stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-21 11:59:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,348 Commits 4 Branches 0 Tags
de00a4ac394de6ce2df4bd6e52ae52f17701f702
Commit Graph

93 Commits

Author SHA1 Message Date
Tim Almdal
445a8fb1b6 Change galleryPanel and galleryDialog widgets to gallery_panel and gallery_dialog respectively 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:42 +08:00
Tim Almdal
a302a9c3fa Refactor the gallery dialog into a jQuery widget 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:28 +08:00
Bharat Mediratta
41b8f943a6 Convert instances of theme_url() to just url() to match the API change 
made in dbeadc1407
 2009-07-23 10:20:49 -07:00
Bharat Mediratta
80f48b084a In the logout link, urlencode the continue url so that ampersands, etc 
don't break encapsulation.  In the logout controller, don't run the
url through url::redirect because that uses url::site().  Just set the
Location header directly.

This fixes ticket #483.
 2009-07-21 13:02:20 -07:00
Bharat Mediratta
050c82cf80 Escape bare & symbols so that we use valid entities. Fixes ticket #577. 2009-07-21 11:09:23 -07:00
Bharat Mediratta
51dca582cd More thorough fix for #421. Create User_Model::display_name() which 
uses the full name if there is one, or falls back to the name if
that's all we have.
 2009-07-19 16:50:35 -07:00
Shai Ben-Naphtali
fb7d99740d Changed "Forgot Your Password" text to use capital 'Y' on the word Your 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-07-21 00:09:06 +08:00
Bharat Mediratta
6e8a8c53e6 Rename $theme->url() to $theme->theme_url() for consistency wiht 
$theme->theme_script().
 2009-06-28 19:49:48 -07:00
unostar
08a5b75345 Add string to localizer 2009-06-15 02:02:25 -07:00
Bharat Mediratta
3d89951c77 Create gallery::date_time(), gallery::date() and gallery::time() 
functions that format a unix timestamp into a date+time/date/time
string.

Partial fix for ticket #347.

Signed-off-by:  <unostar@danalan.info>
 2009-06-13 20:10:24 +08:00
Bharat Mediratta
277d72d9fa Fix formatting. 2009-06-06 12:50:38 -07:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking 
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
 2009-06-01 22:40:22 -07:00
Bharat Mediratta
9322f51e23 Localize a string 2009-05-31 19:31:55 -07:00
jhilden
277c96c2f6 user admin facelift 
* added drag & drop help message for empty groups
* fixed overflow issue with more than ~10 members in one group
* CSS improvements
 2009-05-31 18:25:43 -04:00
Bharat Mediratta
9369ccab7f Run all variables that come from user-entered data through p::clean() 2009-05-31 01:02:51 -07:00
Chad Kieffer
2966289b14 Quick fix for ticket #144. Reapply event handler for delete link gDialog when group is refreshed. 2009-05-26 05:05:04 +00:00
Chad Kieffer
94e36344b2 Link to gallery.panel.js from the head, not body. 2009-05-26 05:00:19 +00:00
Chad Kieffer
88e1f02c1a Split out re-used JavaScript for common functions (messages, valign), panel toggle, and forms to external files. 2009-05-26 03:59:35 +00:00
Bharat Mediratta
7abe611a62 Make the 'this user cannot be deleted' link actually not clickable. 2009-05-13 03:59:42 +00:00
Bharat Mediratta
b9aeec634d Colorize admin user rows to make them stand out 2009-05-13 03:44:55 +00:00
Bharat Mediratta
1344bd7009 Use the name field if the full_name field is empty. 2009-05-13 03:36:06 +00:00
Andy Staudacher
6fae077b52 Fix i18n for "Logged in as" string 2009-04-17 02:04:25 +00:00
Tim Almdal
f1eec57221 Add a weight column to the items model. Change the album ordering to 
use this as the default instead of id.  This prepares the way for
manual reordering in the organize functionality.
 2009-04-05 16:57:51 +00:00
Bharat Mediratta
921f3a2eee Put csrf token into Admin_View and Theme_View by default, then use it 
directly wherever possible instead of access::csrf_token().
 2009-03-27 03:43:21 +00:00
Bharat Mediratta
6aadb0bc77 Fix indentation 2009-03-16 09:01:50 +00:00
Chad Kieffer
542ab6db1f Combined "Logged in as..." and "Modify Profile" to by just "Logged in as FullName" 2009-03-16 04:54:00 +00:00
Bharat Mediratta
83912bce20 Missed this in the last commit 2009-03-16 04:42:39 +00:00
Bharat Mediratta
736d74d05f Clean up the login, maintenance login and required-top-level-login code. 
We now have two clear and separate login approaches:
  login/ajax
  login/html

Choose the one that's appropriate.  Totally simplified the maintenance
page to be separate from the theme and dead simple, and use login/html
approach there.  Totally simplified the top level login
(login_page.html.php) to just be a login page, not the rest of the
chrome on the page and use the login/ajax approach there.

Don't use access::required in albums and then catch the exception,
instead use access::can and check the return code.

Improve the text for maintenance mode.
 2009-03-16 04:33:45 +00:00
Tim Almdal
4d5679b749 Fix ticket #119. Display the full name of the user in the same block 
as the Modify profile and logout links.
 2009-03-11 15:00:57 +00:00
Bharat Mediratta
07310c8499 Add slightly more visual feedback when you're hovering over a 
draggable user.  Also, drag the icon and name not just the icon.
 2009-02-26 03:05:29 +00:00
Chad Kieffer
1ef090cd15 Remove second Add User button, don't need it, at least not now. 2009-02-23 01:51:18 +00:00
Chad Kieffer
d739d1ea46 Button mania continues. Make edit and delete user/group links buttons, buttons, buttons! 2009-02-11 05:35:11 +00:00
Chad Kieffer
ad80e86208 Indent fixes. 2009-02-09 02:11:59 +00:00
Chad Kieffer
cdae043999 Clean up add user and group buttons to move the + icon to the left. The + icon doesn't appear within the button outline with buttons that aren't floated. Will have to debug later. 2009-02-08 20:45:09 +00:00
Chad Kieffer
67d551d5e3 jQuery-based buttons! Form updates, short form updates. Need to fix add user/group buttons and search form on search results page. 2009-02-06 06:34:47 +00:00
Tim Almdal
2f5344c1da A preview of the password reset functionality. What's working... you 
can start to logon, request the password to be reset, and an email is
sent to the users email address.  If you click on the link you get an
unformatted form.  But its a start :-)
 2009-02-04 05:49:29 +00:00
Chad Kieffer
d656b6a3e6 Beginning of edit user panel fix. Form is displayed again. Added display of user email address to list. 2009-02-03 06:45:43 +00:00
Chad Kieffer
8a4eb9eed2 For consistency with the rest of the admin UI, display User list as table, not list. Apply cursor: move to jQuery UI draggable and sortable. Clean up admin table styles a bit. 2009-02-01 18:37:45 +00:00
Bharat Mediratta
6091350c94 Fix lint errors 2009-01-29 03:23:46 +00:00
Bharat Mediratta
e52431a81b Fix url for delete group link. 2009-01-29 01:41:32 +00:00
Bharat Mediratta
6bfadc14ed Fully implement the user administration backend with drag/drop to add 
users to groups.
 2009-01-28 22:42:50 +00:00
Bharat Mediratta
1a62a26a36 Add drag and drop support to the admin_users interface. This is still 
a work in progress but it actually works mostly.
 2009-01-28 09:50:15 +00:00
Bharat Mediratta
ca8e92376a Add gravatars to users 2009-01-27 21:57:41 +00:00
Bharat Mediratta
9048a5afca Clean up indentation 2009-01-27 21:54:22 +00:00
Chad Kieffer
57f5cdeb30 Use url:site() on add user link, change user list from class to id to make it unique, changed gFirstRow to gHeaderRow to make more semantically meaningful. Fixed closing span that I broke after Bharat fixed it last night. 2009-01-25 21:17:04 +00:00
Chad Kieffer
ffa1fa45f6 Admin theme style cleanup. Merged separate selected, available, unavailable into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet. 2009-01-25 06:55:24 +00:00
Bharat Mediratta
b0ad4e0222 Fix all 'add' links and make them open in a dialog 2009-01-25 02:29:01 +00:00
Bharat Mediratta
7c317fa6f2 Fix indentation which helped me to find an extra </span>. Simplified 
some of the logic.
 2009-01-25 02:21:53 +00:00
Chad Kieffer
55cd2afde5 Admin theme style cleanup. Merged separate selected, available, unavailable into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet. 2009-01-24 20:06:13 +00:00
Chad Kieffer
6941af664f Ajaxified user edit forms. They're populated, but don't submit yet. 2009-01-23 06:19:19 +00:00