mirror of
https://github.com/Pathduck/gallery3.git
synced 2024-10-29 21:07:18 -04:00
Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module.
This commit is contained in:
parent
be6765336e
commit
00eacd659f
@ -26,7 +26,7 @@ class Akismet_Helper_Test extends Unit_Test_Case {
|
||||
|
||||
$root = ORM::factory("item", 1);
|
||||
$this->_comment = comment::create(
|
||||
$root, user::guest(), "This is a comment",
|
||||
$root, Identity::guest(), "This is a comment",
|
||||
"John Doe", "john@gallery2.org", "http://gallery2.org");
|
||||
foreach ($this->_comment->list_fields("comments") as $name => $field) {
|
||||
if (strpos($name, "server_") === 0) {
|
||||
|
@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller {
|
||||
$form = comment::get_add_form($item);
|
||||
$valid = $form->validate();
|
||||
if ($valid) {
|
||||
if (user::active()->guest && !$form->add_comment->inputs["name"]->value) {
|
||||
if (Identity::active()->guest && !$form->add_comment->inputs["name"]->value) {
|
||||
$form->add_comment->inputs["name"]->add_error("missing", 1);
|
||||
$valid = false;
|
||||
}
|
||||
@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller {
|
||||
|
||||
if ($valid) {
|
||||
$comment = comment::create(
|
||||
$item, user::active(),
|
||||
$item, Identity::active(),
|
||||
$form->add_comment->text->value,
|
||||
$form->add_comment->inputs["name"]->value,
|
||||
$form->add_comment->email->value,
|
||||
$form->add_comment->url->value);
|
||||
|
||||
$active = user::active();
|
||||
$active = Identity::active();
|
||||
if ($active->guest) {
|
||||
$form->add_comment->inputs["name"]->value("");
|
||||
$form->add_comment->email->value("");
|
||||
@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller {
|
||||
* @see REST_Controller::form_edit($resource)
|
||||
*/
|
||||
public function _form_edit($comment) {
|
||||
if (!user::active()->admin) {
|
||||
if (!Identity::active()->admin) {
|
||||
access::forbidden();
|
||||
}
|
||||
print comment::get_edit_form($comment);
|
||||
|
@ -75,7 +75,7 @@ class comment_Core {
|
||||
module::event("comment_add_form", $form);
|
||||
$group->submit("")->value(t("Add"));
|
||||
|
||||
$active = user::active();
|
||||
$active = Identity::active();
|
||||
if (!$active->guest) {
|
||||
$group->inputs["name"]->value($active->full_name)->disabled("disabled");
|
||||
$group->email->value($active->email)->disabled("disabled");
|
||||
|
@ -23,7 +23,7 @@ class Comment_Model extends ORM {
|
||||
}
|
||||
|
||||
function author() {
|
||||
return user::lookup($this->author_id);
|
||||
return Identity::lookup_user($this->author_id);
|
||||
}
|
||||
|
||||
function author_name() {
|
||||
|
@ -22,7 +22,7 @@ class Comment_Event_Test extends Unit_Test_Case {
|
||||
$rand = rand();
|
||||
$album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand");
|
||||
$comment = comment::create(
|
||||
$album, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||
$album, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||
|
||||
$album->delete();
|
||||
|
||||
|
@ -48,7 +48,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
|
||||
$rand = rand();
|
||||
$root = ORM::factory("item", 1);
|
||||
$comment = comment::create(
|
||||
$root, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||
$root, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||
|
||||
$this->assert_equal("name_$rand", $comment->author_name());
|
||||
$this->assert_equal("email_$rand", $comment->author_email());
|
||||
@ -77,7 +77,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
|
||||
public function create_comment_for_user_test() {
|
||||
$rand = rand();
|
||||
$root = ORM::factory("item", 1);
|
||||
$admin = user::lookup(2);
|
||||
$admin = Identity::lookup_user(2);
|
||||
$comment = comment::create(
|
||||
$root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||
|
||||
|
@ -22,17 +22,17 @@ class Comment_Model_Test extends Unit_Test_Case {
|
||||
public function cant_view_comments_for_unviewable_items_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
$album = album::create($root, rand(), rand(), rand());
|
||||
$comment = comment::create($album, user::guest(), "text", "name", "email", "url");
|
||||
user::set_active(user::guest());
|
||||
$comment = comment::create($album, Identity::guest(), "text", "name", "email", "url");
|
||||
Identity::set_active(Identity::guest());
|
||||
|
||||
// We can see the comment when permissions are granted on the album
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
$this->assert_equal(
|
||||
1,
|
||||
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
||||
|
||||
// We can't see the comment when permissions are denied on the album
|
||||
access::deny(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $album);
|
||||
$this->assert_equal(
|
||||
0,
|
||||
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
||||
|
@ -23,7 +23,7 @@ class Digibug_Controller extends Controller {
|
||||
$item = ORM::factory("item", $id);
|
||||
access::required("view", $item);
|
||||
|
||||
if (access::group_can(group::everybody(), "view_full", $item)) {
|
||||
if (access::group_can(Identity::everybody(), "view_full", $item)) {
|
||||
$full_url = $item->file_url(true);
|
||||
$thumb_url = $item->thumb_url(true);
|
||||
} else {
|
||||
|
@ -35,8 +35,8 @@ class Digibug_Controller_Test extends Unit_Test_Case {
|
||||
|
||||
$root = ORM::factory("item", 1);
|
||||
$this->_album = album::create($root, rand(), "test album");
|
||||
access::deny(group::everybody(), "view_full", $this->_album);
|
||||
access::deny(group::registered_users(), "view_full", $this->_album);
|
||||
access::deny(Identity::everybody(), "view_full", $this->_album);
|
||||
access::deny(Identity::registered_users(), "view_full", $this->_album);
|
||||
|
||||
$rand = rand();
|
||||
$this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
|
||||
|
@ -230,16 +230,16 @@ class g2_import_Core {
|
||||
switch ($g2_group->getGroupType()) {
|
||||
case GROUP_NORMAL:
|
||||
try {
|
||||
$group = group::create($g2_group->getGroupName());
|
||||
$group = Identity::create_group($g2_group->getGroupName());
|
||||
} catch (Exception $e) {
|
||||
// @todo For now we assume this is a "duplicate group" exception
|
||||
$group = group::lookup_by_name($g2_group->getGroupname());
|
||||
$group = Identity::lookup_user_by_name($g2_group->getGroupname());
|
||||
}
|
||||
$message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
|
||||
break;
|
||||
|
||||
case GROUP_ALL_USERS:
|
||||
$group = group::registered_users();
|
||||
$group = Identity::registered_users();
|
||||
$message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
|
||||
break;
|
||||
|
||||
@ -248,7 +248,7 @@ class g2_import_Core {
|
||||
break; // This is not a group in G3
|
||||
|
||||
case GROUP_EVERYBODY:
|
||||
$group = group::everybody();
|
||||
$group = Identity::everybody();
|
||||
$message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
|
||||
break;
|
||||
}
|
||||
@ -270,7 +270,7 @@ class g2_import_Core {
|
||||
}
|
||||
|
||||
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
|
||||
self::set_map($g2_user_id, user::guest()->id);
|
||||
self::set_map($g2_user_id, Identity::guest()->id);
|
||||
return t("Skipping Anonymous User");
|
||||
}
|
||||
|
||||
@ -285,11 +285,11 @@ class g2_import_Core {
|
||||
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
|
||||
|
||||
try {
|
||||
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
|
||||
$user = Identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
|
||||
$message = t("Created user: '%name'.", array("name" => $user->name));
|
||||
} catch (Exception $e) {
|
||||
// @todo For now we assume this is a "duplicate user" exception
|
||||
$user = user::lookup_by_name($g2_user->getUsername());
|
||||
$user = Identity::lookup_user_by_name($g2_user->getUsername());
|
||||
$message = t("Loaded existing user: '%name'.", array("name" => $user->name));
|
||||
}
|
||||
|
||||
@ -313,7 +313,6 @@ class g2_import_Core {
|
||||
return $message;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Import a single album.
|
||||
*/
|
||||
|
@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
|
||||
private $theme;
|
||||
|
||||
public function __construct($theme=null) {
|
||||
if (!(user::active()->admin)) {
|
||||
if (!(Identity::active()->admin)) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
|
@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller {
|
||||
$view = new Theme_View("page.html", "login");
|
||||
$view->page_title = t("Log in to Gallery");
|
||||
$view->content = new View("login_ajax.html");
|
||||
$view->content->form = user::get_login_form("login/auth_html");
|
||||
$view->content->form = Identity::get_login_form("login/auth_html");
|
||||
print $view;
|
||||
return;
|
||||
} else {
|
||||
@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
|
||||
$this->input->post("name"),
|
||||
$this->input->post("title", $this->input->post("name")),
|
||||
$this->input->post("description"),
|
||||
user::active()->id,
|
||||
Identity::active()->id,
|
||||
$this->input->post("slug"));
|
||||
|
||||
log::success("content", "Created an album",
|
||||
@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
|
||||
$_FILES["file"]["name"],
|
||||
$this->input->post("title", $this->input->post("name")),
|
||||
$this->input->post("description"),
|
||||
user::active()->id);
|
||||
Identity::active()->id);
|
||||
|
||||
log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
|
||||
message::success(t("Added photo %photo_title",
|
||||
|
@ -20,7 +20,7 @@
|
||||
class L10n_Client_Controller extends Controller {
|
||||
public function save() {
|
||||
access::verify_csrf();
|
||||
if (!user::active()->admin) {
|
||||
if (!Identity::active()->admin) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
|
||||
|
||||
public function toggle_l10n_mode() {
|
||||
access::verify_csrf();
|
||||
if (!user::active()->admin) {
|
||||
if (!Identity::active()->admin) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
|
@ -21,7 +21,7 @@ class Login_Controller extends Controller {
|
||||
|
||||
public function ajax() {
|
||||
$view = new View("login_ajax.html");
|
||||
$view->form = user::get_login_form("login/auth_ajax");
|
||||
$view->form = Identity::get_login_form("login/auth_ajax");
|
||||
print $view;
|
||||
}
|
||||
|
||||
@ -40,7 +40,7 @@ class Login_Controller extends Controller {
|
||||
}
|
||||
|
||||
public function html() {
|
||||
print user::get_login_form("login/auth_html");
|
||||
print Identity::get_login_form("login/auth_html");
|
||||
}
|
||||
|
||||
public function auth_html() {
|
||||
@ -54,11 +54,11 @@ class Login_Controller extends Controller {
|
||||
}
|
||||
}
|
||||
private function _auth($url) {
|
||||
$form = user::get_login_form($url);
|
||||
$form = Identity::get_login_form($url);
|
||||
$valid = $form->validate();
|
||||
if ($valid) {
|
||||
$user = user::lookup_by_name($form->login->inputs["name"]->value);
|
||||
if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
|
||||
$user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
|
||||
if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) {
|
||||
log::warning(
|
||||
"user",
|
||||
t("Failed login for %name",
|
||||
@ -69,7 +69,7 @@ class Login_Controller extends Controller {
|
||||
}
|
||||
|
||||
if ($valid) {
|
||||
user::login($user);
|
||||
Identity::login($user);
|
||||
log::info("user", t("User %name logged in", array("name" => $user->name)));
|
||||
}
|
||||
|
||||
|
@ -21,8 +21,8 @@ class Logout_Controller extends Controller {
|
||||
public function index() {
|
||||
//access::verify_csrf();
|
||||
|
||||
$user = user::active();
|
||||
user::logout();
|
||||
$user = Identity::active();
|
||||
Identity::logout();
|
||||
log::info("user", t("User %name logged out", array("name" => $user->name)),
|
||||
html::anchor("user/$user->id", html::clean($user->name)));
|
||||
if ($continue_url = $this->input->get("continue")) {
|
||||
|
@ -32,7 +32,7 @@ class Password_Controller extends Controller {
|
||||
if (request::method() == "post") {
|
||||
$this->_change_password();
|
||||
} else {
|
||||
$user = user::lookup_by_hash(Input::instance()->get("key"));
|
||||
$user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
|
||||
if (!empty($user)) {
|
||||
print $this->_new_password_form($user->hash);
|
||||
} else {
|
||||
@ -46,7 +46,7 @@ class Password_Controller extends Controller {
|
||||
|
||||
$valid = $form->validate();
|
||||
if ($valid) {
|
||||
$user = user::lockup_by_name($form->reset->inputs["name"]->value);
|
||||
$user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
|
||||
if (!$user->loaded || empty($user->email)) {
|
||||
$form->reset->inputs["name"]->add_error("no_email", 1);
|
||||
$valid = false;
|
||||
@ -116,7 +116,7 @@ class Password_Controller extends Controller {
|
||||
private function _change_password() {
|
||||
$view = $this->_new_password_form();
|
||||
if ($view->content->validate()) {
|
||||
$user = user::lookup_by_hash(Input::instance()->get("key"));
|
||||
$user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
|
||||
if (empty($user)) {
|
||||
throw new Exception("@todo FORBIDDEN", 503);
|
||||
}
|
||||
|
@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
|
||||
|
||||
// If the active user just took away their own edit permissions, give it back.
|
||||
if ($perm->name == "edit") {
|
||||
if (!access::user_can(user::active(), "edit", $item)) {
|
||||
if (!access::user_can(Identity::active(), "edit", $item)) {
|
||||
access::allow($group, $perm->name, $item);
|
||||
}
|
||||
}
|
||||
|
@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
|
||||
}
|
||||
|
||||
$view = new View("upgrader.html");
|
||||
$view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
|
||||
$view->can_upgrade = Identity::active()->admin || $session->get("can_upgrade");
|
||||
$view->upgrade_token = $upgrade_token;
|
||||
$view->available = module::available();
|
||||
$view->done = ($available_upgrades == 0);
|
||||
@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
|
||||
// @todo this may screw up some module installers, but we don't have a better answer at
|
||||
// this time.
|
||||
$_SERVER["HTTP_HOST"] = "example.com";
|
||||
} else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
|
||||
} else if (!Identity::active()->admin && !Session::instance()->get("can_upgrade", false)) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
|
@ -19,12 +19,12 @@
|
||||
*/
|
||||
class Welcome_Message_Controller extends Controller {
|
||||
public function index() {
|
||||
if (!user::active()->admin) {
|
||||
if (!Identity::active()->admin) {
|
||||
url::redirect(item::root()->abs_url());
|
||||
}
|
||||
|
||||
$v = new View("welcome_message.html");
|
||||
$v->user = user::active();
|
||||
$v->user = Identity::active();
|
||||
print $v;
|
||||
}
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ class access_Core {
|
||||
* @return boolean
|
||||
*/
|
||||
static function can($perm_name, $item) {
|
||||
return self::user_can(user::active(), $perm_name, $item);
|
||||
return self::user_can(Identity::active(), $perm_name, $item);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -27,7 +27,7 @@ class gallery_Core {
|
||||
static function maintenance_mode() {
|
||||
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
|
||||
|
||||
if (Router::$controller != "login" && !empty($maintenance_mode) && !user::active()->admin) {
|
||||
if (Router::$controller != "login" && !empty($maintenance_mode) && !Identity::active()->admin) {
|
||||
Router::$controller = "maintenance";
|
||||
Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
|
||||
Router::$method = "index";
|
||||
|
@ -24,10 +24,10 @@ class gallery_event_Core {
|
||||
*/
|
||||
static function gallery_ready() {
|
||||
// Call Identity::instance() now to force the load of the user interface classes.
|
||||
// user::load_user will attempt to load the active user from the session and needs
|
||||
// Identity::load_user will attempt to load the active user from the session and needs
|
||||
// the user definition class, which can't be reached by Kohana's heiracrchical lookup.
|
||||
Identity::instance();
|
||||
user::load_user();
|
||||
Identity::load_user();
|
||||
locales::set_request_locale();
|
||||
}
|
||||
|
||||
@ -139,7 +139,7 @@ class gallery_event_Core {
|
||||
}
|
||||
}
|
||||
|
||||
if (user::active()->admin) {
|
||||
if (Identity::active()->admin) {
|
||||
$menu->append($admin_menu = Menu::factory("submenu")
|
||||
->id("admin_menu")
|
||||
->label(t("Admin")));
|
||||
|
@ -54,7 +54,7 @@ class gallery_theme_Core {
|
||||
static function header_top($theme) {
|
||||
if ($theme->page_type != "login") {
|
||||
$view = new View("login.html");
|
||||
$view->user = user::active();
|
||||
$view->user = Identity::active();
|
||||
return $view->render();
|
||||
}
|
||||
}
|
||||
|
@ -158,8 +158,8 @@ class item_Core {
|
||||
*/
|
||||
static function viewable($model) {
|
||||
$view_restrictions = array();
|
||||
if (!user::active()->admin) {
|
||||
foreach (user::group_ids() as $id) {
|
||||
if (!Identity::active()->admin) {
|
||||
foreach (Identity::group_ids_for_active_user() as $id) {
|
||||
// Separate the first restriction from the rest to make it easier for us to formulate
|
||||
// our where clause below
|
||||
if (empty($view_restrictions)) {
|
||||
|
@ -141,7 +141,7 @@ class locales_Core {
|
||||
$locale = self::cookie_locale();
|
||||
// 2. Check the user's preference
|
||||
if (!$locale) {
|
||||
$locale = user::active()->locale;
|
||||
$locale = Identity::active()->locale;
|
||||
}
|
||||
// 3. Check the browser's / OS' preference
|
||||
if (!$locale) {
|
||||
|
@ -80,7 +80,7 @@ class log_Core {
|
||||
$log->url = substr(url::abs_current(true), 0, 255);
|
||||
$log->referer = request::referrer(null);
|
||||
$log->timestamp = time();
|
||||
$log->user_id = user::active()->id;
|
||||
$log->user_id = Identity::active()->id;
|
||||
$log->save();
|
||||
}
|
||||
|
||||
|
@ -77,7 +77,7 @@ class movie_Core {
|
||||
$movie->title = $title;
|
||||
$movie->description = $description;
|
||||
$movie->name = $name;
|
||||
$movie->owner_id = $owner_id ? $owner_id : user::active();
|
||||
$movie->owner_id = $owner_id ? $owner_id : Identity::active();
|
||||
$movie->width = $movie_info[0];
|
||||
$movie->height = $movie_info[1];
|
||||
$movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
|
||||
|
@ -76,7 +76,7 @@ class photo_Core {
|
||||
$photo->title = $title;
|
||||
$photo->description = $description;
|
||||
$photo->name = $name;
|
||||
$photo->owner_id = $owner_id ? $owner_id : user::active();
|
||||
$photo->owner_id = $owner_id ? $owner_id : Identity::active();
|
||||
$photo->width = $image_info[0];
|
||||
$photo->height = $image_info[1];
|
||||
$photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
|
||||
|
@ -95,7 +95,7 @@ class site_status_Core {
|
||||
* @return html text
|
||||
*/
|
||||
static function get() {
|
||||
if (!user::active()->admin) {
|
||||
if (!Identity::active()->admin) {
|
||||
return;
|
||||
}
|
||||
$buf = array();
|
||||
|
@ -42,7 +42,7 @@ class task_Core {
|
||||
$task->percent_complete = 0;
|
||||
$task->status = "";
|
||||
$task->state = "started";
|
||||
$task->owner_id = user::active()->id;
|
||||
$task->owner_id = Identity::active()->id;
|
||||
$task->context = serialize($context);
|
||||
$task->save();
|
||||
|
||||
|
@ -1,223 +0,0 @@
|
||||
<?php defined("SYSPATH") or die("No direct script access.");
|
||||
/**
|
||||
* Gallery - a web based photo album viewer and editor
|
||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or (at
|
||||
* your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/**
|
||||
* This is the API for handling users.
|
||||
*
|
||||
* Note: by design, this class does not do any permission checking.
|
||||
*/
|
||||
class user_Core {
|
||||
static function get_login_form($url) {
|
||||
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
|
||||
$form->set_attr('class', "g-narrow");
|
||||
$group = $form->group("login")->label(t("Login"));
|
||||
$group->input("name")->label(t("Username"))->id("g-username")->class(null);
|
||||
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
|
||||
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
|
||||
$group->submit("")->value(t("Login"));
|
||||
return $form;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the active user. If there's no active user, return the guest user.
|
||||
*
|
||||
* @return User_Model
|
||||
*/
|
||||
static function active() {
|
||||
// @todo (maybe) cache this object so we're not always doing session lookups.
|
||||
$user = Session::instance()->get("user", null);
|
||||
if (!isset($user)) {
|
||||
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
|
||||
// work.
|
||||
$user = self::guest();
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Change the active user.
|
||||
*
|
||||
* @return User_Model
|
||||
*/
|
||||
static function set_active($user) {
|
||||
$session = Session::instance();
|
||||
$session->set("user", $user);
|
||||
$session->delete("group_ids");
|
||||
self::load_user();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the array of group ids this user belongs to
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
static function group_ids() {
|
||||
return Session::instance()->get("group_ids", array(1));
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure that we have a session and group_ids cached in the session. This is one
|
||||
* of the first calls to reference the user so call the Identity::instance to load the
|
||||
* driver classes.
|
||||
*/
|
||||
static function load_user() {
|
||||
$session = Session::instance();
|
||||
if (!($user = $session->get("user"))) {
|
||||
$session->set("user", $user = self::guest());
|
||||
}
|
||||
|
||||
// The installer cannot set a user into the session, so it just sets an id which we should
|
||||
// upconvert into a user.
|
||||
// @todo what is user id===2
|
||||
if ($user === 2) {
|
||||
$user = model_cache::get("user", 2);
|
||||
self::login($user);
|
||||
$session->set("user", $user);
|
||||
}
|
||||
|
||||
if (!$session->get("group_ids")) {
|
||||
$ids = array();
|
||||
foreach ($user->groups as $group) {
|
||||
$ids[] = $group->id;
|
||||
}
|
||||
$session->set("group_ids", $ids);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Log in as a given user.
|
||||
* @param object $user the user object.
|
||||
*/
|
||||
static function login($user) {
|
||||
// @todo make this an interface call
|
||||
$user->login_count += 1;
|
||||
$user->last_login = time();
|
||||
$user->save();
|
||||
|
||||
self::set_active($user);
|
||||
module::event("user_login", $user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log out the active user and destroy the session.
|
||||
* @param object $user the user object.
|
||||
*/
|
||||
static function logout() {
|
||||
$user = self::active();
|
||||
if (!$user->guest) {
|
||||
try {
|
||||
Session::instance()->destroy();
|
||||
} catch (Exception $e) {
|
||||
Kohana::log("error", $e);
|
||||
}
|
||||
module::event("user_logout", $user);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Core::is_writable.
|
||||
*/
|
||||
static function is_writable() {
|
||||
return Identity::instance()->is_writable();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::guest.
|
||||
*/
|
||||
static function guest() {
|
||||
return Identity::instance()->guest();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::create_user.
|
||||
*/
|
||||
static function create($name, $full_name, $password) {
|
||||
return Identity::instance()->create_user($name, $full_name, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::is_correct_password.
|
||||
*/
|
||||
static function is_correct_password($user, $password) {
|
||||
return Identity::instance()->is_correct_password($user, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::hash_password.
|
||||
*/
|
||||
static function hash_password($password) {
|
||||
return Identity::instance()->hash_password($password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by id.
|
||||
* @param integer $id the user id
|
||||
* @return User_Definition the user object, or null if the id was invalid.
|
||||
*/
|
||||
static function lookup($id) {
|
||||
return Identity::instance()->lookup_user_by_field("id", $id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by name.
|
||||
* @param integer $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_by_name($name) {
|
||||
return Identity::instance()->lookup_user_by_field("name", $name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by hash.
|
||||
* @param string $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_by_hash($hash) {
|
||||
return Identity::instance()->lookup_user_by_field("hash", $hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_user_list.
|
||||
*/
|
||||
static function get_user_list($filter=array()) {
|
||||
return Identity::instance()->get_user_list($filter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_edit_rules.
|
||||
*/
|
||||
static function get_edit_rules() {
|
||||
return Identity::instance()->get_edit_rules("user");
|
||||
}
|
||||
|
||||
private static function _lookup_user_by_field($field_name, $value) {
|
||||
try {
|
||||
$user = model_cache::get("user", $value, $field_name);
|
||||
if ($user->loaded) {
|
||||
return $user;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
|
||||
parent::__construct($name);
|
||||
|
||||
$this->theme_name = module::get_var("gallery", "active_admin_theme");
|
||||
if (user::active()->admin) {
|
||||
if (Identity::active()->admin) {
|
||||
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
||||
}
|
||||
$this->sidebar = "";
|
||||
$this->set_global("theme", $this);
|
||||
$this->set_global("user", user::active());
|
||||
$this->set_global("user", Identity::active());
|
||||
}
|
||||
|
||||
public function admin_menu() {
|
||||
|
@ -22,7 +22,7 @@
|
||||
* Provides a driver-based interface for managing users and groups.
|
||||
*/
|
||||
class Identity_Core {
|
||||
protected static $instances;
|
||||
protected static $instance;
|
||||
|
||||
// Configuration
|
||||
protected $config;
|
||||
@ -38,12 +38,12 @@ class Identity_Core {
|
||||
* @return Identity_Core
|
||||
*/
|
||||
static function & instance($config="default") {
|
||||
if (!isset(Identity::$instances)) {
|
||||
if (!isset(Identity::$instance)) {
|
||||
// Create a new instance
|
||||
Identity::$instances = new Identity($config);
|
||||
Identity::$instance = new Identity($config);
|
||||
}
|
||||
|
||||
return Identity::$instances;
|
||||
return Identity::$instance;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -85,9 +85,10 @@ class Identity_Core {
|
||||
$this->driver = new $driver($this->config["params"]);
|
||||
|
||||
// Validate the driver
|
||||
if ( !($this->driver instanceof Identity_Driver))
|
||||
if ( !($this->driver instanceof Identity_Driver)) {
|
||||
throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
|
||||
get_class($this), "Identity_Driver");
|
||||
}
|
||||
|
||||
Kohana::log("debug", "Identity Library initialized");
|
||||
}
|
||||
@ -98,91 +99,220 @@ class Identity_Core {
|
||||
*
|
||||
* @return boolean true if the driver supports updates; false if read only
|
||||
*/
|
||||
public function is_writable() {
|
||||
return !empty($this->config["allow_updates"]);
|
||||
static function is_writable() {
|
||||
return !empty(self::instance()->config["allow_updates"]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::guest.
|
||||
*/
|
||||
public function guest() {
|
||||
return $this->driver->guest();
|
||||
static function guest() {
|
||||
return self::instance()->driver->guest();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::create_user.
|
||||
*/
|
||||
public function create_user($name, $full_name, $password) {
|
||||
return $this->driver->create_user($name, $full_name, $password);
|
||||
static function create_user($name, $full_name, $password) {
|
||||
return self::instance()->driver->create_user($name, $full_name, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::is_correct_password.
|
||||
*/
|
||||
public function is_correct_password($user, $password) {
|
||||
return $this->driver->is_correct_password($user, $password);
|
||||
static function is_correct_password($user, $password) {
|
||||
return self::instance()->driver->is_correct_password($user, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::hash_password.
|
||||
*/
|
||||
public function hash_password($password) {
|
||||
return $this->driver->hash_password($password);
|
||||
static function hash_password($password) {
|
||||
return self::instance()->driver->hash_password($password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::lookup_user_by_field.
|
||||
* Look up a user by id.
|
||||
* @param integer $id the user id
|
||||
* @return User_Definition the user object, or null if the id was invalid.
|
||||
*/
|
||||
public function lookup_user_by_field($field_name, $value) {
|
||||
return $this->driver->lookup_user_by_field($field_name, $value);
|
||||
static function lookup_user($id) {
|
||||
return self::instance()->driver->lookup_user_by_field("id", $id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by name.
|
||||
* @param integer $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_user_by_name($name) {
|
||||
return self::instance()->driver->lookup_user_by_field("name", $name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by hash.
|
||||
* @param string $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_user_by_hash($hash) {
|
||||
return self::instance()->driver->lookup_user_by_field("hash", $hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::create_group.
|
||||
*/
|
||||
public function create_group($name) {
|
||||
return $this->driver->create_group($name);
|
||||
static function create_group($name) {
|
||||
return self::instance()->driver->create_group($name);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::everybody.
|
||||
*/
|
||||
public function everybody() {
|
||||
return $this->driver->everybody();
|
||||
static function everybody() {
|
||||
return self::instance()->driver->everybody();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::registered_users.
|
||||
*/
|
||||
public function registered_users() {
|
||||
return $this->driver->everybody();
|
||||
static function registered_users() {
|
||||
return self::instance()->driver->everybody();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::lookup_group_by_field.
|
||||
* Look up a group by name.
|
||||
* @param integer $id the group name
|
||||
* @return Group_Definition the group object, or null if the name was invalid.
|
||||
*/
|
||||
public function lookup_group_by_field($field_name, $value) {
|
||||
return $this->driver->lookup_group_by_field($field_name, $value);
|
||||
static function lookup_group_by_name($name) {
|
||||
return self::instance()->driver->lookup_group_by_field("name", $name);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_user_list.
|
||||
*/
|
||||
public function get_user_list($filter=array()) {
|
||||
return $this->driver->get_user_list($filter);
|
||||
static function get_user_list($filter=array()) {
|
||||
return self::instance()->driver->get_user_list($filter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_group_list.
|
||||
*/
|
||||
public function get_group_list($filter=array()) {
|
||||
return $this->driver->get_group_list($filter);
|
||||
static function get_group_list($filter=array()) {
|
||||
return self::instance()->driver->get_group_list($filter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_edit_rules.
|
||||
*/
|
||||
public function get_edit_rules($object_type) {
|
||||
return $this->driver->get_edit_rules($object_type);
|
||||
static function get_edit_rules($object_type) {
|
||||
return self::instance()->driver->get_edit_rules($object_type);
|
||||
}
|
||||
|
||||
static function get_login_form($url) {
|
||||
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
|
||||
$form->set_attr('class', "g-narrow");
|
||||
$group = $form->group("login")->label(t("Login"));
|
||||
$group->input("name")->label(t("Username"))->id("g-username")->class(null);
|
||||
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
|
||||
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
|
||||
$group->submit("")->value(t("Login"));
|
||||
return $form;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the active user. If there's no active user, return the guest user.
|
||||
*
|
||||
* @return User_Model
|
||||
*/
|
||||
static function active() {
|
||||
// @todo (maybe) cache this object so we're not always doing session lookups.
|
||||
$user = Session::instance()->get("user", null);
|
||||
if (!isset($user)) {
|
||||
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
|
||||
// work.
|
||||
$user = self::guest();
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* Change the active user.
|
||||
*
|
||||
* @return User_Model
|
||||
*/
|
||||
static function set_active($user) {
|
||||
$session = Session::instance();
|
||||
$session->set("user", $user);
|
||||
$session->delete("group_ids");
|
||||
self::load_user();
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the array of group ids this user belongs to
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
static function group_ids_for_active_user() {
|
||||
return Session::instance()->get("group_ids", array(1));
|
||||
}
|
||||
|
||||
/**
|
||||
* Make sure that we have a session and group_ids cached in the session. This is one
|
||||
* of the first calls to reference the user so call the Identity::instance to load the
|
||||
* driver classes.
|
||||
*/
|
||||
static function load_user() {
|
||||
$session = Session::instance();
|
||||
if (!($user = $session->get("user"))) {
|
||||
$session->set("user", $user = self::guest());
|
||||
}
|
||||
|
||||
// The installer cannot set a user into the session, so it just sets an id which we should
|
||||
// upconvert into a user.
|
||||
// @todo set the user name into the session instead of 2 and then use it to get the user object
|
||||
if ($user === 2) {
|
||||
$user = self::lookup_user_by_name("admin");
|
||||
self::login($user);
|
||||
$session->set("user", $user);
|
||||
}
|
||||
|
||||
if (!$session->get("group_ids")) {
|
||||
$ids = array();
|
||||
foreach ($user->groups as $group) {
|
||||
$ids[] = $group->id;
|
||||
}
|
||||
$session->set("group_ids", $ids);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Log in as a given user.
|
||||
* @param object $user the user object.
|
||||
*/
|
||||
static function login($user) {
|
||||
// @todo make this an interface call
|
||||
$user->login_count += 1;
|
||||
$user->last_login = time();
|
||||
$user->save();
|
||||
|
||||
self::set_active($user);
|
||||
module::event("user_login", $user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log out the active user and destroy the session.
|
||||
* @param object $user the user object.
|
||||
*/
|
||||
static function logout() {
|
||||
$user = self::active();
|
||||
if (!$user->guest) {
|
||||
try {
|
||||
Session::instance()->destroy();
|
||||
} catch (Exception $e) {
|
||||
Kohana::log("error", $e);
|
||||
}
|
||||
module::event("user_logout", $user);
|
||||
}
|
||||
}
|
||||
} // End Identity
|
||||
|
@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
|
||||
parent::__construct($name);
|
||||
|
||||
$this->theme_name = module::get_var("gallery", "active_site_theme");
|
||||
if (user::active()->admin) {
|
||||
if (Identity::active()->admin) {
|
||||
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
||||
}
|
||||
$this->item = null;
|
||||
$this->tag = null;
|
||||
$this->set_global("theme", $this);
|
||||
$this->set_global("user", user::active());
|
||||
$this->set_global("user", Identity::active());
|
||||
$this->set_global("page_type", $page_type);
|
||||
$this->set_global("page_title", null);
|
||||
if ($page_type == "album") {
|
||||
@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
|
||||
*/
|
||||
public function sidebar_blocks() {
|
||||
$sidebar = block_manager::get_html("site.sidebar", $this);
|
||||
if (empty($sidebar) && user::active()->admin) {
|
||||
if (empty($sidebar) && Identity::active()->admin) {
|
||||
$sidebar = new View("no_sidebar.html");
|
||||
}
|
||||
return $sidebar;
|
||||
|
@ -333,7 +333,7 @@ class Item_Model extends ORM_MPTT {
|
||||
// This relationship depends on an outside module, which may not be present so handle
|
||||
// failures gracefully.
|
||||
try {
|
||||
return user::lookup($this->owner_id);
|
||||
return Identity::lookup_user($this->owner_id);
|
||||
} catch (Exception $e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -26,7 +26,7 @@ class Log_Model extends ORM {
|
||||
// This relationship depends on an outside module, which may not be present so handle
|
||||
// failures gracefully.
|
||||
try {
|
||||
return user::lookup($this->user_id);
|
||||
return Identity::lookup_user($this->user_id);
|
||||
} catch (Exception $e) {
|
||||
return null;
|
||||
}
|
||||
|
@ -46,7 +46,7 @@ class Task_Model extends ORM {
|
||||
}
|
||||
|
||||
public function owner() {
|
||||
return user::lookup($this->owner_id);
|
||||
return Identity::lookup_user($this->owner_id);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -33,7 +33,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
} catch (Exception $e) { }
|
||||
|
||||
try {
|
||||
$user = user::lookup_by_name("access_test");
|
||||
$user = Identity::lookup_user_by_name("access_test");
|
||||
if ($user->loaded) {
|
||||
$user->delete();
|
||||
}
|
||||
@ -41,16 +41,16 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
|
||||
// Reset some permissions that we mangle below
|
||||
$root = ORM::factory("item", 1);
|
||||
access::allow(group::everybody(), "view", $root);
|
||||
access::allow(Identity::everybody(), "view", $root);
|
||||
}
|
||||
|
||||
public function setup() {
|
||||
user::set_active(user::guest());
|
||||
Identity::set_active(Identity::guest());
|
||||
}
|
||||
|
||||
public function groups_and_permissions_are_bound_to_columns_test() {
|
||||
access::register_permission("access_test", "Access Test");
|
||||
$group = group::create("access_test");
|
||||
$group = Identity::create_group("access_test");
|
||||
|
||||
// We have a new column for this perm / group combo
|
||||
$fields = Database::instance()->list_fields("access_caches");
|
||||
@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
}
|
||||
|
||||
public function user_can_access_test() {
|
||||
$access_test = group::create("access_test");
|
||||
$access_test = Identity::create_group("access_test");
|
||||
|
||||
$root = ORM::factory("item", 1);
|
||||
access::allow($access_test, "view", $root);
|
||||
|
||||
$item = album::create($root, rand(), "test album");
|
||||
|
||||
access::deny(group::everybody(), "view", $item);
|
||||
access::deny(group::registered_users(), "view", $item);
|
||||
access::deny(Identity::everybody(), "view", $item);
|
||||
access::deny(Identity::registered_users(), "view", $item);
|
||||
|
||||
$user = user::create("access_test", "Access Test", "");
|
||||
$user = Identity::create_user("access_test", "Access Test", "");
|
||||
foreach ($user->groups as $group) {
|
||||
$user->remove($group);
|
||||
}
|
||||
@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$root = ORM::factory("item", 1);
|
||||
$item = album::create($root, rand(), "test album");
|
||||
|
||||
access::deny(group::everybody(), "view", $item);
|
||||
access::deny(group::registered_users(), "view", $item);
|
||||
access::deny(Identity::everybody(), "view", $item);
|
||||
access::deny(Identity::registered_users(), "view", $item);
|
||||
|
||||
$user = user::create("access_test", "Access Test", "");
|
||||
$user = Identity::create_user("access_test", "Access Test", "");
|
||||
foreach ($user->groups as $group) {
|
||||
$user->remove($group);
|
||||
}
|
||||
@ -121,14 +121,14 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$root = ORM::factory("item", 1);
|
||||
|
||||
$album = album::create($root, rand(), "test album");
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
|
||||
$photo = ORM::factory("item");
|
||||
$photo->type = "photo";
|
||||
$photo->add_to_parent($album);
|
||||
access::add_item($photo);
|
||||
|
||||
$this->assert_true($photo->__get("view_" . group::everybody()->id));
|
||||
$this->assert_true($photo->__get("view_" . Identity::everybody()->id));
|
||||
}
|
||||
|
||||
public function can_allow_deny_and_reset_intent_test() {
|
||||
@ -137,23 +137,23 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$intent = ORM::factory("access_intent")->where("item_id", $album)->find();
|
||||
|
||||
// Allow
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
$this->assert_same(access::ALLOW, $intent->reload()->view_1);
|
||||
|
||||
// Deny
|
||||
access::deny(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $album);
|
||||
$this->assert_same(
|
||||
access::DENY,
|
||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||
|
||||
// Allow again. If the initial value was allow, then the first Allow clause above may not
|
||||
// have actually changed any values.
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
$this->assert_same(
|
||||
access::ALLOW,
|
||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||
|
||||
access::reset(group::everybody(), "view", $album);
|
||||
access::reset(Identity::everybody(), "view", $album);
|
||||
$this->assert_same(
|
||||
null,
|
||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||
@ -161,7 +161,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
|
||||
public function cant_reset_root_item_test() {
|
||||
try {
|
||||
access::reset(group::everybody(), "view", ORM::factory("item", 1));
|
||||
access::reset(Identity::everybody(), "view", ORM::factory("item", 1));
|
||||
} catch (Exception $e) {
|
||||
return;
|
||||
}
|
||||
@ -170,17 +170,17 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
|
||||
public function can_view_item_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
access::allow(group::everybody(), "view", $root);
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $root));
|
||||
access::allow(Identity::everybody(), "view", $root);
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $root));
|
||||
}
|
||||
|
||||
public function can_always_fails_on_unloaded_items_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
access::allow(group::everybody(), "view", $root);
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $root));
|
||||
access::allow(Identity::everybody(), "view", $root);
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $root));
|
||||
|
||||
$bogus = ORM::factory("item", -1);
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $bogus));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $bogus));
|
||||
}
|
||||
|
||||
public function cant_view_child_of_hidden_parent_test() {
|
||||
@ -188,21 +188,21 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$album = album::create($root, rand(), "test album");
|
||||
|
||||
$root->reload();
|
||||
access::deny(group::everybody(), "view", $root);
|
||||
access::reset(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $root);
|
||||
access::reset(Identity::everybody(), "view", $album);
|
||||
|
||||
$album->reload();
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $album));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $album));
|
||||
}
|
||||
|
||||
public function view_permissions_propagate_down_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
$album = album::create($root, rand(), "test album");
|
||||
|
||||
access::allow(group::everybody(), "view", $root);
|
||||
access::reset(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $root);
|
||||
access::reset(Identity::everybody(), "view", $album);
|
||||
$album->reload();
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $album));
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $album));
|
||||
}
|
||||
|
||||
public function can_toggle_view_permissions_propagate_down_test() {
|
||||
@ -217,18 +217,18 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$album3->reload();
|
||||
$album4->reload();
|
||||
|
||||
access::allow(group::everybody(), "view", $root);
|
||||
access::deny(group::everybody(), "view", $album1);
|
||||
access::reset(group::everybody(), "view", $album2);
|
||||
access::reset(group::everybody(), "view", $album3);
|
||||
access::reset(group::everybody(), "view", $album4);
|
||||
access::allow(Identity::everybody(), "view", $root);
|
||||
access::deny(Identity::everybody(), "view", $album1);
|
||||
access::reset(Identity::everybody(), "view", $album2);
|
||||
access::reset(Identity::everybody(), "view", $album3);
|
||||
access::reset(Identity::everybody(), "view", $album4);
|
||||
|
||||
$album4->reload();
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $album4));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $album4));
|
||||
|
||||
access::allow(group::everybody(), "view", $album1);
|
||||
access::allow(Identity::everybody(), "view", $album1);
|
||||
$album4->reload();
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $album4));
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $album4));
|
||||
}
|
||||
|
||||
public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
|
||||
@ -237,29 +237,29 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$album2 = album::create($album1, rand(), "test album");
|
||||
|
||||
$root->reload();
|
||||
access::deny(group::everybody(), "view", $root);
|
||||
access::allow(group::everybody(), "view", $album2);
|
||||
access::deny(Identity::everybody(), "view", $root);
|
||||
access::allow(Identity::everybody(), "view", $album2);
|
||||
|
||||
$album1->reload();
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $album1));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $album1));
|
||||
|
||||
$album2->reload();
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $album2));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $album2));
|
||||
}
|
||||
|
||||
public function can_edit_item_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
$this->assert_true(access::group_can(group::everybody(), "edit", $root));
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "edit", $root));
|
||||
}
|
||||
|
||||
public function non_view_permissions_propagate_down_test() {
|
||||
$root = ORM::factory("item", 1);
|
||||
$album = album::create($root, rand(), "test album");
|
||||
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::reset(group::everybody(), "edit", $album);
|
||||
$this->assert_true(access::group_can(group::everybody(), "edit", $album));
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
access::reset(Identity::everybody(), "edit", $album);
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "edit", $album));
|
||||
}
|
||||
|
||||
public function non_view_permissions_can_be_revoked_lower_down_test() {
|
||||
@ -279,36 +279,36 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$outer->reload();
|
||||
$inner->reload();
|
||||
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::deny(group::everybody(), "edit", $outer);
|
||||
access::allow(group::everybody(), "edit", $inner);
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
access::deny(Identity::everybody(), "edit", $outer);
|
||||
access::allow(Identity::everybody(), "edit", $inner);
|
||||
|
||||
// Outer album is not editable, inner one is.
|
||||
$this->assert_false(access::group_can(group::everybody(), "edit", $outer_photo));
|
||||
$this->assert_true(access::group_can(group::everybody(), "edit", $inner_photo));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo));
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo));
|
||||
}
|
||||
|
||||
public function i_can_edit_test() {
|
||||
// Create a new user that belongs to no groups
|
||||
$user = user::create("access_test", "Access Test", "");
|
||||
$user = Identity::create_user("access_test", "Access Test", "");
|
||||
foreach ($user->groups as $group) {
|
||||
$user->remove($group);
|
||||
}
|
||||
$user->save();
|
||||
user::set_active($user);
|
||||
Identity::set_active($user);
|
||||
|
||||
// This user can't edit anything
|
||||
$root = ORM::factory("item", 1);
|
||||
$this->assert_false(access::can("edit", $root));
|
||||
|
||||
// Now add them to a group that has edit permission
|
||||
$group = group::create("access_test");
|
||||
$group = Identity::create_group("access_test");
|
||||
$group->add($user);
|
||||
$group->save();
|
||||
access::allow($group, "edit", $root);
|
||||
|
||||
$user = user::lookup($user->id); // reload() does not flush related columns
|
||||
user::set_active($user);
|
||||
$user = Identity::lookup_user($user->id); // reload() does not flush related columns
|
||||
Identity::set_active($user);
|
||||
|
||||
// And verify that the user can edit.
|
||||
$this->assert_true(access::can("edit", $root));
|
||||
@ -320,16 +320,16 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
|
||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||
|
||||
access::deny(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $album);
|
||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||
|
||||
access::deny(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $album);
|
||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||
|
||||
access::reset(group::everybody(), "view", $album);
|
||||
access::reset(Identity::everybody(), "view", $album);
|
||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||
}
|
||||
|
||||
@ -341,44 +341,44 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||
|
||||
access::deny(group::everybody(), "view_full", $album);
|
||||
access::deny(Identity::everybody(), "view_full", $album);
|
||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||
|
||||
access::allow(group::everybody(), "view_full", $album);
|
||||
access::allow(Identity::everybody(), "view_full", $album);
|
||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||
|
||||
access::deny(group::everybody(), "view_full", $album);
|
||||
access::deny(Identity::everybody(), "view_full", $album);
|
||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||
|
||||
access::reset(group::everybody(), "view_full", $album);
|
||||
access::reset(Identity::everybody(), "view_full", $album);
|
||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||
}
|
||||
|
||||
public function moved_items_inherit_new_permissions_test() {
|
||||
user::set_active(user::lookup_by_name("admin"));
|
||||
Identity::set_active(Identity::lookup_user_by_name("admin"));
|
||||
|
||||
$root = ORM::factory("item", 1);
|
||||
$public_album = album::create($root, rand(), "public album");
|
||||
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
|
||||
access::allow(group::everybody(), "view", $public_album);
|
||||
access::allow(Identity::everybody(), "view", $public_album);
|
||||
|
||||
$root->reload(); // Account for MPTT changes
|
||||
|
||||
$private_album = album::create($root, rand(), "private album");
|
||||
access::deny(group::everybody(), "view", $private_album);
|
||||
access::deny(Identity::everybody(), "view", $private_album);
|
||||
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
|
||||
|
||||
// Make sure that we now have a public photo and private photo.
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo));
|
||||
|
||||
// Swap the photos
|
||||
item::move($public_photo, $private_album);
|
||||
@ -394,7 +394,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
||||
$public_photo->reload();
|
||||
|
||||
// Make sure that the public_photo is now private, and the private_photo is now public.
|
||||
$this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
|
||||
$this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
|
||||
$this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo));
|
||||
$this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo));
|
||||
}
|
||||
}
|
||||
|
@ -44,7 +44,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
|
||||
$_POST["direction"] = "ASC";
|
||||
$_POST["csrf"] = access::csrf_token();
|
||||
$_POST["_method"] = "put";
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
|
||||
ob_start();
|
||||
$controller->_update($this->_album);
|
||||
@ -68,7 +68,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
|
||||
$_POST["name"] = "new name";
|
||||
$_POST["title"] = "new title";
|
||||
$_POST["description"] = "new description";
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
|
||||
try {
|
||||
$controller->_update($this->_album);
|
||||
|
@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case {
|
||||
$root = ORM::factory("item", 1);
|
||||
$album = album::create($root, rand(), rand(), rand());
|
||||
$item = self::_create_random_item($album);
|
||||
user::set_active(user::guest());
|
||||
Identity::set_active(Identity::guest());
|
||||
|
||||
// We can see the item when permissions are granted
|
||||
access::allow(group::everybody(), "view", $album);
|
||||
access::allow(Identity::everybody(), "view", $album);
|
||||
$this->assert_equal(
|
||||
1,
|
||||
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
||||
|
||||
// We can't see the item when permissions are denied
|
||||
access::deny(group::everybody(), "view", $album);
|
||||
access::deny(Identity::everybody(), "view", $album);
|
||||
$this->assert_equal(
|
||||
0,
|
||||
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
||||
|
@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
||||
$root = ORM::factory("item", 1);
|
||||
$photo = photo::create(
|
||||
$root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
|
||||
"test", "test", user::active(), "slug");
|
||||
"test", "test", Identity::active(), "slug");
|
||||
$orig_name = $photo->name;
|
||||
|
||||
$_POST["filename"] = "test.jpeg";
|
||||
@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
||||
$_POST["description"] = "new description";
|
||||
$_POST["slug"] = "new-slug";
|
||||
$_POST["csrf"] = access::csrf_token();
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
|
||||
ob_start();
|
||||
$controller->_update($photo);
|
||||
@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
||||
$_POST["name"] = "new name";
|
||||
$_POST["title"] = "new title";
|
||||
$_POST["description"] = "new description";
|
||||
access::allow(group::everybody(), "edit", $root);
|
||||
access::allow(Identity::everybody(), "edit", $root);
|
||||
|
||||
try {
|
||||
$controller->_update($photo);
|
||||
|
@ -57,7 +57,7 @@
|
||||
<title><?= t("Something went wrong!") ?></title>
|
||||
</head>
|
||||
<body>
|
||||
<? try { $user = user::active(); } catch (Exception $e) { } ?>
|
||||
<? try { $user = Identity::active(); } catch (Exception $e) { } ?>
|
||||
<? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
|
||||
<div class="big_box" id="framework_error">
|
||||
<h1>
|
||||
|
@ -8,7 +8,7 @@
|
||||
</li>
|
||||
<? else: ?>
|
||||
<li class="first">
|
||||
<? if (user::is_writable()): ?>
|
||||
<? if (Identity::is_writable()): ?>
|
||||
<?= t('Logged in as %name', array('name' => html::mark_clean(
|
||||
'<a href="' . url::site("form/edit/users/{$user->id}") .
|
||||
'" title="' . t("Edit Your Profile")->for_html_attr() .
|
||||
|
@ -36,7 +36,7 @@
|
||||
<li id="g-login-form">
|
||||
<?= $form ?>
|
||||
</li>
|
||||
<? if (user::is_writable()): ?>
|
||||
<? if (Identity::is_writable()): ?>
|
||||
<li>
|
||||
<a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
|
||||
</li>
|
||||
|
@ -43,7 +43,7 @@
|
||||
<p>
|
||||
<?= t("This site is currently only accessible by site administrators.") ?>
|
||||
</p>
|
||||
<?= user::get_login_form("login/auth_html") ?>
|
||||
<?= Identity::get_login_form("login/auth_html") ?>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
|
@ -20,7 +20,7 @@
|
||||
class notification {
|
||||
static function get_subscription($item_id, $user=null) {
|
||||
if (empty($user)) {
|
||||
$user = user::active();
|
||||
$user = Identity::active();
|
||||
}
|
||||
|
||||
return ORM::factory("subscription")
|
||||
@ -31,7 +31,7 @@ class notification {
|
||||
|
||||
static function is_watching($item, $user=null) {
|
||||
if (empty($user)) {
|
||||
$user = user::active();
|
||||
$user = Identity::active();
|
||||
}
|
||||
|
||||
return ORM::factory("subscription")
|
||||
@ -44,7 +44,7 @@ class notification {
|
||||
static function add_watch($item, $user=null) {
|
||||
if ($item->is_album()) {
|
||||
if (empty($user)) {
|
||||
$user = user::active();
|
||||
$user = Identity::active();
|
||||
}
|
||||
$subscription = ORM::factory("subscription");
|
||||
$subscription->item_id = $item->id;
|
||||
@ -56,7 +56,7 @@ class notification {
|
||||
static function remove_watch($item, $user=null) {
|
||||
if ($item->is_album()) {
|
||||
if (empty($user)) {
|
||||
$user = user::active();
|
||||
$user = Identity::active();
|
||||
}
|
||||
|
||||
$subscription = ORM::factory("subscription")
|
||||
@ -79,7 +79,7 @@ class notification {
|
||||
$subscriber_ids[] = $subscriber->user_id;
|
||||
}
|
||||
|
||||
$users = user::get_user_list(array("in" => array("id", $subscriber_ids),
|
||||
$users = Identity::get_user_list(array("in" => array("id", $subscriber_ids),
|
||||
"where" => array("email IS NOT" => null)));
|
||||
|
||||
$subscribers = array();
|
||||
|
@ -95,7 +95,7 @@ class notification_event_Core {
|
||||
}
|
||||
|
||||
static function site_menu($menu, $theme) {
|
||||
if (!user::active()->guest) {
|
||||
if (!Identity::active()->guest) {
|
||||
$item = $theme->item();
|
||||
|
||||
if ($item && $item->is_album() && access::can("view", $item)) {
|
||||
|
@ -22,8 +22,8 @@ class search_Core {
|
||||
$db = Database::instance();
|
||||
$q = $db->escape_str($q);
|
||||
|
||||
if (!user::active()->admin) {
|
||||
foreach (user::group_ids() as $id) {
|
||||
if (!Identity::active()->admin) {
|
||||
foreach (Identity::group_ids_for_active_user() as $id) {
|
||||
$fields[] = "`view_$id` = TRUE"; // access::ALLOW
|
||||
}
|
||||
$access_sql = "AND (" . join(" AND ", $fields) . ")";
|
||||
|
@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller {
|
||||
access::verify_csrf();
|
||||
|
||||
$task = ORM::factory("task", $task_id);
|
||||
if (!$task->loaded || $task->owner_id != user::active()->id) {
|
||||
if (!$task->loaded || $task->owner_id != Identity::active()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller {
|
||||
$task->set("mode", "done");
|
||||
}
|
||||
|
||||
$owner_id = user::active()->id;
|
||||
$owner_id = Identity::active()->id;
|
||||
foreach ($entries as $entry) {
|
||||
if (microtime(true) - $start > 0.5) {
|
||||
break;
|
||||
|
@ -30,7 +30,7 @@ class server_add_event_Core {
|
||||
$item = $theme->item();
|
||||
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
|
||||
|
||||
if ($item && user::active()->admin && $item->is_album() && !empty($paths) &&
|
||||
if ($item && Identity::active()->admin && $item->is_album() && !empty($paths) &&
|
||||
is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
|
||||
$menu->get("add_menu")
|
||||
->append(Menu::factory("dialog")
|
||||
|
@ -19,7 +19,7 @@
|
||||
*/
|
||||
class server_add_theme_Core {
|
||||
static function head($theme) {
|
||||
if (user::active()->admin) {
|
||||
if (Identity::active()->admin) {
|
||||
$theme->script("server_add.js");
|
||||
}
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
||||
public function delete_user($id) {
|
||||
access::verify_csrf();
|
||||
|
||||
if ($id == user::active()->id || $id == user::guest()->id) {
|
||||
if ($id == Identity::active()->id || $id == user::guest()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
@ -132,7 +132,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
||||
}
|
||||
|
||||
// An admin can change the admin status for any user but themselves
|
||||
if ($user->id != user::active()->id) {
|
||||
if ($user->id != Identity::active()->id) {
|
||||
$user->admin = $form->edit_user->admin->checked;
|
||||
}
|
||||
$user->save();
|
||||
@ -154,7 +154,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
||||
|
||||
$form = $this->_get_user_edit_form_admin($user);
|
||||
// Don't allow the user to control their own admin bit, else you can lock yourself out
|
||||
if ($user->id == user::active()->id) {
|
||||
if ($user->id == Identity::active()->id) {
|
||||
$form->edit_user->admin->disabled(1);
|
||||
}
|
||||
print $form;
|
||||
|
@ -21,7 +21,7 @@ class Users_Controller extends Controller {
|
||||
public function update($id) {
|
||||
$user = user::lookup($id);
|
||||
|
||||
if ($user->guest || $user->id != user::active()->id) {
|
||||
if ($user->guest || $user->id != Identity::active()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
@ -59,7 +59,7 @@ class Users_Controller extends Controller {
|
||||
|
||||
public function form_edit($id) {
|
||||
$user = user::lookup($id);
|
||||
if ($user->guest || $user->id != user::active()->id) {
|
||||
if ($user->guest || $user->id != Identity::active()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
|
109
modules/user/helpers/user.php
Normal file
109
modules/user/helpers/user.php
Normal file
@ -0,0 +1,109 @@
|
||||
<?php defined("SYSPATH") or die("No direct script access.");
|
||||
/**
|
||||
* Gallery - a web based photo album viewer and editor
|
||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or (at
|
||||
* your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
|
||||
/**
|
||||
* This is the API for handling users.
|
||||
*
|
||||
* Note: by design, this class does not do any permission checking.
|
||||
*/
|
||||
class user_Core {
|
||||
/**
|
||||
* @see Identity_Driver::guest.
|
||||
*/
|
||||
static function guest() {
|
||||
return Identity::guest();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::create_user.
|
||||
*/
|
||||
static function create($name, $full_name, $password) {
|
||||
return Identity::create_user($name, $full_name, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::is_correct_password.
|
||||
*/
|
||||
static function is_correct_password($user, $password) {
|
||||
return Identity::is_correct_password($user, $password);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::hash_password.
|
||||
*/
|
||||
static function hash_password($password) {
|
||||
return Identity::hash_password($password);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by id.
|
||||
* @param integer $id the user id
|
||||
* @return User_Definition the user object, or null if the id was invalid.
|
||||
*/
|
||||
static function lookup($id) {
|
||||
return self::_lookup_user_by_field("id", $id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by name.
|
||||
* @param integer $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_by_name($name) {
|
||||
return self::_lookup_user_by_field("name", $name);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up a user by hash.
|
||||
* @param string $name the user name
|
||||
* @return User_Definition the user object, or null if the name was invalid.
|
||||
*/
|
||||
static function lookup_by_hash($hash) {
|
||||
return self::_lookup_user_by_field("hash", $hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_user_list.
|
||||
*/
|
||||
static function get_user_list($filter=array()) {
|
||||
return Identity::get_user_list($filter);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see Identity_Driver::get_edit_rules.
|
||||
*/
|
||||
static function get_edit_rules() {
|
||||
return Identity::get_edit_rules("user");
|
||||
}
|
||||
|
||||
private static function _lookup_user_by_field($field_name, $value) {
|
||||
try {
|
||||
$user = model_cache::get("user", $value, $field_name);
|
||||
if ($user->loaded) {
|
||||
return $user;
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
@ -90,7 +90,7 @@
|
||||
<span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
|
||||
<?= t("edit") ?>
|
||||
</span></a>
|
||||
<? if (user::active()->id != $user->id && !$user->guest): ?>
|
||||
<? if (Identity::active()->id != $user->id && !$user->guest): ?>
|
||||
<a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
|
||||
class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
|
||||
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
|
||||
|
Loading…
Reference in New Issue
Block a user