Commit Graph

122 Commits

Author SHA1 Message Date
Bharat Mediratta
d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Bharat Mediratta
7d98d4b7b9 Revert "Fix for ticket #491: Make user and group names translatable."
This reverts commit 4091219425.
2010-02-18 16:20:59 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable.
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
2010-02-14 19:26:34 -08:00
Andy Staudacher
2dad1d7cd1 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-14 07:15:57 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area.
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
2010-02-07 08:45:10 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
2bfcec9620 Prevent brute force login attacks by reducing login attempts to 1 per
minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
2010-01-30 19:48:57 -08:00
Bharat Mediratta
743fbe7696 Add page_type to the rotate and delete context menu items so that the
quick menu knows where to send you after the action is done.
2010-01-28 23:22:38 -08:00
Tim Almdal
c51fe96820 Make the varible for the profile name more descriptive and clean the label 2010-01-28 09:27:27 -08:00
Tim Almdal
cedbc82dcc Do all the html::clean|purify calls in the views and not the controller. Also clean the subject line and email message body of the contact user email. 2010-01-28 07:44:58 -08:00
Bharat Mediratta
4ca91bf618 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev
Conflicts:
	modules/gallery/tests/Access_Helper_Test.php
2010-01-27 19:20:38 -08:00
Andy Staudacher
119297e2ad Apply html::clean() to UI visible strings, and show language names instead of locale tags to be consistent with the user edit form. 2010-01-25 23:05:41 -08:00
Bharat Mediratta
1606961153 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev
Conflicts:
	modules/gallery/libraries/MY_ORM.php
2010-01-25 19:49:17 -08:00
Tim Almdal
7c06e21ec4 Refactor creating the user profile page content into the the event module. The show_user_profile is used to provide content to the user profile page. Add the list of the users comments to the profile page. 2010-01-24 15:27:33 -08:00
Tim Almdal
ed5b07b335 Create a user profile page that is used as a landing page when referencing a user in messages or pages.
Partial fix for ticket #889 and a fix for #931.
2010-01-23 21:38:01 -08:00
Bharat Mediratta
fecac4a859 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev
Conflicts:
	modules/gallery/tests/xss_data.txt
2010-01-23 16:29:10 -08:00
Tim Almdal
abdeb21ccb Add a user_menu method to the Admin_View and then use this method to get the
user menu.  Since the information displayed is identical in both admin and
theme views, it makes sense to combine the generation to it is done in a common
location.
2010-01-23 13:29:49 -08:00
Tim Almdal
79bcfc93c3 Merge branch 'master' of git@github.com:gallery/gallery3 2010-01-22 13:38:23 -08:00
Tim Almdal
dabd5b84b2 Remove the identity manager screens and controller as alterntive identity providers are installed in the admin module screen. 2010-01-22 12:22:31 -08:00
Tim Almdal
603c3049a1 Treat identity providers just like other modules and use the admin_module to
install and switch to a different identity provider.
2010-01-22 09:39:29 -08:00
Bharat Mediratta
2744b2e938 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 2010-01-22 00:27:56 -08:00
Andy Staudacher
07ba5fe43a Use Unicode instead of HTML entity (since the l10n server normalizes this way and rejects submissions that change under the normalization step) 2010-01-21 23:53:21 -08:00
Bharat Mediratta
b5a6a6a5d5 Oops, log::failure() doesn't exist. Use log::error(). 2010-01-16 11:44:21 -08:00
Bharat Mediratta
bf085a1a17 Convert photo uploading over to the new model based validation
approach.

- Rearrange Simple_Uploader_Controller::add_photo() to validate
  the form early in the process, and switch to using model based
  validation.

- Move thumbnail generation into gallery_event::item_created() so
  that it's decoupled from the model.

- Delete photo::create() and move all of its logic into
  Item_Model::save().

- Add Item_Model::$data_file to track the data file associated
  with new movies and photos.

- Do some cleanup on the validation callbacks -- it turns out the
  2nd argument is the field name not the value.
2010-01-16 00:51:31 -08:00
Bharat Mediratta
6b8a52d328 Fix the logout link to send you back to the current url. The old
approach depended on having an $item, which is not the case on all
pages (eg: tag pages).  Also, check the CSRF in the logout controller,
else you can use the logout link as a blind forwarder.
2010-01-04 21:37:51 -08:00
Bharat Mediratta
20bd09ff00 A more thorough fix for #745 and #940. Stop using the referer to
guess how to send the user back.  Instead, proxy the originating item
id through the edit forms so that we can tell exactly what page we
were on when we began editing.  If we were viewing the item, then
redirect to its new url (in case it changed) to fix ticket #745.  But
if we were viewing some other item, then just stay on the current page
to fix #940.

The page_type approach didn't work because you'd have the same
"collection" page_type when doing a context menu edit for an album.
2009-12-31 17:21:19 -08:00
Tim Almdal
41969cc9e4 Another holdover from the K2.4 conversion. In R2.4 the url::current(true) was returning an empty string. This fixes ticket #955. 2009-12-29 15:48:21 -08:00
Bharat Mediratta
9d19e272d6 Convert some database queries. 2009-12-17 21:16:51 -08:00
Bharat Mediratta
dec084fe08 Update database queries. 2009-12-06 21:34:09 -08:00
Bharat Mediratta
1fd0e14359 Convert all DB where() calls to take 3 arguments.
Convert all open_paren() calls to and_open() or or_open() as appropriate.
2009-11-26 12:09:04 -08:00
Bharat Mediratta
befb824420 Fixes #898 2009-11-20 21:16:59 -08:00
Tim Almdal
f5b0ce1f47 Revert "Currently Admin_Theme_Options controller assumes that all the themes will provide the same values. This change corrects that assumption and moves the management of the theme options, including creating the form and updating the theme options into the theme."
This reverts commit 1692ee1308.
2009-11-19 11:44:09 -08:00
Tim Almdal
1692ee1308 Currently Admin_Theme_Options controller assumes that all the themes will provide the same values. This change corrects that assumption and moves the management of the theme options, including creating the form and updating the theme options into the theme. 2009-11-18 14:37:49 -08:00
Bharat Mediratta
1067e68292 Redesign the way that we consider page types to create buckets of page
types, and a subtype for specifics.  Currently the top level bucket

   collection, item, other

Here are the core subtypes so far:

   collection: album, search, tag
   item: movie, photo
   other: login, reset, comment-fragment, comment

It's legal to create new page_subtypes whenever you want.  Use the
appropriate page_type to get the coarse grain behavior that you want.
2009-11-17 14:04:45 -08:00
Tim Almdal
47e0d91fcc Remove debugging statement 2009-11-07 21:51:57 -08:00
Tim Almdal
b5f2dbc2c4 Create a user_menu for the top of the page. Change the login, edit profile and logout portions of the banner to be rendered by the Theme_View::user_menu callback. This fires the user_menu event. Fixes Ticket #871. 2009-11-06 14:08:46 -08:00
Bharat Mediratta
96cbfe23a6 Respect the "theme" variable if we're an admin. This requires us to
change the order of operations in gallery_event::gallery_ready() so
that we load users before themes.  Fixes ticket #836.
2009-11-03 14:03:36 -08:00
Tim Almdal
376eb5673f Convert the event handlers for the "identity provider changed" and "user_deleted" events to use ORM or the Kohana query builder to build the database update calls instead of coding the sql directly. 2009-11-01 10:22:56 -08:00
Tim Almdal
c3dcfd136b Move the identity provider menu item under the settings menu and make the User/Groups administration a first level menu item. As discussed via -devel mailing list. 2009-10-31 14:41:55 -07:00
Tim Almdal
903b5f6f67 Add identity_change handlers to resolve the ownership issues of comments, subscription, items and tasks. 2009-10-31 14:23:05 -07:00
Tim Almdal
90465012d1 Patch to clean up loose ends when a user is deleted.
* For items and tasks the owner id is set to admin
* For notification subscriptions, the subscription is deleted
* For comments, I've extracted the user name, email and url and set the guest_name, guest_email and guest_url columns while setting the author_id to identity::guest()->id
Fix for ticket #777.
2009-10-30 14:23:57 -07:00
Tim Almdal
4bf2475684 Missed a couple of inconsistent capitalizations 2009-10-29 11:23:04 -07:00
Tim Almdal
53dd35b5c8 Just show the Identity admin menu item all the time. This gives a place to hang other user related module administartion menu links. 2009-10-29 08:30:39 -07:00
Tim Almdal
6fb116c53b Merge branch 'master' into talmdal_dev 2009-10-26 06:24:51 -07:00
Chad Kieffer
eb93e343e2 Make "move item in photo view" comment a todo. 2009-10-25 23:02:58 -06:00
Tim Almdal
f0f7bc2d12 Undo the merge from master because it is actually identity not user in this branch. 2009-10-25 08:10:27 -07:00
Tim Almdal
174e8ef3f7 Merge branch 'master' into talmdal_dev 2009-10-25 08:08:09 -07:00
Tim Almdal
576337c508 Replace reference to identity with the reference to user. Dangers of flipping back and forth between branches. 2009-10-25 08:07:05 -07:00