diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-08-17 19:52:40 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-08-17 19:52:40 -0700 |
| commit | 82edd2a37bde6f42f5ff69c1363c5dbeb3cec599 (patch) | |
| tree | 3a37d7bdd673a516aef21a104f1aff7e4baad3cf | |
| parent | 848c5439b3c17da58c2cfd94ccc62193a3fe7bd2 (diff) | |
This patch adds some security to the organize dialog.
1) If images are dragged from the content pane and dropped on a branch in the
tree that the user only has view priviledges, then the drop is cancelled
and the images are reverted.
2) The user cannot click on a branch, to which they only have view priviledges,
the content pane does not change to the new album
| -rw-r--r-- | modules/organize/controllers/organize.php | 1 | ||||
| -rw-r--r-- | modules/organize/js/organize.js | 22 | ||||
| -rw-r--r-- | modules/organize/views/organize_tree.html.php | 2 |
3 files changed, 15 insertions, 10 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 7d6b651e..76a22b73 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -118,6 +118,7 @@ class Organize_Controller extends Controller { $v->album = $item; $keys = array_keys($parents); $v->selected = end($keys) == $item->id; + $v->can_edit= access::can("edit", $item); $v->children = array(); $v->album_icon = "gBranchEmpty"; diff --git a/modules/organize/js/organize.js b/modules/organize/js/organize.js index 7a70ea5e..0f8f7fa1 100644 --- a/modules/organize/js/organize.js +++ b/modules/organize/js/organize.js @@ -43,11 +43,6 @@ } else if (ui.offset.top < top + 20) { $("#gMicroThumbPanel").get(0).scrollTop = Math.max(0, $("#gMicroThumbPanel").get(0).scrollTop - 100); } - }, - // @todo delete this method when drop is implemented - stop: function(event, ui) { - $(".ui-state-selected").show(); - $(".gMicroThumbGridCell").css("borderStyle", "none"); } }, @@ -69,10 +64,15 @@ tolerance: "pointer", greedy: true, drop: function(event, ui) { - $.organize.do_drop({ - url: move_url.replace("__TARGET_ID__", $(event.target).attr("ref")), - source: $(ui.helper).children("img") - }); + if ($(event.target).hasClass("gViewOnly")) { + $(".ui-state-selected").show(); + $(".gMicroThumbGridCell").css("borderStyle", "none"); + } else { + $.organize.do_drop({ + url: move_url.replace("__TARGET_ID__", $(event.target).attr("ref")), + source: $(ui.helper).children("img") + }); + } } }, @@ -200,6 +200,10 @@ if ($(event.currentTarget).hasClass("gBranchSelected")) { return; } + var parent = $(event.currentTarget).parents(".gOrganizeBranch"); + if ($(parent).hasClass("gViewOnly")) { + return; + } $("#gMicroThumbPanel").selectable("destroy"); var id = $(event.currentTarget).attr("ref"); $(".gBranchSelected").removeClass("gBranchSelected"); diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php index d2ef287a..823301fc 100644 --- a/modules/organize/views/organize_tree.html.php +++ b/modules/organize/views/organize_tree.html.php @@ -1,5 +1,5 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> -<li class="gOrganizeBranch ui-icon-left" ref="<?= $album->id ?>"> +<li class="gOrganizeBranch ui-icon-left <?= $can_edit ? "" : "gViewOnly" ?>" ref="<?= $album->id ?>"> <div id="gOrganizeBranch-<?= $album->id ?>" ref="<?= $album->id ?>" class="<?= $selected ? "gBranchSelected" : "" ?>"> <span id="gOrganizeIcon-<?= $album->id ?>" ref="<?= $album->id ?>" |