the way that dialog boxes work to get the ajax stuff working
   again.  It's imperfect and does not work properly for uploading images.
   This is going to get redone also, but this is a good resting point.

3) Created edit forms for albums and photos.  Moved _update and _create out
   of Items_Controller and into the individual subclasses.

4) Created access::required which is a shorthand for:
    if (!access::can(...)) {
      access::forbidden();
    }

5) Added validation rules to Items_Model

6) Converted login to use the regular modal dialog approach in the theme.
 2008-12-24 00:20:26 +00:00
Bharat Mediratta
9cf2c57921 Normalize CSRF handling into the access helper. Probably not the best 
place for it, but it'll do for now.

Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
 2008-12-22 04:33:18 +00:00
Bharat Mediratta
17c0b01444 Add access::forbidden() 2008-12-19 22:13:33 +00:00
Bharat Mediratta
2438dba396 Delete the var/thumbs .htaccess files, too. 2008-12-19 07:16:38 +00:00
Bharat Mediratta
130e26983a Add initialization to the user module to put the user and group_ids 
into the session, for easy access.  This cuts down the number of
queries when we're loading images through file_proxy.php
 2008-12-17 17:40:45 +00:00
Bharat Mediratta
fc7b78492b Separate thumbnails out into var/thumbs. This clears up some ambiguity in Item_Model and simplifies 
file_proxy.  It also means we can stop munging file names in the var/resizes hierarchy.

In the process, rename "thumbnail" to "thumb" everywhere in honor of
Chad (well, ok because it's shorter)..
 2008-12-17 04:45:35 +00:00
Bharat Mediratta
8c7d0a76e5 Add file_proxy. This is controller gets triggered by .htaccess 
protection on var/albums and var/resizes and only displays files to
the user if they have "view" permission on the base ite.
 2008-12-16 23:07:33 +00:00
Bharat Mediratta
3e219aab6b Change htaccess rules to use mod_rewrite 2008-12-16 08:17:00 +00:00
Bharat Mediratta
d9e02a5d0c Various optimizations: 
o Add model_cache::get() which caches models avoiding duplicate lookups
o Stop using ORM relationships for Item_Model::owner so that we can use caching
o For Item_Model::xxx_edit fields, don't make them editable for guests
o Other minor stuff.

These optimizations reduce the number of queries for a 9-photos page from ~200
to ~45.  Still way too many!
 2008-12-16 04:29:00 +00:00
Bharat Mediratta
dc08917345 Fix a bug where we were not deleting the .htaccess file on access::reset() 2008-12-16 02:31:13 +00:00
Bharat Mediratta
61618af0db Create and delete .htaccess files based on the view permissions for 
the group::everybody() user.
 2008-12-16 01:04:19 +00:00
Bharat Mediratta
eecf7bd518 phpdoc cleanup 2008-12-16 00:31:50 +00:00
Bharat Mediratta
3d2fc86604 Permission only function on albums. 2008-12-16 00:30:05 +00:00
Bharat Mediratta
af8c74f612 Fix a bug where parent permissions were not getting inherited to newly 
created albums and photos.
 2008-12-13 20:06:20 +00:00
Bharat Mediratta
8ba5ea3cf8 Make sure that access::can fails if the item is not loaded 2008-12-13 19:49:33 +00:00
Bharat Mediratta
a3142246e4 Move the view permission cache directly into the item table for efficiency. Unit tests ftw! 2008-12-12 06:54:48 +00:00
Bharat Mediratta
2cf3233f54 Get rid of all pseudo users and pseudo groups, while preserving all 
other functionality.  This makes our user/group and access code
fully consistent.
 2008-12-12 00:59:30 +00:00
Bharat Mediratta
914164d5eb Split _update_access_cache into two functions separating view from 
non-view.  This is a step along the path towards moving the view
access cache into the item model.
 2008-12-11 19:06:40 +00:00
Tim Almdal
52ed3f11fd Fix problem with access::can, where the $item->id was being passed to the access_group::can method. 2008-12-10 22:19:39 +00:00
Bharat Mediratta
18a6614a11 Change all access API methods to take ORMs instead of ids. This will 
minimize reloading objects from the database.
 2008-12-10 07:05:49 +00:00
Bharat Mediratta
4a0e4b798e Check view permissions before allowing view access to albums/photos. 2008-12-09 10:14:09 +00:00
Bharat Mediratta
e62103b8d9 Move code to delete users and add/remove users from groups into the 
model.
 2008-12-09 08:47:30 +00:00
Bharat Mediratta
e3ad42a276 Add access::can() which verifies that the user belongs to a group that has the 
given permission.
 2008-12-09 00:02:20 +00:00
Bharat Mediratta
bd3a472be7 Rename access::can() to access::group_can() 2008-12-08 10:46:53 +00:00
Bharat Mediratta
5d23a6515d Finish writing unit tests for Access. No bugs found! 2008-12-07 10:56:44 +00:00
Bharat Mediratta
9ba9f7bf27 Change the startup code to only put installed modules on the autoload 
path.  This breaks a bunch of places where we had hardcoded
dependencies, so guard all of those cases.  Restructure
module::available() a bit and the way that we do install/uninstall in
the scaffolding.
 2008-12-04 07:44:28 +00:00
Bharat Mediratta
bae905a4cb Improvements to access helper. 
o Rename access::remove_group() to access::delete_group() for
  consistency.

o Wrote more unit tests

o Tests found a bug in access::remove_item() .. yay!
 2008-12-04 06:40:35 +00:00
Bharat Mediratta
c3478675cd Fix a bug where we weren't actually deleting permissions (hooray for unit tests!) 2008-12-03 19:09:56 +00:00
Bharat Mediratta
e03bb0f7c3 Re-enable access_cache propagation now that we've patched the MySQL driver. 2008-12-03 04:28:14 +00:00
Bharat Mediratta
718ac67a02 get rid of a stray space that was breaking the File_Structure_Test 2008-12-03 04:17:02 +00:00
Bharat Mediratta
c1886aab88 Temporarily disable some code to get tests to pass. 2008-12-03 04:05:24 +00:00
Bharat Mediratta
db5bc20500 Fix a bad copy/pasted comment 2008-12-03 03:18:43 +00:00
Bharat Mediratta
ea11562e32 Oops, this was missing from the last fix. 2008-12-02 04:54:37 +00:00
Bharat Mediratta
ae4c828b06 Fix a problem in _update_access_cache() where if the intent is 
default, we weren't properly propagating ALLOW where necessary.
 2008-12-02 04:38:45 +00:00
Bharat Mediratta
5c303aa07b Add access::reset() so that you can specify your intent to use the 
parent's permissions.

Update scaffolding to demonstrate that it works.
 2008-12-01 09:57:03 +00:00
Bharat Mediratta
e3d7877d79 Add @todos 2008-12-01 09:01:10 +00:00
Bharat Mediratta
91c4bda1ec Prototype access control model. There's much left to do, but it's a 
working implementation.
 2008-12-01 08:50:00 +00:00