slow down simple operations. We may run into problems with more
complex operations, but let's only add tasks into the mix when it's
clear that we need them.
* Clean up naming conventions for variables in the controller
so that we specifically refer to albums with $album_id, etc.
* Move complexity for drawing tree out of the controller and into
the view.
* Simplify task definitions to get rid of extraneous text
* Change __PLACEHOLDERS__ to clearly define which is the album
and which is the item that we're moving before/after
* Remove as many CSS ids as we can from the tree view to keep
things simple
1) If images are dragged from the content pane and dropped on a branch in the
tree that the user only has view priviledges, then the drop is cancelled
and the images are reverted.
2) The user cannot click on a branch, to which they only have view priviledges,
the content pane does not change to the new album
Organize_Controller:
* Remove unnecessary constants
* Rename index() to dialog()
* Simplify _get_micro_thumb_grid
organize.js:
* Move sizing code in here from organize_dialog.html.php
organize_dialog.html.php:
* Move CSS and JS links in here so that we only load them when we need them.
* Move sizing code into organize.js
organize_thumb_grid.html.php:
* Move pagination logic in here, since it's view centric
* Collapse the css class determination code and inline it
anything, but get the dialog up, populate the album tree and intelligently
populate the micro thumb grid.
Still to do:
1) get the microthumbs laided out ptoperly
2) expand and collapse functionality in the album tree
3) use the album tree to change the content of the micro thumb grid
4) Actually add some functionality
At the moment, it supports a callback "" to allow modules to add icons
to the organize drawer label. The close button is added outside of this
framework as it will always be last.
related events from within the model handling code. The only
exception to this currently is item_created which is challenging
because we have to save the item using ORM_MPTT::add_to_parent()
before the object itself is fully set up. When we get that down to
one call to save() we can publish that event from within the model
also.
1) The item_updated event no longer takes the old and new items.
Instead we overload ORM to track the original data and make
that available via the item. This will allow us to move event
publishing down into the API methods which in turn will give us
more stability since we won't require each controller to remember
to do it.
2) ORM class now tracks the original values. It doesn't track
the original relationships (no need for that, yet)
3) Added new events:
item_deleted
group_deleted
user_deleted
approach using html::specialchars and purify uses HTMLPurifier to intelligently
cleanse the output fields. Use purifier for text and title fields where it is
likely that a user would enter html to format their data.
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
can't edit, but we are getting closer :-).
This change sets up a framework for modules to contribute edit panels
to the organize drawer. Currently implemented General (albums and
photos), Sort Order (albums only) and Manage Tags
Rearrange the layout as per discussion with thumb, start the drawer
functionality. Still to do...
1) Add the processing behind the buttons on the drawer handle
2) Enable the drawer buttons when something is selected
3) Create a copy of the thumbs for the drawer
4) Add the bulk editting functionality to the drawer
