Merge branch 'master' of github.com:gallery/gallery3

12 files changed, 210 insertions, 92 deletions

diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index f13c63b1..31368a5b 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -357,45 +357,48 @@ class g2_import_Core {
     }
 
     if ($g2_album->getParentId() == null) {
-      return t("Skipping Gallery 2 root album");
-    }
-    $parent_album = ORM::factory("item", self::map($g2_album->getParentId()));
-
-    $album = ORM::factory("item");
-    $album->type = "album";
-    $album->parent_id = self::map($g2_album->getParentId());
-    $album->name = $g2_album->getPathComponent();
-    $album->title = self::_decode_html_special_chars($g2_album->getTitle());
-    $album->description = self::_decode_html_special_chars(self::extract_description($g2_album));
-    $album->owner_id = self::map($g2_album->getOwnerId());
-    $album->view_count = g2(GalleryCoreApi::fetchItemViewCount($g2_album_id));
-    $album->created = $g2_album->getCreationTimestamp();
-
-    $order_map = array(
-      "originationTimestamp" => "captured",
-      "creationTimestamp" => "created",
-      "description" => "description",
-      "modificationTimestamp" => "updated",
-      "orderWeight" => "weight",
-      "pathComponent" => "name",
-      "summary" => "description",
-      "title" => "title",
-      "viewCount" => "view_count");
-    $direction_map = array(
-      ORDER_ASCENDING => "asc",
-      ORDER_DESCENDING => "desc");
-    if (array_key_exists($g2_order = $g2_album->getOrderBy(), $order_map)) {
-      $album->sort_column = $order_map[$g2_order];
-      $album->sort_order = $direction_map[$g2_album->getOrderDirection()];
-    }
-    $album->save();
-
-    self::import_keywords_as_tags($g2_album->getKeywords(), $album);
+      $album = item::root();
+    } else {
+      $parent_album = ORM::factory("item", self::map($g2_album->getParentId()));
+
+      $album = ORM::factory("item");
+      $album->type = "album";
+      $album->parent_id = self::map($g2_album->getParentId());
+      $album->name = $g2_album->getPathComponent();
+      $album->title = self::_decode_html_special_chars($g2_album->getTitle());
+      $album->description = self::_decode_html_special_chars(self::extract_description($g2_album));
+      $album->owner_id = self::map($g2_album->getOwnerId());
+      $album->view_count = g2(GalleryCoreApi::fetchItemViewCount($g2_album_id));
+      $album->created = $g2_album->getCreationTimestamp();
+
+      $order_map = array(
+        "originationTimestamp" => "captured",
+        "creationTimestamp" => "created",
+        "description" => "description",
+        "modificationTimestamp" => "updated",
+        "orderWeight" => "weight",
+        "pathComponent" => "name",
+        "summary" => "description",
+        "title" => "title",
+        "viewCount" => "view_count");
+      $direction_map = array(
+        ORDER_ASCENDING => "asc",
+        ORDER_DESCENDING => "desc");
+      if (array_key_exists($g2_order = $g2_album->getOrderBy(), $order_map)) {
+        $album->sort_column = $order_map[$g2_order];
+        $album->sort_order = $direction_map[$g2_album->getOrderDirection()];
+      }
+      $album->save();
+
+      self::import_keywords_as_tags($g2_album->getKeywords(), $album);
+    }
 
     self::set_map(
       $g2_album_id, $album->id,
       "album",
       self::g2_url(array("view" => "core.ShowItem", "itemId" => $g2_album->getId())));
+
+    self::_import_permissions($g2_album, $album);
   }
 
   /**
@@ -590,6 +593,125 @@ class g2_import_Core {
                        array("&", "\"", "<", ">"), $value);
   }
 
+  private static $_permission_map = array(
+    "core.view" => "view",
+    "core.viewSource" => "view_full",
+    "core.edit" => "edit",
+    "core.addDataItem" => "add",
+    "core.addAlbumItem" => "add");
+
+  /**
+   * Imports G2 permissions, mapping G2's permission model to G3's
+   * much simplified permissions.
+   *
+   *  - Ignores user permissions, G3 only supports group permissions.
+   *  - Ignores item permissions, G3 only supports album permissions.
+   *
+   *  G2 permission   ->  G3 permission
+   *  ---------------------------------
+   *  core.view           view
+   *  core.viewSource     view_full
+   *  core.edit           edit
+   *  core.addDataItem    add
+   *  core.addAlbumItem   add
+   *  core.viewResizes    <ignored>
+   *  core.delete         <ignored>
+   *  comment.*           <ignored>
+   */
+  private static function _import_permissions($g2_album, $g3_album) {
+    // No need to do anything if this album has the same G2 ACL as its parent.
+    if ($g2_album->getParentId() != null &&
+        g2(GalleryCoreApi::fetchAccessListId($g2_album->getId())) ==
+        g2(GalleryCoreApi::fetchAccessListId($g2_album->getParentId()))) {
+      return;
+    }
+
+    $granted_permissions = self::_map_permissions($g2_album->getId());
+
+    if ($g2_album->getParentId() == null) {
+      // Compare to current permissions, and change them if necessary.
+      $g3_parent_album = item::root();
+    } else {
+      $g3_parent_album = $g3_album->parent();
+    }
+    $granted_parent_permissions = array();
+    $perm_ids = array_unique(array_values(self::$_permission_map));
+    foreach (identity::groups() as $group) {
+      $granted_parent_permissions[$group->id] = array();
+      foreach ($perm_ids as $perm_id) {
+        if (access::group_can($group, $perm_id, $g3_parent_album)) {
+          $granted_parent_permissions[$group->id][$perm_id] = 1;
+        }
+      }
+    }
+
+    // Note: Only registering permissions if they're not the same as
+    //       the inherited ones.
+    foreach ($granted_permissions as $group_id => $permissions) {
+      if (!isset($granted_parent_permissions[$group_id])) {
+        foreach (array_keys($permissions) as $perm_id) {
+          access::allow(identity::lookup_group($group_id), $perm_id, $g3_album);
+        }
+      } else if ($permissions != $granted_parent_permissions[$group_id]) {
+        $parent_permissions = $granted_parent_permissions[$group_id];
+        // @todo Probably worth caching the group instances.
+        $group = identity::lookup_group($group_id);
+        // Note: Cannot use array_diff_key.
+        foreach (array_keys($permissions) as $perm_id) {
+          if (!isset($parent_permissions[$perm_id])) {
+            access::allow($group, $perm_id, $g3_album);
+          }
+        }
+        foreach (array_keys($parent_permissions) as $perm_id) {
+          if (!isset($permissions[$perm_id])) {
+            access::deny($group, $perm_id, $g3_album);
+          }
+        }
+      }
+    }
+
+    foreach ($granted_parent_permissions as $group_id => $parent_permissions) {
+      if (isset($granted_permissions[$group_id])) {
+        continue;  // handled above
+      }
+      $group = identity::lookup_group($group_id);
+      foreach (array_keys($parent_permissions) as $perm_id) {
+        access::deny($group, $perm_id, $g3_album);
+      }
+    }
+  }
+
+  /**
+   * Loads all the granted group G2 permissions for a specific
+   * album and returns an array with G3 groups ids and G3 permission ids.
+   */
+  private static function _map_permissions($g2_album_id) {
+    $g2_permissions = g2(GalleryCoreApi::fetchAllPermissionsForItem($g2_album_id));
+    $permissions = array();
+    foreach ($g2_permissions as $entry) {
+      // @todo Do something about user permissions? E.g. map G2's user albums
+      //       to a user-specific group in G3?
+      if (!isset($entry["groupId"])) {
+        continue;
+      }
+      $g2_permission_id = $entry["permission"];
+      if (!isset(self::$_permission_map[$g2_permission_id])) {
+        continue;
+      }
+      $group_id = self::map($entry["groupId"]);
+      if ($group_id == null) {
+        // E.g. the G2 admin group isn't mapped.
+        continue;
+      }
+      $permission_id = self::$_permission_map[$g2_permission_id];
+      if (!isset($permissions[$group_id])) {
+        $permissions[$group_id] = array();
+      }
+      $permissions[$group_id][$permission_id] = 1;
+    }
+    return $permissions;
+  }
+
   /**
    * Import a single comment.
    */
diff --git a/modules/g2_import/helpers/g2_import_task.php b/modules/g2_import/helpers/g2_import_task.php
index 1ec6870e..b1179e22 100644
--- a/modules/g2_import/helpers/g2_import_task.php
+++ b/modules/g2_import/helpers/g2_import_task.php
@@ -73,13 +73,8 @@ class g2_import_task_Core {
       }
       $task->set("done", $done);
 
-      $root_g2_id = g2(GalleryCoreApi::getDefaultAlbumId());
-      $root = ORM::factory("g2_map")->where("g2_id", "=", $root_g2_id)->find();
-      if (!$root->loaded()) {
-        $root->g2_id = $root_g2_id;
-        $root->g3_id = 1;
-        $root->save();
-      }
+      // Ensure G2 ACLs are compacted to speed up import.
+      g2(GalleryCoreApi::compactAccessLists());
     }
 
     $modes = array("groups", "users", "albums", "items", "comments", "tags", "highlights", "done");
@@ -128,7 +123,9 @@ class g2_import_task_Core {
 
       case "albums":
         if (empty($queue)) {
-          $task->set("queue", $queue = g2(GalleryCoreApi::fetchAlbumTree()));
+          $g2_root_id = g2(GalleryCoreApi::getDefaultAlbumId());
+          $tree = g2(GalleryCoreApi::fetchAlbumTree());
+          $task->set("queue", $queue = array($g2_root_id => $tree));
         }
         $log_message = g2_import::import_album($queue);
         if ($log_message) {
diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php
index 41ef7f85..3b7afec2 100644
--- a/modules/g2_import/views/admin_g2_import.html.php
+++ b/modules/g2_import/views/admin_g2_import.html.php
@@ -13,7 +13,7 @@
       </p>
       <ul>
         <li>
-          <?= t("Permissions are <b>not imported</b>.  You will have to set them again manually (for now).") ?>
+          <?= t("Please <b>review album permissions</b> after the import! Permissions are imported, but user specific and item specific permissions are not supported in Gallery 3 and thus ignored.") ?>
         </li>
         <li>
           <?= t("The only supported file formats are JPG, PNG and GIF, FLV and MP4.  Other formats will be skipped.") ?>
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index b5f3db39..5467e88a 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -30,7 +30,7 @@ class Admin_Controller extends Controller {
 
   public function __call($controller_name, $args) {
     if (auth::must_reauth_for_admin_area()) {
-      return url::redirect("reauthenticate");
+      return self::_prompt_for_reauth($controller_name, $args);
     }
 
     if (request::method() == "post") {
@@ -53,5 +53,15 @@ class Admin_Controller extends Controller {
 
     call_user_func_array(array(new $controller_name, $method), $args);
   }
+
+  private static function _prompt_for_reauth($controller_name, $args) {
+    if (request::method() == "get" && !request::is_ajax()) {
+      $url_args = array("admin", $controller_name) + $args;
+      $continue_url = join("/", $url_args);
+      // Avoid anti-phishing protection by passing the url as session variable.
+      Session::instance()->set("continue_url", $continue_url);
+    }
+    url::redirect("reauthenticate");
+  }
 }
 
diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php
index 8e4845a9..d90fe0ea 100644
--- a/modules/gallery/controllers/admin_maintenance.php
+++ b/modules/gallery/controllers/admin_maintenance.php
@@ -46,15 +46,6 @@ class Admin_Maintenance_Controller extends Admin_Controller {
       ->where("done", "=", 0)->order_by("updated", "DESC")->find_all();
     $view->content->finished_tasks = ORM::factory("task")
       ->where("done", "=", 1)->order_by("updated", "DESC")->find_all();
-    $task_buttons =
-      new ArrayObject(array((object)array("text" => t("run"),
-                                          "url" =>url::site("admin/maintenance/start"))));
-    module::event("admin_maintenance_task_buttons", $task_buttons);
-    $view->content->task_buttons = $task_buttons;
-
-    $maintenance_content = new ArrayObject();
-    module::event("admin_maintenance_content", $maintenance_content);
-    $view->content->task_maintenance_content = $maintenance_content;
     print $view;
   }
 
diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php
index 4b88a9cc..dbd1cd21 100644
--- a/modules/gallery/controllers/reauthenticate.php
+++ b/modules/gallery/controllers/reauthenticate.php
@@ -37,7 +37,8 @@ class Reauthenticate_Controller extends Controller {
     if ($valid) {
       message::success(t("Successfully re-authenticated!"));
       module::event("user_auth", $user);
-      url::redirect("admin");
+      $continue_url = Session::instance()->get_once("continue_url", "admin");
+      url::redirect($continue_url);
     } else {
       $name = $user->name;
       log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
diff --git a/modules/gallery/helpers/gallery_block.php b/modules/gallery/helpers/gallery_block.php
index be0f11b8..46742743 100644
--- a/modules/gallery/helpers/gallery_block.php
+++ b/modules/gallery/helpers/gallery_block.php
@@ -70,7 +70,7 @@ class gallery_block_Core {
       $block->css_id = "g-platform";
       $block->title = t("Platform information");
       $block->content = new View("admin_block_platform.html");
-      if (is_readable("/proc/loadavg")) {
+      if (@is_readable("/proc/loadavg")) {
         $block->content->load_average =
           join(" ", array_slice(explode(" ", current(file("/proc/loadavg"))), 0, 3));
       } else {
diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index 4af750a3..883d2f9a 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -64,7 +64,7 @@ class locales_Core {
   // @todo Might want to add a localizable language name as well.
   private static function _init_language_data() {
     $l["af_ZA"] = "Afrikaans";                // Afrikaans
-    $l["ar_SA"] = "العربي";                   // Arabic
+    $l["ar_SA"] = "العربية";                   // Arabic
     $l["be_BY"] = "Беларускі";           // Belarusian
     $l["bg_BG"] = "български";           // Bulgarian
     $l["ca_ES"] = "Catalan";                  // Catalan
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 19375670..ac597715 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -29,22 +29,16 @@
             <?= $task->description ?>
           </td>
           <td>
-            <? foreach ($task_buttons as $button): ?>
-            <a href="<?= "{$button->url}/$task->callback?csrf=$csrf" ?>"
+            <a href="<?= url::site("admin/maintenance/start/$task->callback?csrf=$csrf") ?>"
               class="g-dialog-link g-button ui-icon-left ui-state-default ui-corner-all">
-              <?= html::clean($button->text) ?>
+              <?= t("run") ?>
             </a>
-            <? endforeach ?>
           </td>
         </tr>
         <? endforeach ?>
       </table>
     </div>
 
-    <? foreach ($task_maintenance_content as $content): ?>
-    <?= html::purify($content) ?>
-    <? endforeach ?>
-
     <? if ($running_tasks->count()): ?>
     <div id="g-running-tasks">
       <h2> <?= t("Running tasks") ?> </h2>
diff --git a/modules/image_block/helpers/image_block_block.php b/modules/image_block/helpers/image_block_block.php
index 185df850..82c92f19 100644
--- a/modules/image_block/helpers/image_block_block.php
+++ b/modules/image_block/helpers/image_block_block.php
@@ -26,7 +26,13 @@ class image_block_block_Core {
     $block = "";
     switch ($block_id) {
     case "random_image":
-      $item = item::random_query(array(array("type", "!=", "album")))->find_all(1)->current();
+      // The random_query approach is flawed and doesn't always return a
+      // result when there actually is one. Retry a *few* times.
+      // @todo Consider another fallback if further optimizations are necessary.
+      $attempts = 0;
+      do {
+        $item = item::random_query(array(array("type", "!=", "album")))->find_all(1)->current();
+      } while (!$item && $attempts++ < 3);
       if ($item && $item->loaded()) {
         $block = new Block();
         $block->css_id = "g-image-block";
diff --git a/modules/organize/js/organize.js b/modules/organize/js/organize.js
index 942e49e5..5b90f402 100644
--- a/modules/organize/js/organize.js
+++ b/modules/organize/js/organize.js
@@ -7,31 +7,28 @@
       appendTo: "#g-organize-content-pane",
       helper: function(event, ui) {
         var selected = $(".ui-draggable.ui-selected img");
-        if (selected.length) {
-          var set = $('<div class="g-drag-helper"></div>')
-		      .css({
-                        zIndex: 2000,
-                        width: 80,
-                        height: Math.ceil(selected.length / 5) * 16
-		      });
+        var set = $('<div class="g-drag-helper"></div>')
+          .css({
+            zIndex: 2000,
+            width: 80,
+            height: Math.ceil(selected.length / 5) * 16
+	  });
 
-          selected.each(function(i) {
-            var row = parseInt(i / 5);
-            var j = i - (row * 5);
-            var o = $(this).offset();
-            var copy = $(this).clone()
-              .css({
-                width: $(this).width(), height: $(this).height(), display: "block",
-                margin: 0, position: 'absolute', outline: '5px solid #fff',
-                left: o.left - event.pageX, top: o.top - event.pageY
-              })
-              .appendTo(set)
-              .animate({ width: 10, height: 10, outlineWidth: 1, margin: 1,
-                left: (20 * j), top: (row * 20) }, 500);
-          });
-          return set;
-        }
-        return null;
+        selected.each(function(i) {
+          var row = parseInt(i / 5);
+          var j = i - (row * 5);
+          var o = $(this).offset();
+          var copy = $(this).clone()
+            .css({
+              width: $(this).width(), height: $(this).height(), display: "block",
+              margin: 0, position: 'absolute', outline: '5px solid #fff',
+              left: o.left - event.pageX, top: o.top - event.pageY
+            })
+            .appendTo(set)
+            .animate({ width: 10, height: 10, outlineWidth: 1, margin: 1,
+              left: (20 * j), top: (row * 20) }, 500);
+        });
+        return set;
       },
 
       start: function(event, ui) {
diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php
index 3912c1f6..33d7b4c9 100644
--- a/modules/organize/views/organize_tree.html.php
+++ b/modules/organize/views/organize_tree.html.php
@@ -1,5 +1,5 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<li class="g-organize-album ui-icon-left g-left <?= access::can("edit", $album) ? "" : "g-view-only" ?>"
+<li class="g-organize-album ui-icon-left <?= access::can("edit", $album) ? "" : "g-view-only" ?>"
     ref="<?= $album->id ?>">
   <span class="ui-icon ui-icon-minus g-left">
   </span>
@@ -7,12 +7,12 @@
         ref="<?= $album->id ?>">
     <?= html::clean($album->title) ?>
   </span>
-  <ul>
+  <ul class="g-left">
     <? foreach ($album->children(null, null, array(array("type", "=", "album"))) as $child): ?>
     <? if ($selected && $child->contains($selected)): ?>
     <?= View::factory("organize_tree.html", array("selected" => $selected, "album" => $child)); ?>
     <? else: ?>
-    <li class="g-organize-album ui-icon-left g-left <?= access::can("edit", $child) ? "" : "g-view-only" ?>"
+    <li class="g-organize-album ui-icon-left <?= access::can("edit", $child) ? "" : "g-view-only" ?>"
         ref="<?= $child->id ?>">
       <span class="ui-icon ui-icon-plus g-left"></span>
       <span class="g-organize-album-text g-left <?= $selected && $child->id == $selected->id ? "ui-state-focus" : "" ?>" ref="<?= $child->id ?>">