Add Item_Model::viewable() which we can use to restrict any query to

just items viewable by the active user.  Ie:

  ORM::factory("item")
    ->where("name", "foo")
    ->find_all()

Would get all items with the name "foo".

  ORM::factory("item")
    ->viewable()
    ->where("name", "foo")
    ->find_all()

Restricts it to just the set of items that the user is allowed to see.
This commit is contained in:
Bharat Mediratta 2008-12-17 22:39:33 +00:00
parent fe39641089
commit b37047ff55
4 changed files with 54 additions and 20 deletions

View File

@ -24,27 +24,26 @@ class Albums_Controller extends Items_Controller {
*/
public function _show($item) {
if (!access::can("view", $item)) {
return Kohana::show_404();
Kohana::show_404();
}
$theme_name = module::get_var("core", "active_theme", "default");
$page_size = module::get_var("core", "page_size", 9);
$template = new Theme_View("page.html", "album", $theme_name);
$page = $this->input->get("page", "1");
$template->set_global('page_size', $page_size);
$template->set_global('item', $item);
$children_count = $item->viewable()->children_count();
$offset = ($page-1) * $page_size;
// Make sure that the page references a valid offset
$children_count = $item->children_count();
while (($offset = ($page - 1) * $page_size) > $children_count && $page != 1) {
$page--;
if ($page < 1 || $page > ceil($children_count / $page_size)) {
Kohana::show_404();
}
$template->set_global('children', $item->children($page_size, $offset));
$template->set_global('children_count', $children_count);
$template->set_global('parents', $item->parents());
$template = new Theme_View("page.html", "album", $theme_name);
$template->set_global("page_size", $page_size);
$template->set_global("item", $item);
$template->set_global("children", $item->viewable()->children($page_size, $offset));
$template->set_global("children_count", $children_count);
$template->set_global("parents", $item->parents());
$template->content = new View("album.html");
print $template;

View File

@ -20,9 +20,25 @@
class Item_Model extends ORM_MPTT {
protected $children = 'items';
private $relative_path = null;
private $view_restrictions = array();
var $rules = array();
/**
* Add a set of restrictions to any following queries to restrict access only to items
* viewable by the active user.
* @chainable
*/
public function viewable() {
if (empty($this->view_restrictions)) {
foreach (user::group_ids() as $id) {
$this->view_restrictions["view_$id"] = access::ALLOW;
}
}
$this->where($this->view_restrictions);
return $this;
}
/**
* Is this item an album?
* @return true if it's an album

View File

@ -23,15 +23,20 @@ class Tags_Controller extends REST_Controller {
public function _show($tag) {
$theme_name = module::get_var("core", "active_theme", "default");
$page_size = module::get_var("core", "page_size", 9);
$page = $this->input->get("page", "1");
$children_count = $tag->items_count();
$offset = ($page-1) * $page_size;
// Make sure that the page references a valid offset
if ($page < 1 || $page > ceil($children_count / $page_size)) {
Kohana::show_404();
}
$template = new Theme_View("page.html", "tag", $theme_name);
$page = $this->input->get("page", "1");
$template->set_global('page_size', $page_size);
$template->set_global('tag', $tag);
$template->set_global('children', $tag->items($page_size, ($page-1) * $page_size));
$template->set_global('children_count', $tag->count);
$template->set_global('children', $tag->items($page_size, $offset));
$template->set_global('children_count', $children_count);
$template->content = new View("tag.html");
print $template;

View File

@ -24,14 +24,15 @@ class Tag_Model extends ORM {
"name" => "required|length[4,32]");
/**
* Return all items associated with this tag.
* @param string $type the type of item (album, photo)
* Return all viewable items associated with this tag.
* @param integer $limit number of rows to limit result to
* @param integer $offset offset in result to start returning rows from
* @param string $type the type of item (album, photo)
* @return ORM_Iterator
*/
public function items($limit=null, $offset=0, $type=null) {
$model = ORM::factory("item")
->viewable()
->join("items_tags", "items.id", "items_tags.item_id")
->where("items_tags.tag_id", $this->id);
if ($type) {
@ -39,4 +40,17 @@ class Tag_Model extends ORM {
}
return $model->find_all($limit, $offset);
}
/**
* Return the count of all viewable items associated with this tag.
* @param string $type the type of item (album, photo)
* @return integer
*/
public function items_count($type=null) {
return ORM::factory("item")
->viewable()
->join("items_tags", "items.id", "items_tags.item_id")
->where("items_tags.tag_id", $this->id)
->count_all();
}
}