mirror of
https://github.com/Pathduck/gallery3.git
synced 2024-10-30 05:17:17 -04:00
Add Item_Model::viewable() which we can use to restrict any query to
just items viewable by the active user. Ie: ORM::factory("item") ->where("name", "foo") ->find_all() Would get all items with the name "foo". ORM::factory("item") ->viewable() ->where("name", "foo") ->find_all() Restricts it to just the set of items that the user is allowed to see.
This commit is contained in:
parent
fe39641089
commit
b37047ff55
@ -24,27 +24,26 @@ class Albums_Controller extends Items_Controller {
|
||||
*/
|
||||
public function _show($item) {
|
||||
if (!access::can("view", $item)) {
|
||||
return Kohana::show_404();
|
||||
Kohana::show_404();
|
||||
}
|
||||
|
||||
$theme_name = module::get_var("core", "active_theme", "default");
|
||||
$page_size = module::get_var("core", "page_size", 9);
|
||||
|
||||
$template = new Theme_View("page.html", "album", $theme_name);
|
||||
|
||||
$page = $this->input->get("page", "1");
|
||||
|
||||
$template->set_global('page_size', $page_size);
|
||||
$template->set_global('item', $item);
|
||||
$children_count = $item->viewable()->children_count();
|
||||
$offset = ($page-1) * $page_size;
|
||||
|
||||
// Make sure that the page references a valid offset
|
||||
$children_count = $item->children_count();
|
||||
while (($offset = ($page - 1) * $page_size) > $children_count && $page != 1) {
|
||||
$page--;
|
||||
if ($page < 1 || $page > ceil($children_count / $page_size)) {
|
||||
Kohana::show_404();
|
||||
}
|
||||
$template->set_global('children', $item->children($page_size, $offset));
|
||||
$template->set_global('children_count', $children_count);
|
||||
$template->set_global('parents', $item->parents());
|
||||
|
||||
$template = new Theme_View("page.html", "album", $theme_name);
|
||||
$template->set_global("page_size", $page_size);
|
||||
$template->set_global("item", $item);
|
||||
$template->set_global("children", $item->viewable()->children($page_size, $offset));
|
||||
$template->set_global("children_count", $children_count);
|
||||
$template->set_global("parents", $item->parents());
|
||||
$template->content = new View("album.html");
|
||||
|
||||
print $template;
|
||||
|
@ -20,9 +20,25 @@
|
||||
class Item_Model extends ORM_MPTT {
|
||||
protected $children = 'items';
|
||||
private $relative_path = null;
|
||||
private $view_restrictions = array();
|
||||
|
||||
var $rules = array();
|
||||
|
||||
/**
|
||||
* Add a set of restrictions to any following queries to restrict access only to items
|
||||
* viewable by the active user.
|
||||
* @chainable
|
||||
*/
|
||||
public function viewable() {
|
||||
if (empty($this->view_restrictions)) {
|
||||
foreach (user::group_ids() as $id) {
|
||||
$this->view_restrictions["view_$id"] = access::ALLOW;
|
||||
}
|
||||
}
|
||||
$this->where($this->view_restrictions);
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this item an album?
|
||||
* @return true if it's an album
|
||||
|
@ -23,15 +23,20 @@ class Tags_Controller extends REST_Controller {
|
||||
public function _show($tag) {
|
||||
$theme_name = module::get_var("core", "active_theme", "default");
|
||||
$page_size = module::get_var("core", "page_size", 9);
|
||||
$page = $this->input->get("page", "1");
|
||||
$children_count = $tag->items_count();
|
||||
$offset = ($page-1) * $page_size;
|
||||
|
||||
// Make sure that the page references a valid offset
|
||||
if ($page < 1 || $page > ceil($children_count / $page_size)) {
|
||||
Kohana::show_404();
|
||||
}
|
||||
|
||||
$template = new Theme_View("page.html", "tag", $theme_name);
|
||||
|
||||
$page = $this->input->get("page", "1");
|
||||
|
||||
$template->set_global('page_size', $page_size);
|
||||
$template->set_global('tag', $tag);
|
||||
$template->set_global('children', $tag->items($page_size, ($page-1) * $page_size));
|
||||
$template->set_global('children_count', $tag->count);
|
||||
$template->set_global('children', $tag->items($page_size, $offset));
|
||||
$template->set_global('children_count', $children_count);
|
||||
$template->content = new View("tag.html");
|
||||
|
||||
print $template;
|
||||
|
@ -24,14 +24,15 @@ class Tag_Model extends ORM {
|
||||
"name" => "required|length[4,32]");
|
||||
|
||||
/**
|
||||
* Return all items associated with this tag.
|
||||
* @param string $type the type of item (album, photo)
|
||||
* Return all viewable items associated with this tag.
|
||||
* @param integer $limit number of rows to limit result to
|
||||
* @param integer $offset offset in result to start returning rows from
|
||||
* @param string $type the type of item (album, photo)
|
||||
* @return ORM_Iterator
|
||||
*/
|
||||
public function items($limit=null, $offset=0, $type=null) {
|
||||
$model = ORM::factory("item")
|
||||
->viewable()
|
||||
->join("items_tags", "items.id", "items_tags.item_id")
|
||||
->where("items_tags.tag_id", $this->id);
|
||||
if ($type) {
|
||||
@ -39,4 +40,17 @@ class Tag_Model extends ORM {
|
||||
}
|
||||
return $model->find_all($limit, $offset);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the count of all viewable items associated with this tag.
|
||||
* @param string $type the type of item (album, photo)
|
||||
* @return integer
|
||||
*/
|
||||
public function items_count($type=null) {
|
||||
return ORM::factory("item")
|
||||
->viewable()
|
||||
->join("items_tags", "items.id", "items_tags.item_id")
|
||||
->where("items_tags.tag_id", $this->id)
|
||||
->count_all();
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user