diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-02-10 17:48:39 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-02-10 17:48:39 -0800 |
| commit | a893b0317d5489552c4c001901ff246e0ec5af1d (patch) | |
| tree | 2599d66bf3dfd205d7b6fbb56c19b634c267a335 | |
| parent | b42c736607591f8e2bed4aea474ad622b3f7445a (diff) | |
| parent | 8ef08d20883d9b9aa0b7560ce3bf6da8a6632149 (diff) | |
Merge branch 'master' into talmdal_dev
| -rw-r--r-- | modules/gallery/controllers/admin.php | 4 | ||||
| -rw-r--r-- | modules/gallery/controllers/albums.php | 15 | ||||
| -rw-r--r-- | modules/gallery/controllers/login.php | 3 | ||||
| -rw-r--r-- | modules/gallery/controllers/movies.php | 6 | ||||
| -rw-r--r-- | modules/gallery/controllers/photos.php | 6 | ||||
| -rw-r--r-- | modules/gallery/helpers/auth.php | 13 |
6 files changed, 30 insertions, 17 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 5467e88a..7706e9fc 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -56,10 +56,8 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { - $url_args = array("admin", $controller_name) + $args; - $continue_url = join("/", $url_args); // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", $continue_url); + Session::instance()->set("continue_url", url::current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index a378f3ee..e1985cfb 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -28,20 +28,13 @@ class Albums_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - $page_size = module::get_var("gallery", "page_size", 9); + if (!access::can("view", $album)) { - if ($album->id == 1) { - $view = new Theme_View("page.html", "other", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = new View("login_ajax.html"); - $view->content->form = auth::get_login_form("login/auth_html"); - print $view; - return; - } else { - access::forbidden(); - } + print auth::require_login(); + return; } + $page_size = module::get_var("gallery", "page_size", 9); $input = Input::instance(); $show = $input->get("show"); diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 5a08b693..093c15da 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -44,9 +44,10 @@ class Login_Controller extends Controller { public function auth_html() { access::verify_csrf(); + $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect(item::root()->abs_url()); + url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index b51282b3..8041066e 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -24,7 +24,11 @@ class Movies_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - access::required("view", $movie); + + if (!access::can("view", $movie)) { + print auth::require_login(); + return; + } $where = array(array("type", "!=", "album")); $position = $movie->parent()->get_position($movie, $where); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index b5da3884..778e9ae7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -24,7 +24,11 @@ class Photos_Controller extends Items_Controller { // sure that we're actually receiving an object Kohana::show_404(); } - access::required("view", $photo); + + if (!access::can("view", $photo)) { + print auth::require_login(); + return; + } $where = array(array("type", "!=", "album")); $position = $photo->parent()->get_position($photo, $where); diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index c3e9e6e9..f5454f85 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -130,4 +130,17 @@ class auth_Core { $session->set("admin_area_activity_timestamp", time()); return false; } + + /** + * Redirect to the login page. + */ + static function require_login() { + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = new View("login_ajax.html"); + $view->content->form = auth::get_login_form("login/auth_html"); + // Avoid anti-phishing protection by passing the url as session variable. + Session::instance()->set("continue_url", url::current(true)); + return $view; + } }
\ No newline at end of file |