mirror of
https://github.com/Pathduck/gallery3.git
synced 2026-04-23 14:09:20 -04:00
7607e1f932
by the following rules:
1) An initial dialog or panel load can take either HTML or JSON, but
the mime type must accurately reflect its payload.
2) dialog form submits can handle a pure HTML response, but the mime
type must also be correct. This properly resolves the problem
where the reauth code gets a JSON response first from the reauth
code, and then an HTML response when you reauth and continue on to
a given form -- try it out with Admin > Settings > Advanced.
3) All JSON replies must set the mime type correctly. The json::reply
convenience function does this for us.
4) By default, any HTML content sent back in the JSON response should be
in the "html" field, no longer the "form" field.
The combination of these allows us to stop doing boilerplate code like
this in our controllers:
// Print our view, JSON encoded
json::reply(array("form" => (string) $view));
instead, controllers can just return HTML, eg:
// Print our view
print $view;
That's much more intuitive for developers.
92 lines
2.7 KiB
PHP
92 lines
2.7 KiB
PHP
<?php defined("SYSPATH") or die("No direct script access.");
|
|
/**
|
|
* Gallery - a web based photo album viewer and editor
|
|
* Copyright (C) 2000-2010 Bharat Mediratta
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
*/
|
|
class Permissions_Controller extends Controller {
|
|
function browse($id) {
|
|
$item = ORM::factory("item", $id);
|
|
access::required("view", $item);
|
|
access::required("edit", $item);
|
|
|
|
if (!$item->is_album()) {
|
|
access::forbidden();
|
|
}
|
|
|
|
$view = new View("permissions_browse.html");
|
|
$view->htaccess_works = access::htaccess_works();
|
|
$view->item = $item;
|
|
$view->parents = $item->parents();
|
|
$view->form = $this->_get_form($item);
|
|
|
|
print $view;
|
|
}
|
|
|
|
function form($id) {
|
|
$item = ORM::factory("item", $id);
|
|
access::required("view", $item);
|
|
access::required("edit", $item);
|
|
|
|
if (!$item->is_album()) {
|
|
access::forbidden();
|
|
}
|
|
|
|
print $this->_get_form($item);
|
|
}
|
|
|
|
function change($command, $group_id, $perm_id, $item_id) {
|
|
access::verify_csrf();
|
|
|
|
$group = identity::lookup_group($group_id);
|
|
$perm = ORM::factory("permission", $perm_id);
|
|
$item = ORM::factory("item", $item_id);
|
|
access::required("view", $item);
|
|
access::required("edit", $item);
|
|
|
|
if (!empty($group) && $perm->loaded() && $item->loaded()) {
|
|
switch($command) {
|
|
case "allow":
|
|
access::allow($group, $perm->name, $item);
|
|
break;
|
|
|
|
case "deny":
|
|
access::deny($group, $perm->name, $item);
|
|
break;
|
|
|
|
case "reset":
|
|
access::reset($group, $perm->name, $item);
|
|
break;
|
|
}
|
|
|
|
// If the active user just took away their own edit permissions, give it back.
|
|
if ($perm->name == "edit") {
|
|
if (!access::user_can(identity::active_user(), "edit", $item)) {
|
|
access::allow($group, $perm->name, $item);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
private function _get_form($item) {
|
|
$view = new View("permissions_form.html");
|
|
$view->item = $item;
|
|
$view->groups = identity::groups();
|
|
$view->permissions = ORM::factory("permission")->find_all();
|
|
return $view;
|
|
}
|
|
}
|