stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-13 16:09:19 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,082 Commits 4 Branches 0 Tags
99da170defd6482221502294cfafcca9c1c5a776
Commit Graph

60 Commits

Author SHA1 Message Date
Bharat Mediratta
57ef43afdb Change TINYINT(2) to SMALLINT for compliance (thanks Romain LE DISEZ) 2009-05-10 18:56:49 +00:00
Bharat Mediratta
eac4e72a3b Oops, fix a typo. 2009-03-16 08:34:20 +00:00
Bharat Mediratta
068c44e201 access::allow/deny/reset functions will now throw an exception if you 
don't pass in a Group_Model as the argument.  This prevents us from
setting permissions on the wrong group by accidentally passing in a
User_Model.
 2009-03-10 20:34:32 +00:00
Tim Almdal
1d5cca34ef If backticks (`) are used to delimit the name of the table in 
database, Kohana gets confused an appends the prefix outside of the
back ticks
 2009-03-03 04:17:55 +00:00
Tim Almdal
c04ff8e02f Change the pattern to identify tables that need prefix substitution to 
mirror the drupal pattern of using braces {}.
 2009-02-28 06:37:28 +00:00
Tim Almdal
bd15853708 This implements table prefix for all the queries in core, user, exif, 
tag, search, comment and notification modules (Ticket #68)
 2009-02-27 21:07:18 +00:00
Tim Almdal
95fc61c9a8 Standardize to uppercase DESC in the order by method calls 2009-02-22 17:36:58 +00:00
Bharat Mediratta
82ccbba124 Move private key generation into the installer so that we're not 
generating it lazily.
 2009-02-17 07:03:40 +00:00
Andy Staudacher
6a8b80d892 Adding a private key. Based on Drupal 6's drupal_get_private_key() method. 2009-02-17 05:30:24 +00:00
Tim Almdal
2295d74879 Continue to replace raw sql with Database method calls. As per ticket #68 2009-02-13 06:57:16 +00:00
Tim Almdal
80d4df3a4a Convert all item->type == "album" to item->is_album() 
Convert all item->type == "photo" to item->is_photo()
 2009-02-06 03:47:36 +00:00
Bharat Mediratta
0448a5b32c Flush the access_intent cache after ALTER TABLE queries, fixes a 
problem where the install.sql had the wrong view permissions.
 2009-01-19 06:02:53 +00:00
Bharat Mediratta
f3ba69c1d6 Make sure that helper functions are all static. Add new 
File_Structure_Test to make sure we don't regress.

According to the PHP docs, the "public" keyword is implied on static
functions, so remove it.  Also, require private static functions to
start with an _.

http://php.net/manual/en/language.oop5.visibility.php
 2009-01-14 04:12:02 +00:00
Bharat Mediratta
a542f70551 Allow admins to do anything 2009-01-01 00:42:30 +00:00
Bharat Mediratta
4573ada534 Extend permissions interface to allow resetting to the parental default. 2008-12-31 19:59:42 +00:00
Bharat Mediratta
1579494ec4 Preliminary "Edit Permissions" dialog. You can't change permissions 
yet, but it shows you which items have locked view perms.
 2008-12-31 04:05:41 +00:00
Bharat Mediratta
bfb040a463 Fix a bug where we were accidentally allowing view permissions when 
allowing or resetting permission further down in the tree.  This bug
was introduced when I refactored the view permission cache into the
items table.  Updated test to catch it.
 2008-12-31 00:47:15 +00:00
Bharat Mediratta
ad719b9b6f Fully implement the view_full permission. 2008-12-31 00:18:24 +00:00
Bharat Mediratta
cbbbc23c2f Oops, remove some debug code. 2008-12-30 23:36:58 +00:00
Bharat Mediratta
610aa75d3f Fix a bug. Unit tests ftw! 2008-12-30 23:36:36 +00:00
Bharat Mediratta
6e6d3dd969 Refactor _create_htaccess_files and _delete_htaccess_files into 
_update_htaccess_files in preparation for supporting the view_full
permission.
 2008-12-30 23:26:55 +00:00
Bharat Mediratta
cace8390dd Fix typo. 2008-12-30 23:06:33 +00:00
Bharat Mediratta
ed8689f768 Expand on the maintenance code to make it more robust and give the 
admin more control.  You can now track running tasks, resume stalled
tasks, cancel running tasks, and remove finished tasks.

Added graphics::compose() as a placeholder for future watermark
operations.

Added CSRF protection to maintenance urls.
 2008-12-28 23:48:15 +00:00
Bharat Mediratta
672eca5337 Lots of deltas rolled up into a bigger change. Sorry for the mess. 
1) Deleted in-place-editing.  We'll be replacing this with a real edit
   system that groups settings together and is more coherent.

2) Tweaked the way that dialog boxes work to get the ajax stuff working
   again.  It's imperfect and does not work properly for uploading images.
   This is going to get redone also, but this is a good resting point.

3) Created edit forms for albums and photos.  Moved _update and _create out
   of Items_Controller and into the individual subclasses.

4) Created access::required which is a shorthand for:
    if (!access::can(...)) {
      access::forbidden();
    }

5) Added validation rules to Items_Model

6) Converted login to use the regular modal dialog approach in the theme.
 2008-12-24 00:20:26 +00:00
Bharat Mediratta
9cf2c57921 Normalize CSRF handling into the access helper. Probably not the best 
place for it, but it'll do for now.

Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
 2008-12-22 04:33:18 +00:00
Bharat Mediratta
17c0b01444 Add access::forbidden() 2008-12-19 22:13:33 +00:00
Bharat Mediratta
2438dba396 Delete the var/thumbs .htaccess files, too. 2008-12-19 07:16:38 +00:00
Bharat Mediratta
130e26983a Add initialization to the user module to put the user and group_ids 
into the session, for easy access.  This cuts down the number of
queries when we're loading images through file_proxy.php
 2008-12-17 17:40:45 +00:00
Bharat Mediratta
fc7b78492b Separate thumbnails out into var/thumbs. This clears up some ambiguity in Item_Model and simplifies 
file_proxy.  It also means we can stop munging file names in the var/resizes hierarchy.

In the process, rename "thumbnail" to "thumb" everywhere in honor of
Chad (well, ok because it's shorter)..
 2008-12-17 04:45:35 +00:00
Bharat Mediratta
8c7d0a76e5 Add file_proxy. This is controller gets triggered by .htaccess 
protection on var/albums and var/resizes and only displays files to
the user if they have "view" permission on the base ite.
 2008-12-16 23:07:33 +00:00
Bharat Mediratta
3e219aab6b Change htaccess rules to use mod_rewrite 2008-12-16 08:17:00 +00:00
Bharat Mediratta
d9e02a5d0c Various optimizations: 
o Add model_cache::get() which caches models avoiding duplicate lookups
o Stop using ORM relationships for Item_Model::owner so that we can use caching
o For Item_Model::xxx_edit fields, don't make them editable for guests
o Other minor stuff.

These optimizations reduce the number of queries for a 9-photos page from ~200
to ~45.  Still way too many!
 2008-12-16 04:29:00 +00:00
Bharat Mediratta
dc08917345 Fix a bug where we were not deleting the .htaccess file on access::reset() 2008-12-16 02:31:13 +00:00
Bharat Mediratta
61618af0db Create and delete .htaccess files based on the view permissions for 
the group::everybody() user.
 2008-12-16 01:04:19 +00:00
Bharat Mediratta
eecf7bd518 phpdoc cleanup 2008-12-16 00:31:50 +00:00
Bharat Mediratta
3d2fc86604 Permission only function on albums. 2008-12-16 00:30:05 +00:00
Bharat Mediratta
af8c74f612 Fix a bug where parent permissions were not getting inherited to newly 
created albums and photos.
 2008-12-13 20:06:20 +00:00
Bharat Mediratta
8ba5ea3cf8 Make sure that access::can fails if the item is not loaded 2008-12-13 19:49:33 +00:00
Bharat Mediratta
a3142246e4 Move the view permission cache directly into the item table for efficiency. Unit tests ftw! 2008-12-12 06:54:48 +00:00
Bharat Mediratta
2cf3233f54 Get rid of all pseudo users and pseudo groups, while preserving all 
other functionality.  This makes our user/group and access code
fully consistent.
 2008-12-12 00:59:30 +00:00
Bharat Mediratta
914164d5eb Split _update_access_cache into two functions separating view from 
non-view.  This is a step along the path towards moving the view
access cache into the item model.
 2008-12-11 19:06:40 +00:00
Tim Almdal
52ed3f11fd Fix problem with access::can, where the $item->id was being passed to the access_group::can method. 2008-12-10 22:19:39 +00:00
Bharat Mediratta
18a6614a11 Change all access API methods to take ORMs instead of ids. This will 
minimize reloading objects from the database.
 2008-12-10 07:05:49 +00:00
Bharat Mediratta
4a0e4b798e Check view permissions before allowing view access to albums/photos. 2008-12-09 10:14:09 +00:00
Bharat Mediratta
e62103b8d9 Move code to delete users and add/remove users from groups into the 
model.
 2008-12-09 08:47:30 +00:00
Bharat Mediratta
e3ad42a276 Add access::can() which verifies that the user belongs to a group that has the 
given permission.
 2008-12-09 00:02:20 +00:00
Bharat Mediratta
bd3a472be7 Rename access::can() to access::group_can() 2008-12-08 10:46:53 +00:00
Bharat Mediratta
5d23a6515d Finish writing unit tests for Access. No bugs found! 2008-12-07 10:56:44 +00:00
Bharat Mediratta
9ba9f7bf27 Change the startup code to only put installed modules on the autoload 
path.  This breaks a bunch of places where we had hardcoded
dependencies, so guard all of those cases.  Restructure
module::available() a bit and the way that we do install/uninstall in
the scaffolding.
 2008-12-04 07:44:28 +00:00
Bharat Mediratta
bae905a4cb Improvements to access helper. 
o Rename access::remove_group() to access::delete_group() for
  consistency.

o Wrote more unit tests

o Tests found a bug in access::remove_item() .. yay!
 2008-12-04 06:40:35 +00:00