stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 03:19:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,169 Commits 4 Branches 0 Tags
e60edcdeba577e8cdbdbbc700cb3dfe9d0dd9443
Commit Graph

53 Commits

Author SHA1 Message Date
Bharat Mediratta
6e58fced20 Follow on to 16555935ee to clean up the 
style a bit.  Tracked in #1539.
 2010-12-16 21:01:51 -08:00
Kriss Andsten
16555935ee Fetch permissions for non-albumbs by parent rather than by item, allowing the result to be cached. 2010-12-17 12:50:51 +08:00
Bharat Mediratta
cd48b89f31 Consolidate all the random code into a random helper that offers: 
random::hash()
  random::string()
  random::percent()
  random::int()

So that we don't have lots of different ways to get random values all
over the code.  Follow-on to #1527.
 2010-12-15 14:57:00 -08:00
Bharat Mediratta
45c63f4d11 Use mt_rand() instead of rand() since it provides better portability. 
Fixes #1527.
 2010-12-15 12:48:56 -08:00
Bharat Mediratta
eb010554ff Replace self::func() with <helper_name>::func() for all public APIs 
and constants to make overloading easier.  Fixes #1510.
 2010-11-28 11:27:25 -08:00
Bharat Mediratta
161bbb9ba3 Proxy the BasicAuth authentication header in htaccess_works() so that 
if the entire Gallery is behind BasicAuth we share the same
credentials as the browser.  Fixes #1413.
 2010-10-02 16:44:31 -07:00
Bharat Mediratta
1a0d76c43e When moving a single item, just copy its permissions from its parent 
album.  This is totally legal since an items permissions must be the
same as its parent's, and it's much faster for large installs where
a complete recalculation can be very costly.  Should fix #1360.
 2010-09-13 22:23:09 -07:00
Bharat Mediratta
ca0c3b3e7f Force "Options +FollowSymLinks" since that's a requirement for 
mod_rewrite to work.  This is surprisingly obscure in the docs.
Thanks to bromide for turning this up in
http://gallery.menalto.com/node/97791!
 2010-09-05 21:25:46 -07:00
Bharat Mediratta
dd955781aa "public static" ==> "static" to match code conventions. 2010-07-27 19:54:41 -07:00
Bharat Mediratta
5be9ae3250 Add a new maintenance task that resyncs album .htaccess files with 
database access intents.  Use this to fix up .htaccess files after you
relocate your Gallery. Fixes ticket #1252.
 2010-07-25 11:10:42 -07:00
Bharat Mediratta
075cea2a48 Don't use hardcoded id 1 as the everybody group; it won't work with alternative auth schemes. 2010-07-25 10:05:09 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
70837b5212 Fix for ticket #1035: Make .htaccess access rules work for the case when index.php isn't part of generated URLs. 2010-02-27 21:26:38 -08:00
Andy Staudacher
8412aeb133 For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-14 07:15:57 -08:00
Andy Staudacher
d53f6d0e05 Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. 2010-02-12 16:40:44 -08:00
Andy Staudacher
6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009. 
Side effect: Renaming auth::required_login() to login_page().
 2010-02-11 14:28:32 -08:00
Bharat Mediratta
c5471a76a2 htaccess_works() can't use var/tmp anymore because that's locked down. 
So just create var/security_test and delete it when we're done.
 2010-01-31 13:27:05 -08:00
Bharat Mediratta
00957f79ba Throw Kohana_Exception instead of Exception on access denied, since that may bubble all the way up 2010-01-20 22:46:46 -08:00
Bharat Mediratta
b5cf24456f Forbidden is a 403, not a 503. 2010-01-20 00:51:34 -08:00
Bharat Mediratta
41a392611c Change DENY and ALLOW to "0" and "1" to match the fact that ORM no 
longer typecasts values as of http://dev.kohanaphp.com/issues/2459
 2010-01-18 12:08:05 -08:00
Bharat Mediratta
0736cf203b In Kohana 2.4, ORM no longer does the find_all() call for us when we 
retrieve related ORMs.  If we tack a find_all() on the end, it breaks
the User_Definition interface so create User_Model::groups() and
Groups_Model::users() as glue.
 2009-12-17 21:32:53 -08:00
Bharat Mediratta
9b75b85e71 Update all database queries such that we can run "php index.php 
package" and generate the same SQL as before.
 2009-12-17 21:05:58 -08:00
Bharat Mediratta
c803cb2909 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 2009-12-01 19:44:29 -08:00
Bharat Mediratta
299da7b54f Don't allow the extra "/?" sequence (ie: "/index.php/?kohana_uri=...") in the generated .htaccess files. 2009-11-30 10:59:00 -08:00
Bharat Mediratta
1b41ad8c42 Don't use PathInfo based urls to reroute access protection. Fixes 
ticket #922.
 2009-11-29 22:47:33 -08:00
Bharat Mediratta
1fd0e14359 Convert all DB where() calls to take 3 arguments. 
Convert all open_paren() calls to and_open() or or_open() as appropriate.
 2009-11-26 12:09:04 -08:00
Bharat Mediratta
0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
274d4680fa Upgrade the gallery module to version 16 to reflect the refactoring of the user module into an identity provider. Change how we determine if there are available groups that we need to export 2009-10-26 10:05:25 -07:00
Tim Almdal
3c936d661a Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class 2009-10-22 13:11:03 -07:00
Tim Almdal
3ece1a01f2 Add a groups api method on the Identity provider and change access_Core::_get_all_groups() to use this to get the defined groups. 2009-10-20 17:01:19 -07:00
Tim Almdal
098b57bf18 Simplify the user interface by moving the password reset functionality into the user module 
Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names.
Make sure all the unit tests work.
 2009-10-19 12:53:44 -07:00
Tim Almdal
78ee4193b7 Remove all non Identity API methods from Identity.php. Created an MY_Session class to provide the user state changes in the session and a login.php helper that has the login form. 2009-10-16 10:06:58 -07:00
Tim Almdal
00eacd659f Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module. 2009-10-16 08:53:31 -07:00
Tim Almdal
4edf86f0eb Revert "Fix for ticket #452" 
This reverts commit 809e52d80c.
 2009-07-27 11:14:03 -07:00
Tim Almdal
5fd82a2ede Back out the fix for ticket #452 
Revert "Changed access::user_can to force the owner of an item to have"

This reverts commit 0b97cfd6f0.
 2009-07-27 11:13:20 -07:00
Tim Almdal
1ec1f19f1a Back out fixes for ticket #452 
Revert "It helps to save before committing :-)"

This reverts commit 0d76d6fd77.
 2009-07-27 11:12:27 -07:00
Andy Staudacher
570e0b0267 Merge branch 'master' of git://github.com/rledisez/gallery3 into rledisez/master 2009-07-26 22:45:53 -07:00
Tim Almdal
0d76d6fd77 It helps to save before committing :-) 2009-07-26 09:33:44 -07:00
Tim Almdal
0b97cfd6f0 Changed access::user_can to force the owner of an item to have 
view permission on the parent. Added a whitelist of allowable
owner permissions.

If the requested permission is view and the user requesting access
is the owner, check that they have view permission to the parent.
 2009-07-26 09:29:29 -07:00
Tim Almdal
809e52d80c Fix for ticket #452 
1) Change access_Core::user_can to return true for all permissions if the
   owner is the specified user.
2) Change Item_Model::viewable to set the owner_id is the first view_restriction
   This allowed simplification of the generating the where clause to a single
   $this->orwhere instead of a where and an orwhere.
 2009-07-25 23:45:48 -07:00
Romain LE DISEZ
23bb6eb7e3 Rename columns that use reserved SQL words : items.left and items.right 2009-07-25 19:06:54 +02:00
Bharat Mediratta
7f1a7ead58 Fix a typo in a comment 2009-07-23 09:24:33 -07:00
Romain LE DISEZ
7c7d4c0ec0 Consistency : always use self::XXX 
(cherry picked from commit c9017ae2f2)
 2009-07-23 09:12:08 -07:00
Romain LE DISEZ
350c1b0267 Use BOOLEAN instead of integer to describe the permissions : 
- DENY = false
 - ALLOW = true
 - UNKNOW = null  (for intent only)
 - INHERIT = null (for cache)

Upgrade is not included for now.
(cherry picked from commit 719c59e040)
 2009-07-23 09:11:55 -07:00
Tim Almdal
85ed445e23 remove an extra ->reload() that was there for testing 2009-07-22 15:20:30 -07:00
Tim Almdal
d4104a23ec Add explicit unit tests for access::user_can 2009-07-22 15:16:56 -07:00
Tim Almdal
4ddaaeb9dd Duh... when I added user_can, I passed in the user, but still used the groups from the session 2009-07-22 09:39:22 -07:00
Tim Almdal
f533aee1cc Add an API method user_can that allows for checking a specific user has the 
specified permission to the item.  Changed can to delegate to this method
passing in the active user.
 2009-07-21 15:52:46 -07:00
Bharat Mediratta
cd907c2b42 Change model_cache::clear() API to clear everything. This prevents 
old ORM relationships from hanging around, which was causing problems
when doing MPTT manipulations (resulting in incorrect permission
propagation-- very bad!)
 2009-07-17 12:51:27 -07:00