view permission on the parent. Added a whitelist of allowable
owner permissions.
If the requested permission is view and the user requesting access
is the owner, check that they have view permission to the parent.
1) Change access_Core::user_can to return true for all permissions if the
owner is the specified user.
2) Change Item_Model::viewable to set the owner_id is the first view_restriction
This allowed simplification of the generating the where clause to a single
$this->orwhere instead of a where and an orwhere.
This required putting a wrapper view around the forms and passing
this view as the parameter to the item_edit_form event. The view
contains a $script variable that the modules can add script to be
included in the form html when rendered as part of the ajax response.
user_add_form_admin admin adding a user
user_edit_form_admin admin editing a user
user_add_form_admin_completed successfully added a user (admin)
user_edit_form user editing their own settings
user_edit_form_completed successfully edited a user (admin and user editing own settings)
1) Specifically catch Kohana_404_Exception and let other exceptions pass, the
test framework will report them as errors
2) Simplify some testing idioms
3) Change malicious address to a legal addr
This patch allows users with only view permission to request fullsize
prints using Digibug. There is now a Digibug config file that contains
the IP ranges of the Digibug servers. Any request for the full size
image via the print proxy must come from within the ranges in the config
file.
The reason for the "if (!Test_Mode) {..." is that the print proxy makes a
call to Kohana::close_buffers, which closes all the output buffers and then
we see the image download on the console which messes up the test output.
theme. Because the theme comes first, this means that themes can
override any module resources, at the cost that we no longer have
namespacing for JS and CSS files.
The only file getting used outside of this model is
themes/default/screen.css which is used in the admin theme. I fixed
that by copying screen.css into admin_default and renaming its
screen.css to admin_screen.css. I also copied over all the images
that it was referencing.
Fixes tickets #48 and #539.
Theme API changes:
- theme_script(), theme_url() and theme_css() are no longer needed
- script(), url() and css() now refer to the first matching asset in
the module load path, where gallery3/lib is at the end of the path
from using a single gQuickPane <div> that we move around. A race
condition happens when you mouse over two thumbnails quickly.
Whichever server response loses the race gets displayed, and sometimes
it's the one that you're no longer hovering over.
Fix it by changing gQuickPane to be a class and creating a <div> per
thumbnail.
Fixes ticket #290.
