by the following rules:
1) An initial dialog or panel load can take either HTML or JSON, but
the mime type must accurately reflect its payload.
2) dialog form submits can handle a pure HTML response, but the mime
type must also be correct. This properly resolves the problem
where the reauth code gets a JSON response first from the reauth
code, and then an HTML response when you reauth and continue on to
a given form -- try it out with Admin > Settings > Advanced.
3) All JSON replies must set the mime type correctly. The json::reply
convenience function does this for us.
4) By default, any HTML content sent back in the JSON response should be
in the "html" field, no longer the "form" field.
The combination of these allows us to stop doing boilerplate code like
this in our controllers:
// Print our view, JSON encoded
json::reply(array("form" => (string) $view));
instead, controllers can just return HTML, eg:
// Print our view
print $view;
That's much more intuitive for developers.
clauses and deletes all the entries in the table unless an array of id's are
passed as the parameter. This fix used the Database_builder to specify any where
conditions. Thanks psvo for find the first one. :-)
1) Controller::$input is gone -- use Input::instance() now
2) Handle new 'database.<default>.connection.params' parameter
3) Handle new 'cache.<default>.prefix' parameter
Now we don't have checkboxes, but instead we restrict you to selecting
directories and albums from only one level in the hierarchy. This
makes it easier for us to make sure that we properly create the
hierarchy that you want and avoid confusion about what's going to wind
up where.
Modify Server_Add_File_Model to have a parent_id and item_id and then
modify them as we go so that we can build up a tree structure there
*before* we create any items. This makes it much easier to figure out
where a new item is going to go and get rid of a bunch of probably
buggy code in the main task.
adding a new album or photo.
Simplify the data structure that we pass down to
server_add_tree.html.php so that we just pass a file list and let it
do whatever it wants with it.
files out in a separate model for scalability. Removed the "pause"
functionality.
- Server_Add_Controller extends Admin_Controller so that we don't have
to check for admin every time.
- Task completion time now factors in the time it takes to walk the
arbitrarily deep trees
- Moved checkbox management entirely into JS using jQuery
- Simplified the JS considerably
I've redone the browsing code but I have not implemented the adding
code.
1) Rename index() to browse() since index is too generic.
2) Simplify the data that we pass to _dialog and _tree
3) Change _tree to return list items only, so that the outer dialog
can be a <ul> for consistency.
4) Simplify the data structures so that we're not tracking checked vs.
unchecked status in the PHP code, it's all done in jquery where we
can do it with just a line or two of JS
5) use glob() which pretty much entirely replaces _get_children
the branch was never opened on the client. This should fix some of the issues
with the server_add as I was able to select the staging directory and then add
over 400 images in a multi-tier structure.
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
start task processing to fill in any subtrees that are selected, but were never expanded on the client. Added the loading icon.
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
