diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-07-27 11:13:20 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-07-27 11:13:20 -0700 |
| commit | 5fd82a2edea41209a6936f89c56bbd53083ed182 (patch) | |
| tree | 6ebfe37840278475956737c7d0cad2e7bc126458 | |
| parent | 1ec1f19f1a388ed8f49af13d0de77e714c286811 (diff) | |
Back out the fix for ticket #452
Revert "Changed access::user_can to force the owner of an item to have"
This reverts commit 0b97cfd6f098be08be5f3cf1dbca1cce580ae330.
| -rw-r--r-- | modules/gallery/helpers/access.php | 17 | ||||
| -rw-r--r-- | modules/gallery/tests/Access_Helper_Test.php | 42 |
2 files changed, 3 insertions, 56 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 79394d35..8c6f5d54 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,24 +95,13 @@ class access_Core { return false; } - if ($user->admin) { + if ($user->admin && $item->owner_id == $user->id) { return true; } - print "Before owner id check\n"; - if ($item->owner_id == $user->id && - in_array($perm_name, array("view_full", "edit", "add"))) { - return true; - } - - if ($perm_name == "view") { - $resource = $item->owner_id == $user->id ? $item->parent() : $item; - } else { - $resource = model_cache::get("access_cache", $item->id, "item_id"); - } - print Kohana::debug($resource->as_array()) . "\n"; + $resource = $perm_name == "view" ? + $item : model_cache::get("access_cache", $item->id, "item_id"); foreach ($user->groups as $group) { - print "$group->name\n"; if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 737ed8a6..59cec453 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -101,48 +101,6 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); } - public function owner_can_view_album_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $item = album::create($root, rand(), "test album", $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_can_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album", $user->id); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_cant_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album"); - access::deny(group::everybody(), "view", $album); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view"); - } - public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); |