mirror of
https://github.com/Pathduck/gallery3.git
synced 2024-10-29 21:07:18 -04:00
Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module.
This commit is contained in:
parent
be6765336e
commit
00eacd659f
@ -26,7 +26,7 @@ class Akismet_Helper_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$this->_comment = comment::create(
|
$this->_comment = comment::create(
|
||||||
$root, user::guest(), "This is a comment",
|
$root, Identity::guest(), "This is a comment",
|
||||||
"John Doe", "john@gallery2.org", "http://gallery2.org");
|
"John Doe", "john@gallery2.org", "http://gallery2.org");
|
||||||
foreach ($this->_comment->list_fields("comments") as $name => $field) {
|
foreach ($this->_comment->list_fields("comments") as $name => $field) {
|
||||||
if (strpos($name, "server_") === 0) {
|
if (strpos($name, "server_") === 0) {
|
||||||
|
@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller {
|
|||||||
$form = comment::get_add_form($item);
|
$form = comment::get_add_form($item);
|
||||||
$valid = $form->validate();
|
$valid = $form->validate();
|
||||||
if ($valid) {
|
if ($valid) {
|
||||||
if (user::active()->guest && !$form->add_comment->inputs["name"]->value) {
|
if (Identity::active()->guest && !$form->add_comment->inputs["name"]->value) {
|
||||||
$form->add_comment->inputs["name"]->add_error("missing", 1);
|
$form->add_comment->inputs["name"]->add_error("missing", 1);
|
||||||
$valid = false;
|
$valid = false;
|
||||||
}
|
}
|
||||||
@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller {
|
|||||||
|
|
||||||
if ($valid) {
|
if ($valid) {
|
||||||
$comment = comment::create(
|
$comment = comment::create(
|
||||||
$item, user::active(),
|
$item, Identity::active(),
|
||||||
$form->add_comment->text->value,
|
$form->add_comment->text->value,
|
||||||
$form->add_comment->inputs["name"]->value,
|
$form->add_comment->inputs["name"]->value,
|
||||||
$form->add_comment->email->value,
|
$form->add_comment->email->value,
|
||||||
$form->add_comment->url->value);
|
$form->add_comment->url->value);
|
||||||
|
|
||||||
$active = user::active();
|
$active = Identity::active();
|
||||||
if ($active->guest) {
|
if ($active->guest) {
|
||||||
$form->add_comment->inputs["name"]->value("");
|
$form->add_comment->inputs["name"]->value("");
|
||||||
$form->add_comment->email->value("");
|
$form->add_comment->email->value("");
|
||||||
@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller {
|
|||||||
* @see REST_Controller::form_edit($resource)
|
* @see REST_Controller::form_edit($resource)
|
||||||
*/
|
*/
|
||||||
public function _form_edit($comment) {
|
public function _form_edit($comment) {
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
print comment::get_edit_form($comment);
|
print comment::get_edit_form($comment);
|
||||||
|
@ -75,7 +75,7 @@ class comment_Core {
|
|||||||
module::event("comment_add_form", $form);
|
module::event("comment_add_form", $form);
|
||||||
$group->submit("")->value(t("Add"));
|
$group->submit("")->value(t("Add"));
|
||||||
|
|
||||||
$active = user::active();
|
$active = Identity::active();
|
||||||
if (!$active->guest) {
|
if (!$active->guest) {
|
||||||
$group->inputs["name"]->value($active->full_name)->disabled("disabled");
|
$group->inputs["name"]->value($active->full_name)->disabled("disabled");
|
||||||
$group->email->value($active->email)->disabled("disabled");
|
$group->email->value($active->email)->disabled("disabled");
|
||||||
|
@ -23,7 +23,7 @@ class Comment_Model extends ORM {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function author() {
|
function author() {
|
||||||
return user::lookup($this->author_id);
|
return Identity::lookup_user($this->author_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
function author_name() {
|
function author_name() {
|
||||||
|
@ -22,7 +22,7 @@ class Comment_Event_Test extends Unit_Test_Case {
|
|||||||
$rand = rand();
|
$rand = rand();
|
||||||
$album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand");
|
$album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand");
|
||||||
$comment = comment::create(
|
$comment = comment::create(
|
||||||
$album, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
$album, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||||
|
|
||||||
$album->delete();
|
$album->delete();
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
|
|||||||
$rand = rand();
|
$rand = rand();
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$comment = comment::create(
|
$comment = comment::create(
|
||||||
$root, user::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
$root, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||||
|
|
||||||
$this->assert_equal("name_$rand", $comment->author_name());
|
$this->assert_equal("name_$rand", $comment->author_name());
|
||||||
$this->assert_equal("email_$rand", $comment->author_email());
|
$this->assert_equal("email_$rand", $comment->author_email());
|
||||||
@ -77,7 +77,7 @@ class Comment_Helper_Test extends Unit_Test_Case {
|
|||||||
public function create_comment_for_user_test() {
|
public function create_comment_for_user_test() {
|
||||||
$rand = rand();
|
$rand = rand();
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$admin = user::lookup(2);
|
$admin = Identity::lookup_user(2);
|
||||||
$comment = comment::create(
|
$comment = comment::create(
|
||||||
$root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
$root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand");
|
||||||
|
|
||||||
|
@ -22,17 +22,17 @@ class Comment_Model_Test extends Unit_Test_Case {
|
|||||||
public function cant_view_comments_for_unviewable_items_test() {
|
public function cant_view_comments_for_unviewable_items_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$album = album::create($root, rand(), rand(), rand());
|
$album = album::create($root, rand(), rand(), rand());
|
||||||
$comment = comment::create($album, user::guest(), "text", "name", "email", "url");
|
$comment = comment::create($album, Identity::guest(), "text", "name", "email", "url");
|
||||||
user::set_active(user::guest());
|
Identity::set_active(Identity::guest());
|
||||||
|
|
||||||
// We can see the comment when permissions are granted on the album
|
// We can see the comment when permissions are granted on the album
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
$this->assert_equal(
|
$this->assert_equal(
|
||||||
1,
|
1,
|
||||||
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
||||||
|
|
||||||
// We can't see the comment when permissions are denied on the album
|
// We can't see the comment when permissions are denied on the album
|
||||||
access::deny(group::everybody(), "view", $album);
|
access::deny(Identity::everybody(), "view", $album);
|
||||||
$this->assert_equal(
|
$this->assert_equal(
|
||||||
0,
|
0,
|
||||||
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
|
||||||
|
@ -23,7 +23,7 @@ class Digibug_Controller extends Controller {
|
|||||||
$item = ORM::factory("item", $id);
|
$item = ORM::factory("item", $id);
|
||||||
access::required("view", $item);
|
access::required("view", $item);
|
||||||
|
|
||||||
if (access::group_can(group::everybody(), "view_full", $item)) {
|
if (access::group_can(Identity::everybody(), "view_full", $item)) {
|
||||||
$full_url = $item->file_url(true);
|
$full_url = $item->file_url(true);
|
||||||
$thumb_url = $item->thumb_url(true);
|
$thumb_url = $item->thumb_url(true);
|
||||||
} else {
|
} else {
|
||||||
|
@ -35,8 +35,8 @@ class Digibug_Controller_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$this->_album = album::create($root, rand(), "test album");
|
$this->_album = album::create($root, rand(), "test album");
|
||||||
access::deny(group::everybody(), "view_full", $this->_album);
|
access::deny(Identity::everybody(), "view_full", $this->_album);
|
||||||
access::deny(group::registered_users(), "view_full", $this->_album);
|
access::deny(Identity::registered_users(), "view_full", $this->_album);
|
||||||
|
|
||||||
$rand = rand();
|
$rand = rand();
|
||||||
$this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
|
$this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg",
|
||||||
|
@ -230,16 +230,16 @@ class g2_import_Core {
|
|||||||
switch ($g2_group->getGroupType()) {
|
switch ($g2_group->getGroupType()) {
|
||||||
case GROUP_NORMAL:
|
case GROUP_NORMAL:
|
||||||
try {
|
try {
|
||||||
$group = group::create($g2_group->getGroupName());
|
$group = Identity::create_group($g2_group->getGroupName());
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
// @todo For now we assume this is a "duplicate group" exception
|
// @todo For now we assume this is a "duplicate group" exception
|
||||||
$group = group::lookup_by_name($g2_group->getGroupname());
|
$group = Identity::lookup_user_by_name($g2_group->getGroupname());
|
||||||
}
|
}
|
||||||
$message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
|
$message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case GROUP_ALL_USERS:
|
case GROUP_ALL_USERS:
|
||||||
$group = group::registered_users();
|
$group = Identity::registered_users();
|
||||||
$message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
|
$message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -248,7 +248,7 @@ class g2_import_Core {
|
|||||||
break; // This is not a group in G3
|
break; // This is not a group in G3
|
||||||
|
|
||||||
case GROUP_EVERYBODY:
|
case GROUP_EVERYBODY:
|
||||||
$group = group::everybody();
|
$group = Identity::everybody();
|
||||||
$message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
|
$message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -270,7 +270,7 @@ class g2_import_Core {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
|
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
|
||||||
self::set_map($g2_user_id, user::guest()->id);
|
self::set_map($g2_user_id, Identity::guest()->id);
|
||||||
return t("Skipping Anonymous User");
|
return t("Skipping Anonymous User");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -285,11 +285,11 @@ class g2_import_Core {
|
|||||||
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
|
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
|
$user = Identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), "");
|
||||||
$message = t("Created user: '%name'.", array("name" => $user->name));
|
$message = t("Created user: '%name'.", array("name" => $user->name));
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
// @todo For now we assume this is a "duplicate user" exception
|
// @todo For now we assume this is a "duplicate user" exception
|
||||||
$user = user::lookup_by_name($g2_user->getUsername());
|
$user = Identity::lookup_user_by_name($g2_user->getUsername());
|
||||||
$message = t("Loaded existing user: '%name'.", array("name" => $user->name));
|
$message = t("Loaded existing user: '%name'.", array("name" => $user->name));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -313,7 +313,6 @@ class g2_import_Core {
|
|||||||
return $message;
|
return $message;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Import a single album.
|
* Import a single album.
|
||||||
*/
|
*/
|
||||||
|
@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
|
|||||||
private $theme;
|
private $theme;
|
||||||
|
|
||||||
public function __construct($theme=null) {
|
public function __construct($theme=null) {
|
||||||
if (!(user::active()->admin)) {
|
if (!(Identity::active()->admin)) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -29,7 +29,7 @@ class Albums_Controller extends Items_Controller {
|
|||||||
$view = new Theme_View("page.html", "login");
|
$view = new Theme_View("page.html", "login");
|
||||||
$view->page_title = t("Log in to Gallery");
|
$view->page_title = t("Log in to Gallery");
|
||||||
$view->content = new View("login_ajax.html");
|
$view->content = new View("login_ajax.html");
|
||||||
$view->content->form = user::get_login_form("login/auth_html");
|
$view->content->form = Identity::get_login_form("login/auth_html");
|
||||||
print $view;
|
print $view;
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller {
|
|||||||
$this->input->post("name"),
|
$this->input->post("name"),
|
||||||
$this->input->post("title", $this->input->post("name")),
|
$this->input->post("title", $this->input->post("name")),
|
||||||
$this->input->post("description"),
|
$this->input->post("description"),
|
||||||
user::active()->id,
|
Identity::active()->id,
|
||||||
$this->input->post("slug"));
|
$this->input->post("slug"));
|
||||||
|
|
||||||
log::success("content", "Created an album",
|
log::success("content", "Created an album",
|
||||||
@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller {
|
|||||||
$_FILES["file"]["name"],
|
$_FILES["file"]["name"],
|
||||||
$this->input->post("title", $this->input->post("name")),
|
$this->input->post("title", $this->input->post("name")),
|
||||||
$this->input->post("description"),
|
$this->input->post("description"),
|
||||||
user::active()->id);
|
Identity::active()->id);
|
||||||
|
|
||||||
log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
|
log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
|
||||||
message::success(t("Added photo %photo_title",
|
message::success(t("Added photo %photo_title",
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
class L10n_Client_Controller extends Controller {
|
class L10n_Client_Controller extends Controller {
|
||||||
public function save() {
|
public function save() {
|
||||||
access::verify_csrf();
|
access::verify_csrf();
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller {
|
|||||||
|
|
||||||
public function toggle_l10n_mode() {
|
public function toggle_l10n_mode() {
|
||||||
access::verify_csrf();
|
access::verify_csrf();
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ class Login_Controller extends Controller {
|
|||||||
|
|
||||||
public function ajax() {
|
public function ajax() {
|
||||||
$view = new View("login_ajax.html");
|
$view = new View("login_ajax.html");
|
||||||
$view->form = user::get_login_form("login/auth_ajax");
|
$view->form = Identity::get_login_form("login/auth_ajax");
|
||||||
print $view;
|
print $view;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -40,7 +40,7 @@ class Login_Controller extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function html() {
|
public function html() {
|
||||||
print user::get_login_form("login/auth_html");
|
print Identity::get_login_form("login/auth_html");
|
||||||
}
|
}
|
||||||
|
|
||||||
public function auth_html() {
|
public function auth_html() {
|
||||||
@ -54,11 +54,11 @@ class Login_Controller extends Controller {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
private function _auth($url) {
|
private function _auth($url) {
|
||||||
$form = user::get_login_form($url);
|
$form = Identity::get_login_form($url);
|
||||||
$valid = $form->validate();
|
$valid = $form->validate();
|
||||||
if ($valid) {
|
if ($valid) {
|
||||||
$user = user::lookup_by_name($form->login->inputs["name"]->value);
|
$user = Identity::lookup_user_by_name($form->login->inputs["name"]->value);
|
||||||
if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
|
if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) {
|
||||||
log::warning(
|
log::warning(
|
||||||
"user",
|
"user",
|
||||||
t("Failed login for %name",
|
t("Failed login for %name",
|
||||||
@ -69,7 +69,7 @@ class Login_Controller extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($valid) {
|
if ($valid) {
|
||||||
user::login($user);
|
Identity::login($user);
|
||||||
log::info("user", t("User %name logged in", array("name" => $user->name)));
|
log::info("user", t("User %name logged in", array("name" => $user->name)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -21,8 +21,8 @@ class Logout_Controller extends Controller {
|
|||||||
public function index() {
|
public function index() {
|
||||||
//access::verify_csrf();
|
//access::verify_csrf();
|
||||||
|
|
||||||
$user = user::active();
|
$user = Identity::active();
|
||||||
user::logout();
|
Identity::logout();
|
||||||
log::info("user", t("User %name logged out", array("name" => $user->name)),
|
log::info("user", t("User %name logged out", array("name" => $user->name)),
|
||||||
html::anchor("user/$user->id", html::clean($user->name)));
|
html::anchor("user/$user->id", html::clean($user->name)));
|
||||||
if ($continue_url = $this->input->get("continue")) {
|
if ($continue_url = $this->input->get("continue")) {
|
||||||
|
@ -32,7 +32,7 @@ class Password_Controller extends Controller {
|
|||||||
if (request::method() == "post") {
|
if (request::method() == "post") {
|
||||||
$this->_change_password();
|
$this->_change_password();
|
||||||
} else {
|
} else {
|
||||||
$user = user::lookup_by_hash(Input::instance()->get("key"));
|
$user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
|
||||||
if (!empty($user)) {
|
if (!empty($user)) {
|
||||||
print $this->_new_password_form($user->hash);
|
print $this->_new_password_form($user->hash);
|
||||||
} else {
|
} else {
|
||||||
@ -46,7 +46,7 @@ class Password_Controller extends Controller {
|
|||||||
|
|
||||||
$valid = $form->validate();
|
$valid = $form->validate();
|
||||||
if ($valid) {
|
if ($valid) {
|
||||||
$user = user::lockup_by_name($form->reset->inputs["name"]->value);
|
$user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value);
|
||||||
if (!$user->loaded || empty($user->email)) {
|
if (!$user->loaded || empty($user->email)) {
|
||||||
$form->reset->inputs["name"]->add_error("no_email", 1);
|
$form->reset->inputs["name"]->add_error("no_email", 1);
|
||||||
$valid = false;
|
$valid = false;
|
||||||
@ -116,7 +116,7 @@ class Password_Controller extends Controller {
|
|||||||
private function _change_password() {
|
private function _change_password() {
|
||||||
$view = $this->_new_password_form();
|
$view = $this->_new_password_form();
|
||||||
if ($view->content->validate()) {
|
if ($view->content->validate()) {
|
||||||
$user = user::lookup_by_hash(Input::instance()->get("key"));
|
$user = Identity::lookup_user_by_hash(Input::instance()->get("key"));
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
throw new Exception("@todo FORBIDDEN", 503);
|
throw new Exception("@todo FORBIDDEN", 503);
|
||||||
}
|
}
|
||||||
|
@ -74,7 +74,7 @@ class Permissions_Controller extends Controller {
|
|||||||
|
|
||||||
// If the active user just took away their own edit permissions, give it back.
|
// If the active user just took away their own edit permissions, give it back.
|
||||||
if ($perm->name == "edit") {
|
if ($perm->name == "edit") {
|
||||||
if (!access::user_can(user::active(), "edit", $item)) {
|
if (!access::user_can(Identity::active(), "edit", $item)) {
|
||||||
access::allow($group, $perm->name, $item);
|
access::allow($group, $perm->name, $item);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$view = new View("upgrader.html");
|
$view = new View("upgrader.html");
|
||||||
$view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
|
$view->can_upgrade = Identity::active()->admin || $session->get("can_upgrade");
|
||||||
$view->upgrade_token = $upgrade_token;
|
$view->upgrade_token = $upgrade_token;
|
||||||
$view->available = module::available();
|
$view->available = module::available();
|
||||||
$view->done = ($available_upgrades == 0);
|
$view->done = ($available_upgrades == 0);
|
||||||
@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller {
|
|||||||
// @todo this may screw up some module installers, but we don't have a better answer at
|
// @todo this may screw up some module installers, but we don't have a better answer at
|
||||||
// this time.
|
// this time.
|
||||||
$_SERVER["HTTP_HOST"] = "example.com";
|
$_SERVER["HTTP_HOST"] = "example.com";
|
||||||
} else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) {
|
} else if (!Identity::active()->admin && !Session::instance()->get("can_upgrade", false)) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,12 +19,12 @@
|
|||||||
*/
|
*/
|
||||||
class Welcome_Message_Controller extends Controller {
|
class Welcome_Message_Controller extends Controller {
|
||||||
public function index() {
|
public function index() {
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
url::redirect(item::root()->abs_url());
|
url::redirect(item::root()->abs_url());
|
||||||
}
|
}
|
||||||
|
|
||||||
$v = new View("welcome_message.html");
|
$v = new View("welcome_message.html");
|
||||||
$v->user = user::active();
|
$v->user = Identity::active();
|
||||||
print $v;
|
print $v;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,7 @@ class access_Core {
|
|||||||
* @return boolean
|
* @return boolean
|
||||||
*/
|
*/
|
||||||
static function can($perm_name, $item) {
|
static function can($perm_name, $item) {
|
||||||
return self::user_can(user::active(), $perm_name, $item);
|
return self::user_can(Identity::active(), $perm_name, $item);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -27,7 +27,7 @@ class gallery_Core {
|
|||||||
static function maintenance_mode() {
|
static function maintenance_mode() {
|
||||||
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
|
$maintenance_mode = Kohana::config("core.maintenance_mode", false, false);
|
||||||
|
|
||||||
if (Router::$controller != "login" && !empty($maintenance_mode) && !user::active()->admin) {
|
if (Router::$controller != "login" && !empty($maintenance_mode) && !Identity::active()->admin) {
|
||||||
Router::$controller = "maintenance";
|
Router::$controller = "maintenance";
|
||||||
Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
|
Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php";
|
||||||
Router::$method = "index";
|
Router::$method = "index";
|
||||||
|
@ -24,10 +24,10 @@ class gallery_event_Core {
|
|||||||
*/
|
*/
|
||||||
static function gallery_ready() {
|
static function gallery_ready() {
|
||||||
// Call Identity::instance() now to force the load of the user interface classes.
|
// Call Identity::instance() now to force the load of the user interface classes.
|
||||||
// user::load_user will attempt to load the active user from the session and needs
|
// Identity::load_user will attempt to load the active user from the session and needs
|
||||||
// the user definition class, which can't be reached by Kohana's heiracrchical lookup.
|
// the user definition class, which can't be reached by Kohana's heiracrchical lookup.
|
||||||
Identity::instance();
|
Identity::instance();
|
||||||
user::load_user();
|
Identity::load_user();
|
||||||
locales::set_request_locale();
|
locales::set_request_locale();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -139,7 +139,7 @@ class gallery_event_Core {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (user::active()->admin) {
|
if (Identity::active()->admin) {
|
||||||
$menu->append($admin_menu = Menu::factory("submenu")
|
$menu->append($admin_menu = Menu::factory("submenu")
|
||||||
->id("admin_menu")
|
->id("admin_menu")
|
||||||
->label(t("Admin")));
|
->label(t("Admin")));
|
||||||
|
@ -54,7 +54,7 @@ class gallery_theme_Core {
|
|||||||
static function header_top($theme) {
|
static function header_top($theme) {
|
||||||
if ($theme->page_type != "login") {
|
if ($theme->page_type != "login") {
|
||||||
$view = new View("login.html");
|
$view = new View("login.html");
|
||||||
$view->user = user::active();
|
$view->user = Identity::active();
|
||||||
return $view->render();
|
return $view->render();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -158,8 +158,8 @@ class item_Core {
|
|||||||
*/
|
*/
|
||||||
static function viewable($model) {
|
static function viewable($model) {
|
||||||
$view_restrictions = array();
|
$view_restrictions = array();
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
foreach (user::group_ids() as $id) {
|
foreach (Identity::group_ids_for_active_user() as $id) {
|
||||||
// Separate the first restriction from the rest to make it easier for us to formulate
|
// Separate the first restriction from the rest to make it easier for us to formulate
|
||||||
// our where clause below
|
// our where clause below
|
||||||
if (empty($view_restrictions)) {
|
if (empty($view_restrictions)) {
|
||||||
|
@ -141,7 +141,7 @@ class locales_Core {
|
|||||||
$locale = self::cookie_locale();
|
$locale = self::cookie_locale();
|
||||||
// 2. Check the user's preference
|
// 2. Check the user's preference
|
||||||
if (!$locale) {
|
if (!$locale) {
|
||||||
$locale = user::active()->locale;
|
$locale = Identity::active()->locale;
|
||||||
}
|
}
|
||||||
// 3. Check the browser's / OS' preference
|
// 3. Check the browser's / OS' preference
|
||||||
if (!$locale) {
|
if (!$locale) {
|
||||||
|
@ -80,7 +80,7 @@ class log_Core {
|
|||||||
$log->url = substr(url::abs_current(true), 0, 255);
|
$log->url = substr(url::abs_current(true), 0, 255);
|
||||||
$log->referer = request::referrer(null);
|
$log->referer = request::referrer(null);
|
||||||
$log->timestamp = time();
|
$log->timestamp = time();
|
||||||
$log->user_id = user::active()->id;
|
$log->user_id = Identity::active()->id;
|
||||||
$log->save();
|
$log->save();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,7 +77,7 @@ class movie_Core {
|
|||||||
$movie->title = $title;
|
$movie->title = $title;
|
||||||
$movie->description = $description;
|
$movie->description = $description;
|
||||||
$movie->name = $name;
|
$movie->name = $name;
|
||||||
$movie->owner_id = $owner_id ? $owner_id : user::active();
|
$movie->owner_id = $owner_id ? $owner_id : Identity::active();
|
||||||
$movie->width = $movie_info[0];
|
$movie->width = $movie_info[0];
|
||||||
$movie->height = $movie_info[1];
|
$movie->height = $movie_info[1];
|
||||||
$movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
|
$movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv";
|
||||||
|
@ -76,7 +76,7 @@ class photo_Core {
|
|||||||
$photo->title = $title;
|
$photo->title = $title;
|
||||||
$photo->description = $description;
|
$photo->description = $description;
|
||||||
$photo->name = $name;
|
$photo->name = $name;
|
||||||
$photo->owner_id = $owner_id ? $owner_id : user::active();
|
$photo->owner_id = $owner_id ? $owner_id : Identity::active();
|
||||||
$photo->width = $image_info[0];
|
$photo->width = $image_info[0];
|
||||||
$photo->height = $image_info[1];
|
$photo->height = $image_info[1];
|
||||||
$photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
|
$photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime'];
|
||||||
|
@ -95,7 +95,7 @@ class site_status_Core {
|
|||||||
* @return html text
|
* @return html text
|
||||||
*/
|
*/
|
||||||
static function get() {
|
static function get() {
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$buf = array();
|
$buf = array();
|
||||||
|
@ -42,7 +42,7 @@ class task_Core {
|
|||||||
$task->percent_complete = 0;
|
$task->percent_complete = 0;
|
||||||
$task->status = "";
|
$task->status = "";
|
||||||
$task->state = "started";
|
$task->state = "started";
|
||||||
$task->owner_id = user::active()->id;
|
$task->owner_id = Identity::active()->id;
|
||||||
$task->context = serialize($context);
|
$task->context = serialize($context);
|
||||||
$task->save();
|
$task->save();
|
||||||
|
|
||||||
|
@ -1,223 +0,0 @@
|
|||||||
<?php defined("SYSPATH") or die("No direct script access.");
|
|
||||||
/**
|
|
||||||
* Gallery - a web based photo album viewer and editor
|
|
||||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
|
||||||
*
|
|
||||||
* This program is free software; you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU General Public License as published by
|
|
||||||
* the Free Software Foundation; either version 2 of the License, or (at
|
|
||||||
* your option) any later version.
|
|
||||||
*
|
|
||||||
* This program is distributed in the hope that it will be useful, but
|
|
||||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
* General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License
|
|
||||||
* along with this program; if not, write to the Free Software
|
|
||||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This is the API for handling users.
|
|
||||||
*
|
|
||||||
* Note: by design, this class does not do any permission checking.
|
|
||||||
*/
|
|
||||||
class user_Core {
|
|
||||||
static function get_login_form($url) {
|
|
||||||
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
|
|
||||||
$form->set_attr('class', "g-narrow");
|
|
||||||
$group = $form->group("login")->label(t("Login"));
|
|
||||||
$group->input("name")->label(t("Username"))->id("g-username")->class(null);
|
|
||||||
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
|
|
||||||
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
|
|
||||||
$group->submit("")->value(t("Login"));
|
|
||||||
return $form;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the active user. If there's no active user, return the guest user.
|
|
||||||
*
|
|
||||||
* @return User_Model
|
|
||||||
*/
|
|
||||||
static function active() {
|
|
||||||
// @todo (maybe) cache this object so we're not always doing session lookups.
|
|
||||||
$user = Session::instance()->get("user", null);
|
|
||||||
if (!isset($user)) {
|
|
||||||
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
|
|
||||||
// work.
|
|
||||||
$user = self::guest();
|
|
||||||
}
|
|
||||||
return $user;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Change the active user.
|
|
||||||
*
|
|
||||||
* @return User_Model
|
|
||||||
*/
|
|
||||||
static function set_active($user) {
|
|
||||||
$session = Session::instance();
|
|
||||||
$session->set("user", $user);
|
|
||||||
$session->delete("group_ids");
|
|
||||||
self::load_user();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the array of group ids this user belongs to
|
|
||||||
*
|
|
||||||
* @return array
|
|
||||||
*/
|
|
||||||
static function group_ids() {
|
|
||||||
return Session::instance()->get("group_ids", array(1));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Make sure that we have a session and group_ids cached in the session. This is one
|
|
||||||
* of the first calls to reference the user so call the Identity::instance to load the
|
|
||||||
* driver classes.
|
|
||||||
*/
|
|
||||||
static function load_user() {
|
|
||||||
$session = Session::instance();
|
|
||||||
if (!($user = $session->get("user"))) {
|
|
||||||
$session->set("user", $user = self::guest());
|
|
||||||
}
|
|
||||||
|
|
||||||
// The installer cannot set a user into the session, so it just sets an id which we should
|
|
||||||
// upconvert into a user.
|
|
||||||
// @todo what is user id===2
|
|
||||||
if ($user === 2) {
|
|
||||||
$user = model_cache::get("user", 2);
|
|
||||||
self::login($user);
|
|
||||||
$session->set("user", $user);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$session->get("group_ids")) {
|
|
||||||
$ids = array();
|
|
||||||
foreach ($user->groups as $group) {
|
|
||||||
$ids[] = $group->id;
|
|
||||||
}
|
|
||||||
$session->set("group_ids", $ids);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Log in as a given user.
|
|
||||||
* @param object $user the user object.
|
|
||||||
*/
|
|
||||||
static function login($user) {
|
|
||||||
// @todo make this an interface call
|
|
||||||
$user->login_count += 1;
|
|
||||||
$user->last_login = time();
|
|
||||||
$user->save();
|
|
||||||
|
|
||||||
self::set_active($user);
|
|
||||||
module::event("user_login", $user);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Log out the active user and destroy the session.
|
|
||||||
* @param object $user the user object.
|
|
||||||
*/
|
|
||||||
static function logout() {
|
|
||||||
$user = self::active();
|
|
||||||
if (!$user->guest) {
|
|
||||||
try {
|
|
||||||
Session::instance()->destroy();
|
|
||||||
} catch (Exception $e) {
|
|
||||||
Kohana::log("error", $e);
|
|
||||||
}
|
|
||||||
module::event("user_logout", $user);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Core::is_writable.
|
|
||||||
*/
|
|
||||||
static function is_writable() {
|
|
||||||
return Identity::instance()->is_writable();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::guest.
|
|
||||||
*/
|
|
||||||
static function guest() {
|
|
||||||
return Identity::instance()->guest();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::create_user.
|
|
||||||
*/
|
|
||||||
static function create($name, $full_name, $password) {
|
|
||||||
return Identity::instance()->create_user($name, $full_name, $password);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::is_correct_password.
|
|
||||||
*/
|
|
||||||
static function is_correct_password($user, $password) {
|
|
||||||
return Identity::instance()->is_correct_password($user, $password);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::hash_password.
|
|
||||||
*/
|
|
||||||
static function hash_password($password) {
|
|
||||||
return Identity::instance()->hash_password($password);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Look up a user by id.
|
|
||||||
* @param integer $id the user id
|
|
||||||
* @return User_Definition the user object, or null if the id was invalid.
|
|
||||||
*/
|
|
||||||
static function lookup($id) {
|
|
||||||
return Identity::instance()->lookup_user_by_field("id", $id);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Look up a user by name.
|
|
||||||
* @param integer $name the user name
|
|
||||||
* @return User_Definition the user object, or null if the name was invalid.
|
|
||||||
*/
|
|
||||||
static function lookup_by_name($name) {
|
|
||||||
return Identity::instance()->lookup_user_by_field("name", $name);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Look up a user by hash.
|
|
||||||
* @param string $name the user name
|
|
||||||
* @return User_Definition the user object, or null if the name was invalid.
|
|
||||||
*/
|
|
||||||
static function lookup_by_hash($hash) {
|
|
||||||
return Identity::instance()->lookup_user_by_field("hash", $hash);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::get_user_list.
|
|
||||||
*/
|
|
||||||
static function get_user_list($filter=array()) {
|
|
||||||
return Identity::instance()->get_user_list($filter);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see Identity_Driver::get_edit_rules.
|
|
||||||
*/
|
|
||||||
static function get_edit_rules() {
|
|
||||||
return Identity::instance()->get_edit_rules("user");
|
|
||||||
}
|
|
||||||
|
|
||||||
private static function _lookup_user_by_field($field_name, $value) {
|
|
||||||
try {
|
|
||||||
$user = model_cache::get("user", $value, $field_name);
|
|
||||||
if ($user->loaded) {
|
|
||||||
return $user;
|
|
||||||
}
|
|
||||||
} catch (Exception $e) {
|
|
||||||
if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
|
|
||||||
throw $e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
|
|||||||
parent::__construct($name);
|
parent::__construct($name);
|
||||||
|
|
||||||
$this->theme_name = module::get_var("gallery", "active_admin_theme");
|
$this->theme_name = module::get_var("gallery", "active_admin_theme");
|
||||||
if (user::active()->admin) {
|
if (Identity::active()->admin) {
|
||||||
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
||||||
}
|
}
|
||||||
$this->sidebar = "";
|
$this->sidebar = "";
|
||||||
$this->set_global("theme", $this);
|
$this->set_global("theme", $this);
|
||||||
$this->set_global("user", user::active());
|
$this->set_global("user", Identity::active());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function admin_menu() {
|
public function admin_menu() {
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
* Provides a driver-based interface for managing users and groups.
|
* Provides a driver-based interface for managing users and groups.
|
||||||
*/
|
*/
|
||||||
class Identity_Core {
|
class Identity_Core {
|
||||||
protected static $instances;
|
protected static $instance;
|
||||||
|
|
||||||
// Configuration
|
// Configuration
|
||||||
protected $config;
|
protected $config;
|
||||||
@ -38,12 +38,12 @@ class Identity_Core {
|
|||||||
* @return Identity_Core
|
* @return Identity_Core
|
||||||
*/
|
*/
|
||||||
static function & instance($config="default") {
|
static function & instance($config="default") {
|
||||||
if (!isset(Identity::$instances)) {
|
if (!isset(Identity::$instance)) {
|
||||||
// Create a new instance
|
// Create a new instance
|
||||||
Identity::$instances = new Identity($config);
|
Identity::$instance = new Identity($config);
|
||||||
}
|
}
|
||||||
|
|
||||||
return Identity::$instances;
|
return Identity::$instance;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -85,9 +85,10 @@ class Identity_Core {
|
|||||||
$this->driver = new $driver($this->config["params"]);
|
$this->driver = new $driver($this->config["params"]);
|
||||||
|
|
||||||
// Validate the driver
|
// Validate the driver
|
||||||
if ( !($this->driver instanceof Identity_Driver))
|
if ( !($this->driver instanceof Identity_Driver)) {
|
||||||
throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
|
throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
|
||||||
get_class($this), "Identity_Driver");
|
get_class($this), "Identity_Driver");
|
||||||
|
}
|
||||||
|
|
||||||
Kohana::log("debug", "Identity Library initialized");
|
Kohana::log("debug", "Identity Library initialized");
|
||||||
}
|
}
|
||||||
@ -98,91 +99,220 @@ class Identity_Core {
|
|||||||
*
|
*
|
||||||
* @return boolean true if the driver supports updates; false if read only
|
* @return boolean true if the driver supports updates; false if read only
|
||||||
*/
|
*/
|
||||||
public function is_writable() {
|
static function is_writable() {
|
||||||
return !empty($this->config["allow_updates"]);
|
return !empty(self::instance()->config["allow_updates"]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::guest.
|
* @see Identity_Driver::guest.
|
||||||
*/
|
*/
|
||||||
public function guest() {
|
static function guest() {
|
||||||
return $this->driver->guest();
|
return self::instance()->driver->guest();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::create_user.
|
* @see Identity_Driver::create_user.
|
||||||
*/
|
*/
|
||||||
public function create_user($name, $full_name, $password) {
|
static function create_user($name, $full_name, $password) {
|
||||||
return $this->driver->create_user($name, $full_name, $password);
|
return self::instance()->driver->create_user($name, $full_name, $password);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::is_correct_password.
|
* @see Identity_Driver::is_correct_password.
|
||||||
*/
|
*/
|
||||||
public function is_correct_password($user, $password) {
|
static function is_correct_password($user, $password) {
|
||||||
return $this->driver->is_correct_password($user, $password);
|
return self::instance()->driver->is_correct_password($user, $password);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::hash_password.
|
* @see Identity_Driver::hash_password.
|
||||||
*/
|
*/
|
||||||
public function hash_password($password) {
|
static function hash_password($password) {
|
||||||
return $this->driver->hash_password($password);
|
return self::instance()->driver->hash_password($password);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::lookup_user_by_field.
|
* Look up a user by id.
|
||||||
|
* @param integer $id the user id
|
||||||
|
* @return User_Definition the user object, or null if the id was invalid.
|
||||||
*/
|
*/
|
||||||
public function lookup_user_by_field($field_name, $value) {
|
static function lookup_user($id) {
|
||||||
return $this->driver->lookup_user_by_field($field_name, $value);
|
return self::instance()->driver->lookup_user_by_field("id", $id);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Look up a user by name.
|
||||||
|
* @param integer $name the user name
|
||||||
|
* @return User_Definition the user object, or null if the name was invalid.
|
||||||
|
*/
|
||||||
|
static function lookup_user_by_name($name) {
|
||||||
|
return self::instance()->driver->lookup_user_by_field("name", $name);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Look up a user by hash.
|
||||||
|
* @param string $name the user name
|
||||||
|
* @return User_Definition the user object, or null if the name was invalid.
|
||||||
|
*/
|
||||||
|
static function lookup_user_by_hash($hash) {
|
||||||
|
return self::instance()->driver->lookup_user_by_field("hash", $hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::create_group.
|
* @see Identity_Driver::create_group.
|
||||||
*/
|
*/
|
||||||
public function create_group($name) {
|
static function create_group($name) {
|
||||||
return $this->driver->create_group($name);
|
return self::instance()->driver->create_group($name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::everybody.
|
* @see Identity_Driver::everybody.
|
||||||
*/
|
*/
|
||||||
public function everybody() {
|
static function everybody() {
|
||||||
return $this->driver->everybody();
|
return self::instance()->driver->everybody();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::registered_users.
|
* @see Identity_Driver::registered_users.
|
||||||
*/
|
*/
|
||||||
public function registered_users() {
|
static function registered_users() {
|
||||||
return $this->driver->everybody();
|
return self::instance()->driver->everybody();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::lookup_group_by_field.
|
* Look up a group by name.
|
||||||
|
* @param integer $id the group name
|
||||||
|
* @return Group_Definition the group object, or null if the name was invalid.
|
||||||
*/
|
*/
|
||||||
public function lookup_group_by_field($field_name, $value) {
|
static function lookup_group_by_name($name) {
|
||||||
return $this->driver->lookup_group_by_field($field_name, $value);
|
return self::instance()->driver->lookup_group_by_field("name", $name);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::get_user_list.
|
* @see Identity_Driver::get_user_list.
|
||||||
*/
|
*/
|
||||||
public function get_user_list($filter=array()) {
|
static function get_user_list($filter=array()) {
|
||||||
return $this->driver->get_user_list($filter);
|
return self::instance()->driver->get_user_list($filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::get_group_list.
|
* @see Identity_Driver::get_group_list.
|
||||||
*/
|
*/
|
||||||
public function get_group_list($filter=array()) {
|
static function get_group_list($filter=array()) {
|
||||||
return $this->driver->get_group_list($filter);
|
return self::instance()->driver->get_group_list($filter);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Identity_Driver::get_edit_rules.
|
* @see Identity_Driver::get_edit_rules.
|
||||||
*/
|
*/
|
||||||
public function get_edit_rules($object_type) {
|
static function get_edit_rules($object_type) {
|
||||||
return $this->driver->get_edit_rules($object_type);
|
return self::instance()->driver->get_edit_rules($object_type);
|
||||||
|
}
|
||||||
|
|
||||||
|
static function get_login_form($url) {
|
||||||
|
$form = new Forge($url, "", "post", array("id" => "g-login-form"));
|
||||||
|
$form->set_attr('class', "g-narrow");
|
||||||
|
$group = $form->group("login")->label(t("Login"));
|
||||||
|
$group->input("name")->label(t("Username"))->id("g-username")->class(null);
|
||||||
|
$group->password("password")->label(t("Password"))->id("g-password")->class(null);
|
||||||
|
$group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password"));
|
||||||
|
$group->submit("")->value(t("Login"));
|
||||||
|
return $form;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the active user. If there's no active user, return the guest user.
|
||||||
|
*
|
||||||
|
* @return User_Model
|
||||||
|
*/
|
||||||
|
static function active() {
|
||||||
|
// @todo (maybe) cache this object so we're not always doing session lookups.
|
||||||
|
$user = Session::instance()->get("user", null);
|
||||||
|
if (!isset($user)) {
|
||||||
|
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
|
||||||
|
// work.
|
||||||
|
$user = self::guest();
|
||||||
|
}
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Change the active user.
|
||||||
|
*
|
||||||
|
* @return User_Model
|
||||||
|
*/
|
||||||
|
static function set_active($user) {
|
||||||
|
$session = Session::instance();
|
||||||
|
$session->set("user", $user);
|
||||||
|
$session->delete("group_ids");
|
||||||
|
self::load_user();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the array of group ids this user belongs to
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
static function group_ids_for_active_user() {
|
||||||
|
return Session::instance()->get("group_ids", array(1));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make sure that we have a session and group_ids cached in the session. This is one
|
||||||
|
* of the first calls to reference the user so call the Identity::instance to load the
|
||||||
|
* driver classes.
|
||||||
|
*/
|
||||||
|
static function load_user() {
|
||||||
|
$session = Session::instance();
|
||||||
|
if (!($user = $session->get("user"))) {
|
||||||
|
$session->set("user", $user = self::guest());
|
||||||
|
}
|
||||||
|
|
||||||
|
// The installer cannot set a user into the session, so it just sets an id which we should
|
||||||
|
// upconvert into a user.
|
||||||
|
// @todo set the user name into the session instead of 2 and then use it to get the user object
|
||||||
|
if ($user === 2) {
|
||||||
|
$user = self::lookup_user_by_name("admin");
|
||||||
|
self::login($user);
|
||||||
|
$session->set("user", $user);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$session->get("group_ids")) {
|
||||||
|
$ids = array();
|
||||||
|
foreach ($user->groups as $group) {
|
||||||
|
$ids[] = $group->id;
|
||||||
|
}
|
||||||
|
$session->set("group_ids", $ids);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Log in as a given user.
|
||||||
|
* @param object $user the user object.
|
||||||
|
*/
|
||||||
|
static function login($user) {
|
||||||
|
// @todo make this an interface call
|
||||||
|
$user->login_count += 1;
|
||||||
|
$user->last_login = time();
|
||||||
|
$user->save();
|
||||||
|
|
||||||
|
self::set_active($user);
|
||||||
|
module::event("user_login", $user);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Log out the active user and destroy the session.
|
||||||
|
* @param object $user the user object.
|
||||||
|
*/
|
||||||
|
static function logout() {
|
||||||
|
$user = self::active();
|
||||||
|
if (!$user->guest) {
|
||||||
|
try {
|
||||||
|
Session::instance()->destroy();
|
||||||
|
} catch (Exception $e) {
|
||||||
|
Kohana::log("error", $e);
|
||||||
|
}
|
||||||
|
module::event("user_logout", $user);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} // End Identity
|
} // End Identity
|
||||||
|
@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
|
|||||||
parent::__construct($name);
|
parent::__construct($name);
|
||||||
|
|
||||||
$this->theme_name = module::get_var("gallery", "active_site_theme");
|
$this->theme_name = module::get_var("gallery", "active_site_theme");
|
||||||
if (user::active()->admin) {
|
if (Identity::active()->admin) {
|
||||||
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
$this->theme_name = Input::instance()->get("theme", $this->theme_name);
|
||||||
}
|
}
|
||||||
$this->item = null;
|
$this->item = null;
|
||||||
$this->tag = null;
|
$this->tag = null;
|
||||||
$this->set_global("theme", $this);
|
$this->set_global("theme", $this);
|
||||||
$this->set_global("user", user::active());
|
$this->set_global("user", Identity::active());
|
||||||
$this->set_global("page_type", $page_type);
|
$this->set_global("page_type", $page_type);
|
||||||
$this->set_global("page_title", null);
|
$this->set_global("page_title", null);
|
||||||
if ($page_type == "album") {
|
if ($page_type == "album") {
|
||||||
@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
|
|||||||
*/
|
*/
|
||||||
public function sidebar_blocks() {
|
public function sidebar_blocks() {
|
||||||
$sidebar = block_manager::get_html("site.sidebar", $this);
|
$sidebar = block_manager::get_html("site.sidebar", $this);
|
||||||
if (empty($sidebar) && user::active()->admin) {
|
if (empty($sidebar) && Identity::active()->admin) {
|
||||||
$sidebar = new View("no_sidebar.html");
|
$sidebar = new View("no_sidebar.html");
|
||||||
}
|
}
|
||||||
return $sidebar;
|
return $sidebar;
|
||||||
|
@ -333,7 +333,7 @@ class Item_Model extends ORM_MPTT {
|
|||||||
// This relationship depends on an outside module, which may not be present so handle
|
// This relationship depends on an outside module, which may not be present so handle
|
||||||
// failures gracefully.
|
// failures gracefully.
|
||||||
try {
|
try {
|
||||||
return user::lookup($this->owner_id);
|
return Identity::lookup_user($this->owner_id);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,7 @@ class Log_Model extends ORM {
|
|||||||
// This relationship depends on an outside module, which may not be present so handle
|
// This relationship depends on an outside module, which may not be present so handle
|
||||||
// failures gracefully.
|
// failures gracefully.
|
||||||
try {
|
try {
|
||||||
return user::lookup($this->user_id);
|
return Identity::lookup_user($this->user_id);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -46,7 +46,7 @@ class Task_Model extends ORM {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function owner() {
|
public function owner() {
|
||||||
return user::lookup($this->owner_id);
|
return Identity::lookup_user($this->owner_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -33,7 +33,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
} catch (Exception $e) { }
|
} catch (Exception $e) { }
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$user = user::lookup_by_name("access_test");
|
$user = Identity::lookup_user_by_name("access_test");
|
||||||
if ($user->loaded) {
|
if ($user->loaded) {
|
||||||
$user->delete();
|
$user->delete();
|
||||||
}
|
}
|
||||||
@ -41,16 +41,16 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
// Reset some permissions that we mangle below
|
// Reset some permissions that we mangle below
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
access::allow(group::everybody(), "view", $root);
|
access::allow(Identity::everybody(), "view", $root);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setup() {
|
public function setup() {
|
||||||
user::set_active(user::guest());
|
Identity::set_active(Identity::guest());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function groups_and_permissions_are_bound_to_columns_test() {
|
public function groups_and_permissions_are_bound_to_columns_test() {
|
||||||
access::register_permission("access_test", "Access Test");
|
access::register_permission("access_test", "Access Test");
|
||||||
$group = group::create("access_test");
|
$group = Identity::create_group("access_test");
|
||||||
|
|
||||||
// We have a new column for this perm / group combo
|
// We have a new column for this perm / group combo
|
||||||
$fields = Database::instance()->list_fields("access_caches");
|
$fields = Database::instance()->list_fields("access_caches");
|
||||||
@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public function user_can_access_test() {
|
public function user_can_access_test() {
|
||||||
$access_test = group::create("access_test");
|
$access_test = Identity::create_group("access_test");
|
||||||
|
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
access::allow($access_test, "view", $root);
|
access::allow($access_test, "view", $root);
|
||||||
|
|
||||||
$item = album::create($root, rand(), "test album");
|
$item = album::create($root, rand(), "test album");
|
||||||
|
|
||||||
access::deny(group::everybody(), "view", $item);
|
access::deny(Identity::everybody(), "view", $item);
|
||||||
access::deny(group::registered_users(), "view", $item);
|
access::deny(Identity::registered_users(), "view", $item);
|
||||||
|
|
||||||
$user = user::create("access_test", "Access Test", "");
|
$user = Identity::create_user("access_test", "Access Test", "");
|
||||||
foreach ($user->groups as $group) {
|
foreach ($user->groups as $group) {
|
||||||
$user->remove($group);
|
$user->remove($group);
|
||||||
}
|
}
|
||||||
@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$item = album::create($root, rand(), "test album");
|
$item = album::create($root, rand(), "test album");
|
||||||
|
|
||||||
access::deny(group::everybody(), "view", $item);
|
access::deny(Identity::everybody(), "view", $item);
|
||||||
access::deny(group::registered_users(), "view", $item);
|
access::deny(Identity::registered_users(), "view", $item);
|
||||||
|
|
||||||
$user = user::create("access_test", "Access Test", "");
|
$user = Identity::create_user("access_test", "Access Test", "");
|
||||||
foreach ($user->groups as $group) {
|
foreach ($user->groups as $group) {
|
||||||
$user->remove($group);
|
$user->remove($group);
|
||||||
}
|
}
|
||||||
@ -121,14 +121,14 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
|
|
||||||
$album = album::create($root, rand(), "test album");
|
$album = album::create($root, rand(), "test album");
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
|
|
||||||
$photo = ORM::factory("item");
|
$photo = ORM::factory("item");
|
||||||
$photo->type = "photo";
|
$photo->type = "photo";
|
||||||
$photo->add_to_parent($album);
|
$photo->add_to_parent($album);
|
||||||
access::add_item($photo);
|
access::add_item($photo);
|
||||||
|
|
||||||
$this->assert_true($photo->__get("view_" . group::everybody()->id));
|
$this->assert_true($photo->__get("view_" . Identity::everybody()->id));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function can_allow_deny_and_reset_intent_test() {
|
public function can_allow_deny_and_reset_intent_test() {
|
||||||
@ -137,23 +137,23 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$intent = ORM::factory("access_intent")->where("item_id", $album)->find();
|
$intent = ORM::factory("access_intent")->where("item_id", $album)->find();
|
||||||
|
|
||||||
// Allow
|
// Allow
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
$this->assert_same(access::ALLOW, $intent->reload()->view_1);
|
$this->assert_same(access::ALLOW, $intent->reload()->view_1);
|
||||||
|
|
||||||
// Deny
|
// Deny
|
||||||
access::deny(group::everybody(), "view", $album);
|
access::deny(Identity::everybody(), "view", $album);
|
||||||
$this->assert_same(
|
$this->assert_same(
|
||||||
access::DENY,
|
access::DENY,
|
||||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||||
|
|
||||||
// Allow again. If the initial value was allow, then the first Allow clause above may not
|
// Allow again. If the initial value was allow, then the first Allow clause above may not
|
||||||
// have actually changed any values.
|
// have actually changed any values.
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
$this->assert_same(
|
$this->assert_same(
|
||||||
access::ALLOW,
|
access::ALLOW,
|
||||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||||
|
|
||||||
access::reset(group::everybody(), "view", $album);
|
access::reset(Identity::everybody(), "view", $album);
|
||||||
$this->assert_same(
|
$this->assert_same(
|
||||||
null,
|
null,
|
||||||
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
ORM::factory("access_intent")->where("item_id", $album)->find()->view_1);
|
||||||
@ -161,7 +161,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
public function cant_reset_root_item_test() {
|
public function cant_reset_root_item_test() {
|
||||||
try {
|
try {
|
||||||
access::reset(group::everybody(), "view", ORM::factory("item", 1));
|
access::reset(Identity::everybody(), "view", ORM::factory("item", 1));
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -170,17 +170,17 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
public function can_view_item_test() {
|
public function can_view_item_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
access::allow(group::everybody(), "view", $root);
|
access::allow(Identity::everybody(), "view", $root);
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $root));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $root));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function can_always_fails_on_unloaded_items_test() {
|
public function can_always_fails_on_unloaded_items_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
access::allow(group::everybody(), "view", $root);
|
access::allow(Identity::everybody(), "view", $root);
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $root));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $root));
|
||||||
|
|
||||||
$bogus = ORM::factory("item", -1);
|
$bogus = ORM::factory("item", -1);
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $bogus));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $bogus));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function cant_view_child_of_hidden_parent_test() {
|
public function cant_view_child_of_hidden_parent_test() {
|
||||||
@ -188,21 +188,21 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$album = album::create($root, rand(), "test album");
|
$album = album::create($root, rand(), "test album");
|
||||||
|
|
||||||
$root->reload();
|
$root->reload();
|
||||||
access::deny(group::everybody(), "view", $root);
|
access::deny(Identity::everybody(), "view", $root);
|
||||||
access::reset(group::everybody(), "view", $album);
|
access::reset(Identity::everybody(), "view", $album);
|
||||||
|
|
||||||
$album->reload();
|
$album->reload();
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $album));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $album));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function view_permissions_propagate_down_test() {
|
public function view_permissions_propagate_down_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$album = album::create($root, rand(), "test album");
|
$album = album::create($root, rand(), "test album");
|
||||||
|
|
||||||
access::allow(group::everybody(), "view", $root);
|
access::allow(Identity::everybody(), "view", $root);
|
||||||
access::reset(group::everybody(), "view", $album);
|
access::reset(Identity::everybody(), "view", $album);
|
||||||
$album->reload();
|
$album->reload();
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $album));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $album));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function can_toggle_view_permissions_propagate_down_test() {
|
public function can_toggle_view_permissions_propagate_down_test() {
|
||||||
@ -217,18 +217,18 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$album3->reload();
|
$album3->reload();
|
||||||
$album4->reload();
|
$album4->reload();
|
||||||
|
|
||||||
access::allow(group::everybody(), "view", $root);
|
access::allow(Identity::everybody(), "view", $root);
|
||||||
access::deny(group::everybody(), "view", $album1);
|
access::deny(Identity::everybody(), "view", $album1);
|
||||||
access::reset(group::everybody(), "view", $album2);
|
access::reset(Identity::everybody(), "view", $album2);
|
||||||
access::reset(group::everybody(), "view", $album3);
|
access::reset(Identity::everybody(), "view", $album3);
|
||||||
access::reset(group::everybody(), "view", $album4);
|
access::reset(Identity::everybody(), "view", $album4);
|
||||||
|
|
||||||
$album4->reload();
|
$album4->reload();
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $album4));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $album4));
|
||||||
|
|
||||||
access::allow(group::everybody(), "view", $album1);
|
access::allow(Identity::everybody(), "view", $album1);
|
||||||
$album4->reload();
|
$album4->reload();
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $album4));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $album4));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
|
public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
|
||||||
@ -237,29 +237,29 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$album2 = album::create($album1, rand(), "test album");
|
$album2 = album::create($album1, rand(), "test album");
|
||||||
|
|
||||||
$root->reload();
|
$root->reload();
|
||||||
access::deny(group::everybody(), "view", $root);
|
access::deny(Identity::everybody(), "view", $root);
|
||||||
access::allow(group::everybody(), "view", $album2);
|
access::allow(Identity::everybody(), "view", $album2);
|
||||||
|
|
||||||
$album1->reload();
|
$album1->reload();
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $album1));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $album1));
|
||||||
|
|
||||||
$album2->reload();
|
$album2->reload();
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $album2));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $album2));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function can_edit_item_test() {
|
public function can_edit_item_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
$this->assert_true(access::group_can(group::everybody(), "edit", $root));
|
$this->assert_true(access::group_can(Identity::everybody(), "edit", $root));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function non_view_permissions_propagate_down_test() {
|
public function non_view_permissions_propagate_down_test() {
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$album = album::create($root, rand(), "test album");
|
$album = album::create($root, rand(), "test album");
|
||||||
|
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
access::reset(group::everybody(), "edit", $album);
|
access::reset(Identity::everybody(), "edit", $album);
|
||||||
$this->assert_true(access::group_can(group::everybody(), "edit", $album));
|
$this->assert_true(access::group_can(Identity::everybody(), "edit", $album));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function non_view_permissions_can_be_revoked_lower_down_test() {
|
public function non_view_permissions_can_be_revoked_lower_down_test() {
|
||||||
@ -279,36 +279,36 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$outer->reload();
|
$outer->reload();
|
||||||
$inner->reload();
|
$inner->reload();
|
||||||
|
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
access::deny(group::everybody(), "edit", $outer);
|
access::deny(Identity::everybody(), "edit", $outer);
|
||||||
access::allow(group::everybody(), "edit", $inner);
|
access::allow(Identity::everybody(), "edit", $inner);
|
||||||
|
|
||||||
// Outer album is not editable, inner one is.
|
// Outer album is not editable, inner one is.
|
||||||
$this->assert_false(access::group_can(group::everybody(), "edit", $outer_photo));
|
$this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo));
|
||||||
$this->assert_true(access::group_can(group::everybody(), "edit", $inner_photo));
|
$this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function i_can_edit_test() {
|
public function i_can_edit_test() {
|
||||||
// Create a new user that belongs to no groups
|
// Create a new user that belongs to no groups
|
||||||
$user = user::create("access_test", "Access Test", "");
|
$user = Identity::create_user("access_test", "Access Test", "");
|
||||||
foreach ($user->groups as $group) {
|
foreach ($user->groups as $group) {
|
||||||
$user->remove($group);
|
$user->remove($group);
|
||||||
}
|
}
|
||||||
$user->save();
|
$user->save();
|
||||||
user::set_active($user);
|
Identity::set_active($user);
|
||||||
|
|
||||||
// This user can't edit anything
|
// This user can't edit anything
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$this->assert_false(access::can("edit", $root));
|
$this->assert_false(access::can("edit", $root));
|
||||||
|
|
||||||
// Now add them to a group that has edit permission
|
// Now add them to a group that has edit permission
|
||||||
$group = group::create("access_test");
|
$group = Identity::create_group("access_test");
|
||||||
$group->add($user);
|
$group->add($user);
|
||||||
$group->save();
|
$group->save();
|
||||||
access::allow($group, "edit", $root);
|
access::allow($group, "edit", $root);
|
||||||
|
|
||||||
$user = user::lookup($user->id); // reload() does not flush related columns
|
$user = Identity::lookup_user($user->id); // reload() does not flush related columns
|
||||||
user::set_active($user);
|
Identity::set_active($user);
|
||||||
|
|
||||||
// And verify that the user can edit.
|
// And verify that the user can edit.
|
||||||
$this->assert_true(access::can("edit", $root));
|
$this->assert_true(access::can("edit", $root));
|
||||||
@ -320,16 +320,16 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
|
|
||||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::deny(group::everybody(), "view", $album);
|
access::deny(Identity::everybody(), "view", $album);
|
||||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::deny(group::everybody(), "view", $album);
|
access::deny(Identity::everybody(), "view", $album);
|
||||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::reset(group::everybody(), "view", $album);
|
access::reset(Identity::everybody(), "view", $album);
|
||||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -341,44 +341,44 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::deny(group::everybody(), "view_full", $album);
|
access::deny(Identity::everybody(), "view_full", $album);
|
||||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::allow(group::everybody(), "view_full", $album);
|
access::allow(Identity::everybody(), "view_full", $album);
|
||||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::deny(group::everybody(), "view_full", $album);
|
access::deny(Identity::everybody(), "view_full", $album);
|
||||||
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||||
|
|
||||||
access::reset(group::everybody(), "view_full", $album);
|
access::reset(Identity::everybody(), "view_full", $album);
|
||||||
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
|
||||||
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function moved_items_inherit_new_permissions_test() {
|
public function moved_items_inherit_new_permissions_test() {
|
||||||
user::set_active(user::lookup_by_name("admin"));
|
Identity::set_active(Identity::lookup_user_by_name("admin"));
|
||||||
|
|
||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$public_album = album::create($root, rand(), "public album");
|
$public_album = album::create($root, rand(), "public album");
|
||||||
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
|
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
|
||||||
access::allow(group::everybody(), "view", $public_album);
|
access::allow(Identity::everybody(), "view", $public_album);
|
||||||
|
|
||||||
$root->reload(); // Account for MPTT changes
|
$root->reload(); // Account for MPTT changes
|
||||||
|
|
||||||
$private_album = album::create($root, rand(), "private album");
|
$private_album = album::create($root, rand(), "private album");
|
||||||
access::deny(group::everybody(), "view", $private_album);
|
access::deny(Identity::everybody(), "view", $private_album);
|
||||||
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
|
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
|
||||||
|
|
||||||
// Make sure that we now have a public photo and private photo.
|
// Make sure that we now have a public photo and private photo.
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo));
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo));
|
||||||
|
|
||||||
// Swap the photos
|
// Swap the photos
|
||||||
item::move($public_photo, $private_album);
|
item::move($public_photo, $private_album);
|
||||||
@ -394,7 +394,7 @@ class Access_Helper_Test extends Unit_Test_Case {
|
|||||||
$public_photo->reload();
|
$public_photo->reload();
|
||||||
|
|
||||||
// Make sure that the public_photo is now private, and the private_photo is now public.
|
// Make sure that the public_photo is now private, and the private_photo is now public.
|
||||||
$this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
|
$this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo));
|
||||||
$this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
|
$this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -44,7 +44,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
|
|||||||
$_POST["direction"] = "ASC";
|
$_POST["direction"] = "ASC";
|
||||||
$_POST["csrf"] = access::csrf_token();
|
$_POST["csrf"] = access::csrf_token();
|
||||||
$_POST["_method"] = "put";
|
$_POST["_method"] = "put";
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
|
|
||||||
ob_start();
|
ob_start();
|
||||||
$controller->_update($this->_album);
|
$controller->_update($this->_album);
|
||||||
@ -68,7 +68,7 @@ class Albums_Controller_Test extends Unit_Test_Case {
|
|||||||
$_POST["name"] = "new name";
|
$_POST["name"] = "new name";
|
||||||
$_POST["title"] = "new title";
|
$_POST["title"] = "new title";
|
||||||
$_POST["description"] = "new description";
|
$_POST["description"] = "new description";
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$controller->_update($this->_album);
|
$controller->_update($this->_album);
|
||||||
|
@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case {
|
|||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$album = album::create($root, rand(), rand(), rand());
|
$album = album::create($root, rand(), rand(), rand());
|
||||||
$item = self::_create_random_item($album);
|
$item = self::_create_random_item($album);
|
||||||
user::set_active(user::guest());
|
Identity::set_active(Identity::guest());
|
||||||
|
|
||||||
// We can see the item when permissions are granted
|
// We can see the item when permissions are granted
|
||||||
access::allow(group::everybody(), "view", $album);
|
access::allow(Identity::everybody(), "view", $album);
|
||||||
$this->assert_equal(
|
$this->assert_equal(
|
||||||
1,
|
1,
|
||||||
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
||||||
|
|
||||||
// We can't see the item when permissions are denied
|
// We can't see the item when permissions are denied
|
||||||
access::deny(group::everybody(), "view", $album);
|
access::deny(Identity::everybody(), "view", $album);
|
||||||
$this->assert_equal(
|
$this->assert_equal(
|
||||||
0,
|
0,
|
||||||
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
|
||||||
|
@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
|||||||
$root = ORM::factory("item", 1);
|
$root = ORM::factory("item", 1);
|
||||||
$photo = photo::create(
|
$photo = photo::create(
|
||||||
$root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
|
$root, MODPATH . "gallery/tests/test.jpg", "test.jpeg",
|
||||||
"test", "test", user::active(), "slug");
|
"test", "test", Identity::active(), "slug");
|
||||||
$orig_name = $photo->name;
|
$orig_name = $photo->name;
|
||||||
|
|
||||||
$_POST["filename"] = "test.jpeg";
|
$_POST["filename"] = "test.jpeg";
|
||||||
@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
|||||||
$_POST["description"] = "new description";
|
$_POST["description"] = "new description";
|
||||||
$_POST["slug"] = "new-slug";
|
$_POST["slug"] = "new-slug";
|
||||||
$_POST["csrf"] = access::csrf_token();
|
$_POST["csrf"] = access::csrf_token();
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
|
|
||||||
ob_start();
|
ob_start();
|
||||||
$controller->_update($photo);
|
$controller->_update($photo);
|
||||||
@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case {
|
|||||||
$_POST["name"] = "new name";
|
$_POST["name"] = "new name";
|
||||||
$_POST["title"] = "new title";
|
$_POST["title"] = "new title";
|
||||||
$_POST["description"] = "new description";
|
$_POST["description"] = "new description";
|
||||||
access::allow(group::everybody(), "edit", $root);
|
access::allow(Identity::everybody(), "edit", $root);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$controller->_update($photo);
|
$controller->_update($photo);
|
||||||
|
@ -57,7 +57,7 @@
|
|||||||
<title><?= t("Something went wrong!") ?></title>
|
<title><?= t("Something went wrong!") ?></title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<? try { $user = user::active(); } catch (Exception $e) { } ?>
|
<? try { $user = Identity::active(); } catch (Exception $e) { } ?>
|
||||||
<? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
|
<? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
|
||||||
<div class="big_box" id="framework_error">
|
<div class="big_box" id="framework_error">
|
||||||
<h1>
|
<h1>
|
||||||
|
@ -8,7 +8,7 @@
|
|||||||
</li>
|
</li>
|
||||||
<? else: ?>
|
<? else: ?>
|
||||||
<li class="first">
|
<li class="first">
|
||||||
<? if (user::is_writable()): ?>
|
<? if (Identity::is_writable()): ?>
|
||||||
<?= t('Logged in as %name', array('name' => html::mark_clean(
|
<?= t('Logged in as %name', array('name' => html::mark_clean(
|
||||||
'<a href="' . url::site("form/edit/users/{$user->id}") .
|
'<a href="' . url::site("form/edit/users/{$user->id}") .
|
||||||
'" title="' . t("Edit Your Profile")->for_html_attr() .
|
'" title="' . t("Edit Your Profile")->for_html_attr() .
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
<li id="g-login-form">
|
<li id="g-login-form">
|
||||||
<?= $form ?>
|
<?= $form ?>
|
||||||
</li>
|
</li>
|
||||||
<? if (user::is_writable()): ?>
|
<? if (Identity::is_writable()): ?>
|
||||||
<li>
|
<li>
|
||||||
<a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
|
<a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
|
||||||
</li>
|
</li>
|
||||||
|
@ -43,7 +43,7 @@
|
|||||||
<p>
|
<p>
|
||||||
<?= t("This site is currently only accessible by site administrators.") ?>
|
<?= t("This site is currently only accessible by site administrators.") ?>
|
||||||
</p>
|
</p>
|
||||||
<?= user::get_login_form("login/auth_html") ?>
|
<?= Identity::get_login_form("login/auth_html") ?>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
class notification {
|
class notification {
|
||||||
static function get_subscription($item_id, $user=null) {
|
static function get_subscription($item_id, $user=null) {
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
$user = user::active();
|
$user = Identity::active();
|
||||||
}
|
}
|
||||||
|
|
||||||
return ORM::factory("subscription")
|
return ORM::factory("subscription")
|
||||||
@ -31,7 +31,7 @@ class notification {
|
|||||||
|
|
||||||
static function is_watching($item, $user=null) {
|
static function is_watching($item, $user=null) {
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
$user = user::active();
|
$user = Identity::active();
|
||||||
}
|
}
|
||||||
|
|
||||||
return ORM::factory("subscription")
|
return ORM::factory("subscription")
|
||||||
@ -44,7 +44,7 @@ class notification {
|
|||||||
static function add_watch($item, $user=null) {
|
static function add_watch($item, $user=null) {
|
||||||
if ($item->is_album()) {
|
if ($item->is_album()) {
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
$user = user::active();
|
$user = Identity::active();
|
||||||
}
|
}
|
||||||
$subscription = ORM::factory("subscription");
|
$subscription = ORM::factory("subscription");
|
||||||
$subscription->item_id = $item->id;
|
$subscription->item_id = $item->id;
|
||||||
@ -56,7 +56,7 @@ class notification {
|
|||||||
static function remove_watch($item, $user=null) {
|
static function remove_watch($item, $user=null) {
|
||||||
if ($item->is_album()) {
|
if ($item->is_album()) {
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
$user = user::active();
|
$user = Identity::active();
|
||||||
}
|
}
|
||||||
|
|
||||||
$subscription = ORM::factory("subscription")
|
$subscription = ORM::factory("subscription")
|
||||||
@ -79,7 +79,7 @@ class notification {
|
|||||||
$subscriber_ids[] = $subscriber->user_id;
|
$subscriber_ids[] = $subscriber->user_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
$users = user::get_user_list(array("in" => array("id", $subscriber_ids),
|
$users = Identity::get_user_list(array("in" => array("id", $subscriber_ids),
|
||||||
"where" => array("email IS NOT" => null)));
|
"where" => array("email IS NOT" => null)));
|
||||||
|
|
||||||
$subscribers = array();
|
$subscribers = array();
|
||||||
|
@ -95,7 +95,7 @@ class notification_event_Core {
|
|||||||
}
|
}
|
||||||
|
|
||||||
static function site_menu($menu, $theme) {
|
static function site_menu($menu, $theme) {
|
||||||
if (!user::active()->guest) {
|
if (!Identity::active()->guest) {
|
||||||
$item = $theme->item();
|
$item = $theme->item();
|
||||||
|
|
||||||
if ($item && $item->is_album() && access::can("view", $item)) {
|
if ($item && $item->is_album() && access::can("view", $item)) {
|
||||||
|
@ -22,8 +22,8 @@ class search_Core {
|
|||||||
$db = Database::instance();
|
$db = Database::instance();
|
||||||
$q = $db->escape_str($q);
|
$q = $db->escape_str($q);
|
||||||
|
|
||||||
if (!user::active()->admin) {
|
if (!Identity::active()->admin) {
|
||||||
foreach (user::group_ids() as $id) {
|
foreach (Identity::group_ids_for_active_user() as $id) {
|
||||||
$fields[] = "`view_$id` = TRUE"; // access::ALLOW
|
$fields[] = "`view_$id` = TRUE"; // access::ALLOW
|
||||||
}
|
}
|
||||||
$access_sql = "AND (" . join(" AND ", $fields) . ")";
|
$access_sql = "AND (" . join(" AND ", $fields) . ")";
|
||||||
|
@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller {
|
|||||||
access::verify_csrf();
|
access::verify_csrf();
|
||||||
|
|
||||||
$task = ORM::factory("task", $task_id);
|
$task = ORM::factory("task", $task_id);
|
||||||
if (!$task->loaded || $task->owner_id != user::active()->id) {
|
if (!$task->loaded || $task->owner_id != Identity::active()->id) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller {
|
|||||||
$task->set("mode", "done");
|
$task->set("mode", "done");
|
||||||
}
|
}
|
||||||
|
|
||||||
$owner_id = user::active()->id;
|
$owner_id = Identity::active()->id;
|
||||||
foreach ($entries as $entry) {
|
foreach ($entries as $entry) {
|
||||||
if (microtime(true) - $start > 0.5) {
|
if (microtime(true) - $start > 0.5) {
|
||||||
break;
|
break;
|
||||||
|
@ -30,7 +30,7 @@ class server_add_event_Core {
|
|||||||
$item = $theme->item();
|
$item = $theme->item();
|
||||||
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
|
$paths = unserialize(module::get_var("server_add", "authorized_paths"));
|
||||||
|
|
||||||
if ($item && user::active()->admin && $item->is_album() && !empty($paths) &&
|
if ($item && Identity::active()->admin && $item->is_album() && !empty($paths) &&
|
||||||
is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
|
is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) {
|
||||||
$menu->get("add_menu")
|
$menu->get("add_menu")
|
||||||
->append(Menu::factory("dialog")
|
->append(Menu::factory("dialog")
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
*/
|
*/
|
||||||
class server_add_theme_Core {
|
class server_add_theme_Core {
|
||||||
static function head($theme) {
|
static function head($theme) {
|
||||||
if (user::active()->admin) {
|
if (Identity::active()->admin) {
|
||||||
$theme->script("server_add.js");
|
$theme->script("server_add.js");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -65,7 +65,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
|||||||
public function delete_user($id) {
|
public function delete_user($id) {
|
||||||
access::verify_csrf();
|
access::verify_csrf();
|
||||||
|
|
||||||
if ($id == user::active()->id || $id == user::guest()->id) {
|
if ($id == Identity::active()->id || $id == user::guest()->id) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -132,7 +132,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// An admin can change the admin status for any user but themselves
|
// An admin can change the admin status for any user but themselves
|
||||||
if ($user->id != user::active()->id) {
|
if ($user->id != Identity::active()->id) {
|
||||||
$user->admin = $form->edit_user->admin->checked;
|
$user->admin = $form->edit_user->admin->checked;
|
||||||
}
|
}
|
||||||
$user->save();
|
$user->save();
|
||||||
@ -154,7 +154,7 @@ class Admin_Users_Controller extends Admin_Controller {
|
|||||||
|
|
||||||
$form = $this->_get_user_edit_form_admin($user);
|
$form = $this->_get_user_edit_form_admin($user);
|
||||||
// Don't allow the user to control their own admin bit, else you can lock yourself out
|
// Don't allow the user to control their own admin bit, else you can lock yourself out
|
||||||
if ($user->id == user::active()->id) {
|
if ($user->id == Identity::active()->id) {
|
||||||
$form->edit_user->admin->disabled(1);
|
$form->edit_user->admin->disabled(1);
|
||||||
}
|
}
|
||||||
print $form;
|
print $form;
|
||||||
|
@ -21,7 +21,7 @@ class Users_Controller extends Controller {
|
|||||||
public function update($id) {
|
public function update($id) {
|
||||||
$user = user::lookup($id);
|
$user = user::lookup($id);
|
||||||
|
|
||||||
if ($user->guest || $user->id != user::active()->id) {
|
if ($user->guest || $user->id != Identity::active()->id) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -59,7 +59,7 @@ class Users_Controller extends Controller {
|
|||||||
|
|
||||||
public function form_edit($id) {
|
public function form_edit($id) {
|
||||||
$user = user::lookup($id);
|
$user = user::lookup($id);
|
||||||
if ($user->guest || $user->id != user::active()->id) {
|
if ($user->guest || $user->id != Identity::active()->id) {
|
||||||
access::forbidden();
|
access::forbidden();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
109
modules/user/helpers/user.php
Normal file
109
modules/user/helpers/user.php
Normal file
@ -0,0 +1,109 @@
|
|||||||
|
<?php defined("SYSPATH") or die("No direct script access.");
|
||||||
|
/**
|
||||||
|
* Gallery - a web based photo album viewer and editor
|
||||||
|
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation; either version 2 of the License, or (at
|
||||||
|
* your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is the API for handling users.
|
||||||
|
*
|
||||||
|
* Note: by design, this class does not do any permission checking.
|
||||||
|
*/
|
||||||
|
class user_Core {
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::guest.
|
||||||
|
*/
|
||||||
|
static function guest() {
|
||||||
|
return Identity::guest();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::create_user.
|
||||||
|
*/
|
||||||
|
static function create($name, $full_name, $password) {
|
||||||
|
return Identity::create_user($name, $full_name, $password);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::is_correct_password.
|
||||||
|
*/
|
||||||
|
static function is_correct_password($user, $password) {
|
||||||
|
return Identity::is_correct_password($user, $password);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::hash_password.
|
||||||
|
*/
|
||||||
|
static function hash_password($password) {
|
||||||
|
return Identity::hash_password($password);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Look up a user by id.
|
||||||
|
* @param integer $id the user id
|
||||||
|
* @return User_Definition the user object, or null if the id was invalid.
|
||||||
|
*/
|
||||||
|
static function lookup($id) {
|
||||||
|
return self::_lookup_user_by_field("id", $id);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Look up a user by name.
|
||||||
|
* @param integer $name the user name
|
||||||
|
* @return User_Definition the user object, or null if the name was invalid.
|
||||||
|
*/
|
||||||
|
static function lookup_by_name($name) {
|
||||||
|
return self::_lookup_user_by_field("name", $name);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Look up a user by hash.
|
||||||
|
* @param string $name the user name
|
||||||
|
* @return User_Definition the user object, or null if the name was invalid.
|
||||||
|
*/
|
||||||
|
static function lookup_by_hash($hash) {
|
||||||
|
return self::_lookup_user_by_field("hash", $hash);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::get_user_list.
|
||||||
|
*/
|
||||||
|
static function get_user_list($filter=array()) {
|
||||||
|
return Identity::get_user_list($filter);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @see Identity_Driver::get_edit_rules.
|
||||||
|
*/
|
||||||
|
static function get_edit_rules() {
|
||||||
|
return Identity::get_edit_rules("user");
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function _lookup_user_by_field($field_name, $value) {
|
||||||
|
try {
|
||||||
|
$user = model_cache::get("user", $value, $field_name);
|
||||||
|
if ($user->loaded) {
|
||||||
|
return $user;
|
||||||
|
}
|
||||||
|
} catch (Exception $e) {
|
||||||
|
if (strpos($e->getMessage(), "MISSING_MODEL") === false) {
|
||||||
|
throw $e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
@ -90,7 +90,7 @@
|
|||||||
<span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
|
<span class="ui-icon ui-icon-pencil"></span><span class="g-button-text">
|
||||||
<?= t("edit") ?>
|
<?= t("edit") ?>
|
||||||
</span></a>
|
</span></a>
|
||||||
<? if (user::active()->id != $user->id && !$user->guest): ?>
|
<? if (Identity::active()->id != $user->id && !$user->guest): ?>
|
||||||
<a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
|
<a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
|
||||||
class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
|
class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
|
||||||
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
|
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
|
||||||
|
Loading…
Reference in New Issue
Block a user