summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBharat Mediratta <bharat@menalto.com>2008-12-12 00:59:30 +0000
committerBharat Mediratta <bharat@menalto.com>2008-12-12 00:59:30 +0000
commit2cf3233f546dfa38521bd9ec280dbec9a9fb7612 (patch)
treed002407e665c966bb3ccfeedd672ba77fd26541c
parent0f41cab73201ca2669f4cce88d7e195d7cb28285 (diff)
Get rid of all pseudo users and pseudo groups, while preserving all
other functionality. This makes our user/group and access code fully consistent.
Diffstat
-rw-r--r--core/controllers/items.php3
-rw-r--r--core/controllers/welcome.php11
-rw-r--r--core/helpers/access.php46
-rw-r--r--core/helpers/core_installer.php3
-rw-r--r--core/helpers/core_menu.php9
-rw-r--r--core/libraries/Theme_View.php2
-rw-r--r--core/models/item.php2
-rw-r--r--core/tests/Access_Helper_Test.php82
-rw-r--r--core/views/welcome.html.php18
-rw-r--r--modules/user/helpers/group.php21
-rw-r--r--modules/user/helpers/user.php33
-rw-r--r--modules/user/helpers/user_block.php4
-rw-r--r--modules/user/helpers/user_installer.php26
-rw-r--r--modules/user/helpers/user_menu.php4
-rw-r--r--modules/user/tests/User_Installer_Test.php23
-rw-r--r--modules/user/views/login.html.php8
16 files changed, 166 insertions, 129 deletions
diff --git a/core/controllers/items.php b/core/controllers/items.php
index a5dd5f1e..efbfa8d9 100644
--- a/core/controllers/items.php
+++ b/core/controllers/items.php
@@ -51,8 +51,7 @@ class Items_Controller extends REST_Controller {
public function _create($item) {
// @todo Productionize this code
// 1) Add security checks
- $user = Session::instance()->get("user");
- $owner_id = $user ? $user->id : $item->owner_id;
+ $owner_id = user::active()->id;
switch ($this->input->post("type")) {
case "album":
diff --git a/core/controllers/welcome.php b/core/controllers/welcome.php
index bddca606..3f70e1dc 100644
--- a/core/controllers/welcome.php
+++ b/core/controllers/welcome.php
@@ -34,7 +34,6 @@ class Welcome_Controller extends Template_Controller {
$this->template->deepest_photo = ORM::factory("item")
->where("type", "photo")->orderby("level", "desc")->find();
$this->template->album_tree = $this->_load_album_tree();
- $this->template->rearrange_html = new View("rearrange.html");
$this->template->add_photo_html = $this->_get_add_photo_html();
if (module::is_installed("local_import")) {
$this->template->local_import_html = $this->_get_local_import_html();
@@ -46,7 +45,6 @@ class Welcome_Controller extends Template_Controller {
$this->template->photo_count = 0;
$this->template->deepest_photo = null;
$this->template->album_tree = array();
- $this->template->rearrange_html = "";
$this->template->add_photo_html = "";
$this->template->local_import_html = "";
}
@@ -205,13 +203,7 @@ class Welcome_Controller extends Template_Controller {
function add_albums_and_photos($count, $desired_type=null) {
srand(time());
$parents = ORM::factory("item")->where("type", "album")->find_all()->as_array();
-
- try {
- $user = Session::instance()->get("user");
- $owner_id = $user ? $user->id : ORM::factory("user")->find()->id;
- } catch (Exception $e) {
- $owner_id = null;
- }
+ $owner_id = user::active()->id;
for ($i = 0; $i < $count; $i++) {
set_time_limit(30);
@@ -486,6 +478,7 @@ class Welcome_Controller extends Template_Controller {
$tree[$album->id]->album = $album;
$tree[$album->id]->children = array();
}
+
return $tree;
}
diff --git a/core/helpers/access.php b/core/helpers/access.php
index ad62595d..82325900 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -84,8 +84,7 @@ class access_Core {
throw new Exception("@todo MISSING_ACCESS for $item->id");
}
- $group_id = $group ? $group->id : 0;
- return $access->__get("{$perm_name}_$group_id") === self::ALLOW;
+ return $access->__get("{$perm_name}_{$group->id}") === self::ALLOW;
}
/**
@@ -96,25 +95,17 @@ class access_Core {
* @return boolean
*/
public static function can($perm_name, $item) {
- $user = Session::instance()->get("user", null);
- if ($user) {
- $access = ORM::factory("access_cache")->where("item_id", $item->id)->find();
- if (!$access) {
- throw new Exception("@todo MISSING_ACCESS for $item->id");
- }
+ $access = ORM::factory("access_cache")->where("item_id", $item->id)->find();
+ if (!$access) {
+ throw new Exception("@todo MISSING_ACCESS for $item->id");
+ }
- if ($access->view_0 == self::ALLOW) {
+ foreach (user::active()->groups as $group) {
+ if ($access->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
return true;
}
- foreach ($user->groups as $group) {
- if ($access->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
- return true;
- }
- }
- return false;
- } else {
- return self::group_can(group::EVERYBODY, $perm_name, $item);
}
+ return false;
}
/**
@@ -132,8 +123,7 @@ class access_Core {
throw new Exception("@todo MISSING_ACCESS for $item->id");
}
- $group_id = $group ? $group->id : 0;
- $access->__set("{$perm_name}_$group_id", $value);
+ $access->__set("{$perm_name}_{$group->id}", $value);
$access->save();
if ($perm_name =="view") {
@@ -199,7 +189,6 @@ class access_Core {
foreach (self::_get_all_groups() as $group) {
self::_add_columns($perm_name, $group);
}
- self::_add_columns($perm_name, null);
}
/**
@@ -212,7 +201,6 @@ class access_Core {
foreach (self::_get_all_groups() as $group) {
self::_drop_columns($name, $group);
}
- self::_drop_columns($name, null);
$permission = ORM::factory("permission")->where("name", $name)->find();
if ($permission->loaded) {
$permission->delete();
@@ -264,8 +252,6 @@ class access_Core {
$field = "{$perm->name}_{$group->id}";
$access_cache->$field = $parent_access_cache->$field;
}
- $field = "{$perm->name}_0";
- $access_cache->$field = $parent_access_cache->$field;
}
$access_cache->save();
}
@@ -302,9 +288,8 @@ class access_Core {
* @return void
*/
private static function _drop_columns($perm_name, $group) {
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
+ $field = "{$perm_name}_{$group->id}";
$db->query("ALTER TABLE `access_caches` DROP `$field`");
$db->query("ALTER TABLE `access_intents` DROP `$field`");
}
@@ -317,11 +302,11 @@ class access_Core {
* @return void
*/
private static function _add_columns($perm_name, $group) {
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
+ $field = "{$perm_name}_{$group->id}";
$db->query("ALTER TABLE `access_caches` ADD `$field` TINYINT(2) NOT NULL DEFAULT 0");
$db->query("ALTER TABLE `access_intents` ADD `$field` BOOLEAN DEFAULT NULL");
+ $db->query("UPDATE `access_intents` SET `$field` = 0 WHERE `item_id` = 1");
}
/**
@@ -337,9 +322,8 @@ class access_Core {
public static function _update_access_view_cache($group, $item) {
$access = ORM::factory("access_intent")->where("item_id", $item->id)->find();
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "view_$group_id";
+ $field = "view_{$group->id}";
// With view permissions, deny values in the parent can override allow values in the child,
// so start from the bottom of the tree and work upwards overlaying negative on top of
@@ -430,10 +414,8 @@ class access_Core {
public static function _update_access_non_view_cache($group, $perm_name, $item) {
$access = ORM::factory("access_intent")->where("item_id", $item->id)->find();
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
-
+ $field = "{$perm_name}_{$group->id}";
// If the item's intent is DEFAULT, then we need to back up the chain to find the nearest
// parent with an intent and propagate from there.
diff --git a/core/helpers/core_installer.php b/core/helpers/core_installer.php
index d2c03948..8f24b659 100644
--- a/core/helpers/core_installer.php
+++ b/core/helpers/core_installer.php
@@ -108,10 +108,7 @@ class core_installer {
$root->level = 1;
$root->set_thumbnail(DOCROOT . "core/tests/test.jpg", 200, 150)
->save();
-
access::add_item($root);
- access::allow(0, "view", $root);
- access::deny(0, "edit", $root);
module::set_version("core", 1);
}
diff --git a/core/helpers/core_menu.php b/core/helpers/core_menu.php
index e4a3dd92..69398302 100644
--- a/core/helpers/core_menu.php
+++ b/core/helpers/core_menu.php
@@ -32,9 +32,8 @@ class core_menu_Core {
->url(url::site("albums/1")));
$item = $theme->item();
- $user = Session::instance()->get("user", null);
- if ($user) {
- // @todo need to do a permission check here
+
+ if (access::can("edit", $item)) {
$menu->append(
Menu::factory("submenu")
->id("options_menu")
@@ -50,19 +49,19 @@ class core_menu_Core {
->label(_("Add album"))
->url(url::site("form/add/albums/$item->id"))));
+
$admin_menu = Menu::factory("submenu")
->id("admin_menu")
->label(_("Admin"));
$menu->append($admin_menu);
- // @todo need to do a permission check here
$admin_menu->append(
Menu::factory("dialog")
->id("edit")
->label(_("Edit"))
->url(url::site("form/edit/{$item->type}s/$item->id")));
- if ($user->admin) {
+ if (user::active()->admin) {
$admin_menu->append(
Menu::factory("link")
->id("site_admin")
diff --git a/core/libraries/Theme_View.php b/core/libraries/Theme_View.php
index 8736e87d..51d7c545 100644
--- a/core/libraries/Theme_View.php
+++ b/core/libraries/Theme_View.php
@@ -33,7 +33,7 @@ class Theme_View_Core extends View {
parent::__construct($name);
$this->theme_name = $theme_name;
$this->set_global('theme', $this);
- $this->set_global('user', Session::instance()->get('user', null));
+ $this->set_global('user', user::active());
$this->set_global("page_type", $page_type);
}
diff --git a/core/models/item.php b/core/models/item.php
index 866315f7..3f3db0a7 100644
--- a/core/models/item.php
+++ b/core/models/item.php
@@ -224,7 +224,7 @@ class Item_Model extends ORM_MPTT {
public function __get($column) {
if (substr($column, -5) == "_edit") {
$real_column = substr($column, 0, strlen($column) - 5);
- if (Session::instance()->get("user", false)) {
+ if (access::can("edit", $this)) {
return "<span class=\"gInPlaceEdit gEditField-{$this->id}-{$real_column}\">" .
"{$this->$real_column}</span>";
} else {
diff --git a/core/tests/Access_Helper_Test.php b/core/tests/Access_Helper_Test.php
index 066b0a08..2e8f9f54 100644
--- a/core/tests/Access_Helper_Test.php
+++ b/core/tests/Access_Helper_Test.php
@@ -84,33 +84,33 @@ class Access_Helper_Test extends Unit_Test_Case {
$intent = ORM::factory("access_intent")->where("item_id", $item)->find();
// Allow
- access::allow(0, "view", $item);
- $this->assert_same(access::ALLOW, $intent->reload()->view_0);
+ access::allow(group::everybody(), "view", $item);
+ $this->assert_same(access::ALLOW, $intent->reload()->view_1);
// Deny
- access::deny(0, "view", $item);
+ access::deny(group::everybody(), "view", $item);
$this->assert_same(
access::DENY,
- ORM::factory("access_intent")->where("item_id", $item)->find()->view_0);
+ ORM::factory("access_intent")->where("item_id", $item)->find()->view_1);
// Allow again. If the initial value was allow, then the first Allow clause above may not
// have actually changed any values.
- access::allow(0, "view", $item);
+ access::allow(group::everybody(), "view", $item);
$this->assert_same(
access::ALLOW,
- ORM::factory("access_intent")->where("item_id", $item)->find()->view_0);
+ ORM::factory("access_intent")->where("item_id", $item)->find()->view_1);
- access::reset(0, "view", $item);
+ access::reset(group::everybody(), "view", $item);
$this->assert_same(
null,
- ORM::factory("access_intent")->where("item_id", $item)->find()->view_0);
+ ORM::factory("access_intent")->where("item_id", $item)->find()->view_1);
$item->delete();
}
public function cant_reset_root_item_test() {
try {
- access::reset(0, "view", ORM::factory("item", 1));
+ access::reset(group::everybody(), "view", ORM::factory("item", 1));
} catch (Exception $e) {
return;
}
@@ -120,8 +120,8 @@ class Access_Helper_Test extends Unit_Test_Case {
public function can_view_item_test() {
$root = ORM::factory("item", 1);
- access::allow(0, "view", $root);
- $this->assert_true(access::group_can(0, "view", $root));
+ access::allow(group::everybody(), "view", $root);
+ $this->assert_true(access::group_can(group::everybody(), "view", $root));
}
public function cant_view_child_of_hidden_parent_test() {
@@ -129,9 +129,9 @@ class Access_Helper_Test extends Unit_Test_Case {
$album = ORM::factory("item")->add_to_parent($root);
access::add_item($album);
- access::deny(0, "view", $root);
- access::reset(0, "view", $album);
- $this->assert_false(access::group_can(0, "view", $album));
+ access::deny(group::everybody(), "view", $root);
+ access::reset(group::everybody(), "view", $album);
+ $this->assert_false(access::group_can(group::everybody(), "view", $album));
}
public function view_permissions_propagate_down_test() {
@@ -139,9 +139,9 @@ class Access_Helper_Test extends Unit_Test_Case {
$album = ORM::factory("item")->add_to_parent($root);
access::add_item($album);
- access::allow(0, "view", $root);
- access::reset(0, "view", $album);
- $this->assert_true(access::group_can(0, "view", $album));
+ access::allow(group::everybody(), "view", $root);
+ access::reset(group::everybody(), "view", $album);
+ $this->assert_true(access::group_can(group::everybody(), "view", $album));
}
public function can_toggle_view_permissions_propagate_down_test() {
@@ -171,15 +171,15 @@ class Access_Helper_Test extends Unit_Test_Case {
$album3->reload();
$album4->reload();
- access::allow(0, "view", $root);
- access::deny(0, "view", $album1);
- access::reset(0, "view", $album2);
- access::reset(0, "view", $album3);
- access::reset(0, "view", $album4);
- $this->assert_false(access::group_can(0, "view", $album4));
+ access::allow(group::everybody(), "view", $root);
+ access::deny(group::everybody(), "view", $album1);
+ access::reset(group::everybody(), "view", $album2);
+ access::reset(group::everybody(), "view", $album3);
+ access::reset(group::everybody(), "view", $album4);
+ $this->assert_false(access::group_can(group::everybody(), "view", $album4));
- access::allow(0, "view", $album1);
- $this->assert_true(access::group_can(0, "view", $album4));
+ access::allow(group::everybody(), "view", $album1);
+ $this->assert_true(access::group_can(group::everybody(), "view", $album4));
}
public function revoked_view_permissions_cant_be_allowed_lower_down_test() {
@@ -187,15 +187,15 @@ class Access_Helper_Test extends Unit_Test_Case {
$album = ORM::factory("item")->add_to_parent($root);
access::add_item($album);
- access::deny(0, "view", $root);
- access::allow(0, "view", $album);
- $this->assert_false(access::group_can(0, "view", $album));
+ access::deny(group::everybody(), "view", $root);
+ access::allow(group::everybody(), "view", $album);
+ $this->assert_false(access::group_can(group::everybody(), "view", $album));
}
public function can_edit_item_test() {
$root = ORM::factory("item", 1);
- access::allow(0, "edit", $root);
- $this->assert_true(access::group_can(0, "edit", $root));
+ access::allow(group::everybody(), "edit", $root);
+ $this->assert_true(access::group_can(group::everybody(), "edit", $root));
}
public function non_view_permissions_propagate_down_test() {
@@ -203,9 +203,9 @@ class Access_Helper_Test extends Unit_Test_Case {
$album = ORM::factory("item")->add_to_parent($root);
access::add_item($album);
- access::allow(0, "edit", $root);
- access::reset(0, "edit", $album);
- $this->assert_true(access::group_can(0, "edit", $album));
+ access::allow(group::everybody(), "edit", $root);
+ access::reset(group::everybody(), "edit", $album);
+ $this->assert_true(access::group_can(group::everybody(), "edit", $album));
}
public function non_view_permissions_can_be_revoked_lower_down_test() {
@@ -228,13 +228,13 @@ class Access_Helper_Test extends Unit_Test_Case {
$outer->reload();
$inner->reload();
- access::allow(0, "edit", $root);
- access::deny(0, "edit", $outer);
- access::allow(0, "edit", $inner);
+ access::allow(group::everybody(), "edit", $root);
+ access::deny(group::everybody(), "edit", $outer);
+ access::allow(group::everybody(), "edit", $inner);
// Outer album is not editable, inner one is.
- $this->assert_false(access::group_can(0, "edit", $outer_photo));
- $this->assert_true(access::group_can(0, "edit", $inner_photo));
+ $this->assert_false(access::group_can(group::everybody(), "edit", $outer_photo));
+ $this->assert_true(access::group_can(group::everybody(), "edit", $inner_photo));
}
public function i_can_edit_test() {
@@ -243,7 +243,9 @@ class Access_Helper_Test extends Unit_Test_Case {
foreach ($user->groups as $group) {
$user->remove($group);
}
- Session::instance()->set("user", $user);
+ // @todo remove this reload when http://dev.kohanaphp.com/ticket/959 is resolved
+ $user->reload();
+ user::set_active($user);
// This user can't edit anything
$root = ORM::factory("item", 1);
@@ -253,7 +255,7 @@ class Access_Helper_Test extends Unit_Test_Case {
$group = group::create("access_test");
$group->add($user);
access::allow($group, "edit", $root);
- Session::instance()->set("user", $user->reload());
+ user::set_active($user->reload());
// And verify that the user can edit.
$this->assert_true(access::can("edit", $root));
diff --git a/core/views/welcome.html.php b/core/views/welcome.html.php
index c8352592..d412d119 100644
--- a/core/views/welcome.html.php
+++ b/core/views/welcome.html.php
@@ -283,10 +283,12 @@
<input type="hidden" name="type" value="album"/>
</form>
</fieldset>
+ <? if (module::is_installed("rearrange")): ?>
<fieldset>
<legend>Rearrange</legend>
- <?= $rearrange_html ?>
+ <?= new View("rearrange.html") ?>
</fieldset>
+ <? endif ?>
</div>
<div id="access" class="activity">
@@ -301,14 +303,14 @@
<? foreach ($users as $user): ?>
<li>
<?= $user->name ?>
- <? if ($user->id != user::ADMIN): ?>
+ <? if (!$user->admin): ?>
<?= html::anchor("welcome/delete_user/$user->id", "[x]") ?>
<? endif ?>
<ul>
<? foreach ($user->groups as $group): ?>
<li>
<?= $group->name ?>
- <? if ($group->id != group::REGISTERED_USERS): ?>
+ <? if (!$group->special): ?>
<?= html::anchor("welcome/remove_from_group/$group->id/$user->id", "[x]") ?>
<? endif ?>
</li>
@@ -337,7 +339,7 @@
<? foreach ($groups as $group): ?>
<li>
<?= $group->name ?>
- <? if ($group->id != group::REGISTERED_USERS): ?>
+ <? if (!$group->special): ?>
<?= html::anchor("welcome/delete_group/$group->id", "[x]") ?>
<? endif ?>
</li>
@@ -365,15 +367,15 @@
<?= html::anchor("albums/{$current->album->id}", $current->album->title) ?>
&raquo;
<? foreach (array("view", "edit") as $perm): ?>
- <? if (access::group_can(group::EVERYBODY, $perm, $current->album)): ?>
- <?= html::anchor("welcome/deny_perm/0/$perm/{$current->album->id}", strtoupper($perm), array("class" => "allowed")) ?>
+ <? if (access::group_can(group::everybody(), $perm, $current->album)): ?>
+ <?= html::anchor("welcome/deny_perm/1/$perm/{$current->album->id}", strtoupper($perm), array("class" => "allowed")) ?>
<? else: ?>
- <?= html::anchor("welcome/add_perm/0/$perm/{$current->album->id}", strtolower($perm), array("class" => "denied")) ?>
+ <?= html::anchor("welcome/add_perm/1/$perm/{$current->album->id}", strtolower($perm), array("class" => "denied")) ?>
<? endif ?>
<? endforeach ?>
<? if ($current->album->id != 1): ?>
<span class="understate">
- (<?= html::anchor("welcome/reset_all_perms/0/{$current->album->id}", "reset") ?>)
+ (<?= html::anchor("welcome/reset_all_perms/1/{$current->album->id}", "reset") ?>)
</span>
<? endif; ?>
<? $stack[] = "CLOSE"; ?>
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index f4d57275..a47ade37 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -24,9 +24,6 @@
* Note: by design, this class does not do any permission checking.
*/
class group_Core {
- const EVERYBODY = 0;
- const REGISTERED_USERS = 1;
-
/**
* Create a new group.
*
@@ -45,4 +42,22 @@ class group_Core {
module::event("group_created", $group);
return $group;
}
+
+ /**
+ * The group of all possible visitors. This includes the guest user.
+ *
+ * @return Group_Model
+ */
+ static function everybody() {
+ return ORM::factory("group", 1);
+ }
+
+ /**
+ * The group of all logged-in visitors. This does not include guest users.
+ *
+ * @return Group_Model
+ */
+ static function registered_users() {
+ return ORM::factory("group", 2);
+ }
} \ No newline at end of file
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index dfaa90f2..005431b7 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -24,8 +24,6 @@
* Note: by design, this class does not do any permission checking.
*/
class user_Core {
- const ADMIN = 1;
-
/**
* Return the form for creating / modifying users.
*/
@@ -59,15 +57,32 @@ class user_Core {
}
/**
+ * Return the active user. If there's no active user, return the guest user.
+ *
+ * @return User_Model
+ */
+ static function active() {
+ return Session::instance()->get("user", ORM::factory("user", 1));
+ }
+
+ /**
+ * Change the active user.
+ *
+ * @return User_Model
+ */
+ static function set_active($user) {
+ return Session::instance()->set("user", $user);
+ }
+
+ /**
* Create a new user.
*
* @param string $name
* @param string $display_name
* @param string $password
- * @param boolean $admin true if this user is a site admin
* @return User_Model
*/
- static function create($name, $display_name, $password, $admin=false) {
+ static function create($name, $display_name, $password) {
$user = ORM::factory("user")->where("name", $name);
if ($user->loaded) {
throw new Exception("@todo USER_ALREADY_EXISTS $name");
@@ -76,10 +91,14 @@ class user_Core {
$user->name = $name;
$user->display_name = $display_name;
$user->password = $password;
- $user->admin = $admin;
$user->save();
- $group = ORM::factory("group", group::REGISTERED_USERS);
+ // Everybody user
+ $group = ORM::factory("group", 1);
+ $group->add($user);
+
+ // Registered users
+ $group = ORM::factory("group", 2);
$group->add($user);
module::event("user_created", $user);
@@ -138,7 +157,7 @@ class user_Core {
$user->last_login = time();
$user->save();
- Session::instance()->set("user", $user);
+ user::set_active($user);
module::event("user_login", $user);
}
diff --git a/modules/user/helpers/user_block.php b/modules/user/helpers/user_block.php
index 762c7d17..b737cec6 100644
--- a/modules/user/helpers/user_block.php
+++ b/modules/user/helpers/user_block.php
@@ -21,7 +21,7 @@ class user_block_Core {
public static function head($theme) {
$url = url::file("modules/user/js/user.js");
$script[] = "<script src=\"$url\" type=\"text/javascript\"></script>";
- $user = Session::instance()->get('user', null);
+ $user = user::active();
$url = url::file("lib/jquery.jeditable.js");
$script[] = empty($user) ? "" : "<script src=\"$url\" type=\"text/javascript\"></script>";
return implode("\n", $script);
@@ -29,7 +29,7 @@ class user_block_Core {
public static function header_top($theme) {
$view = new View("login.html");
- $view->user = Session::instance()->get('user', null);
+ $view->user = user::active();
return $view->render();
}
}
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 3dbdaf25..2de3a6cd 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -32,6 +32,7 @@ class user_installer {
`last_login` int(10) unsigned NOT NULL DEFAULT 0,
`email` varchar(255) default NULL,
`admin` BOOLEAN default 0,
+ `guest` BOOLEAN default 0,
PRIMARY KEY (`id`),
UNIQUE KEY(`display_name`))
ENGINE=InnoDB DEFAULT CHARSET=utf8;");
@@ -39,6 +40,7 @@ class user_installer {
$db->query("CREATE TABLE IF NOT EXISTS `groups` (
`id` int(9) NOT NULL auto_increment,
`name` char(255) default NULL,
+ `special` BOOLEAN default 0,
PRIMARY KEY (`id`),
UNIQUE KEY(`name`))
ENGINE=InnoDB DEFAULT CHARSET=utf8;");
@@ -50,18 +52,32 @@ class user_installer {
UNIQUE KEY(`user_id`, `group_id`))
ENGINE=InnoDB DEFAULT CHARSET=utf8;");
+ $everybody = group::create("Everybody");
+ $everybody->special = true;
+ $everybody->save();
+
$registered = group::create("Registered Users");
+ $registered->special = true;
+ $registered->save();
- // @todo: get this info from the installer
- $admin = user::create("admin", "Gallery Administrator", "admin", true);
- $user = user::create("joe", "Joe User", "joe");
+ $guest = user::create("guest", "Guest User", "");
+ $guest->guest = true;
+ $guest->save();
+ $guest->remove($registered);
- $registered->add($admin);
- $registered->add($user);
+ $admin = user::create("admin", "Gallery Administrator", "admin");
+ $admin->admin = true;
+ $admin->save();
// Let the admin own everything
$db->query("UPDATE `items` SET `owner_id` = {$admin->id} WHERE `owner_id` IS NULL");
module::set_version("user", 1);
+
+ $root = ORM::factory("item", 1);
+ access::allow($guest, "view", $root);
+ access::allow($guest, "view", $root);
+ access::allow($registered, "view", $root);
+ access::allow($admin, "edit", $root);
}
}
diff --git a/modules/user/helpers/user_menu.php b/modules/user/helpers/user_menu.php
index 0f25527a..886a873a 100644
--- a/modules/user/helpers/user_menu.php
+++ b/modules/user/helpers/user_menu.php
@@ -19,8 +19,8 @@
*/
class user_menu_Core {
public static function site_navigation($menu, $theme) {
- $user = Session::instance()->get("user", null);
- if ($user) {
+ $user = user::active();
+ if (!$user->guest) {
$menu->get("admin_menu")->append(
Menu::Factory("dialog")
->id("edit_profile")
diff --git a/modules/user/tests/User_Installer_Test.php b/modules/user/tests/User_Installer_Test.php
index acc5467f..db86f0f2 100644
--- a/modules/user/tests/User_Installer_Test.php
+++ b/modules/user/tests/User_Installer_Test.php
@@ -25,21 +25,34 @@
class User_Installer_Test extends Unit_Test_Case {
public function install_creates_admin_user_test() {
$user = ORM::factory("user", 1);
- $this->assert_equal("Gallery Administrator", $user->display_name);
+ $this->assert_equal("guest", $user->name);
+ $this->assert_true($user->guest);
+
+ $user = ORM::factory("user", 2);
$this->assert_equal("admin", $user->name);
- $this->assert_true(user::is_correct_password($user, "admin"));
+ $this->assert_false($user->guest);
$this->assert_equal(
- array("Registered Users"),
+ array("Everybody", "Registered Users"),
array_keys($user->groups->select_list("name")));
}
- public function install_creates_registered_group_test() {
+ public function install_creates_everybody_group_test() {
$group = ORM::factory("group", 1);
+ $this->assert_equal("Everybody", $group->name);
+ $this->assert_true($group->special);
+
+ $this->assert_equal(
+ array("guest", "admin"),
+ array_keys($group->users->select_list("name")));
+ }
+
+ public function install_creates_registered_group_test() {
+ $group = ORM::factory("group", 2);
$this->assert_equal("Registered Users", $group->name);
$this->assert_equal(
- array("admin", "joe"),
+ array("admin"),
array_keys($group->users->select_list("name")));
}
}
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 452f51ca..95de362c 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -1,12 +1,12 @@
<? defined("SYSPATH") or die("No direct script access."); ?>
<ul id="gLoginMenu">
- <? if ($user): ?>
+ <? if ($user->guest): ?>
+ <li id="gLoginFormContainer"></li>
+ <li id="gLoginLink"><a href="<?= url::site("login") ?>">Login</a></li>
+ <? else: ?>
<li><a href="<?= url::site("user/{$user->id}?continue=" . url::current(true))?>">
<?= _("Modify Profile") ?></a></li>
<li><a href="<?= url::site("logout?continue=" . url::current(true)) ?>" id="gLogoutLink">
<?= _("Logout") ?></a></li>
- <? else: ?>
- <li id="gLoginFormContainer"></li>
- <li id="gLoginLink"><a href="<?= url::site("login") ?>">Login</a></li>
<? endif; ?>
</ul>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 12:56:32 +0000