diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-17 22:39:33 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-17 22:39:33 +0000 |
| commit | b37047ff557c88becd662bd6622bf27f7a9a78f2 (patch) | |
| tree | bf1fb40207030d4f92afa3b510c9504e4769bf52 | |
| parent | fe396410894f9fcf430e31216312f70db800d96e (diff) | |
Add Item_Model::viewable() which we can use to restrict any query to
just items viewable by the active user. Ie:
ORM::factory("item")
->where("name", "foo")
->find_all()
Would get all items with the name "foo".
ORM::factory("item")
->viewable()
->where("name", "foo")
->find_all()
Restricts it to just the set of items that the user is allowed to see.
| -rw-r--r-- | core/controllers/albums.php | 25 | ||||
| -rw-r--r-- | core/models/item.php | 16 | ||||
| -rw-r--r-- | modules/tag/controllers/tags.php | 15 | ||||
| -rw-r--r-- | modules/tag/models/tag.php | 18 |
4 files changed, 54 insertions, 20 deletions
diff --git a/core/controllers/albums.php b/core/controllers/albums.php index 7806b8d8..d2453447 100644 --- a/core/controllers/albums.php +++ b/core/controllers/albums.php @@ -24,27 +24,26 @@ class Albums_Controller extends Items_Controller { */ public function _show($item) { if (!access::can("view", $item)) { - return Kohana::show_404(); + Kohana::show_404(); } $theme_name = module::get_var("core", "active_theme", "default"); $page_size = module::get_var("core", "page_size", 9); - - $template = new Theme_View("page.html", "album", $theme_name); - $page = $this->input->get("page", "1"); - - $template->set_global('page_size', $page_size); - $template->set_global('item', $item); + $children_count = $item->viewable()->children_count(); + $offset = ($page-1) * $page_size; // Make sure that the page references a valid offset - $children_count = $item->children_count(); - while (($offset = ($page - 1) * $page_size) > $children_count && $page != 1) { - $page--; + if ($page < 1 || $page > ceil($children_count / $page_size)) { + Kohana::show_404(); } - $template->set_global('children', $item->children($page_size, $offset)); - $template->set_global('children_count', $children_count); - $template->set_global('parents', $item->parents()); + + $template = new Theme_View("page.html", "album", $theme_name); + $template->set_global("page_size", $page_size); + $template->set_global("item", $item); + $template->set_global("children", $item->viewable()->children($page_size, $offset)); + $template->set_global("children_count", $children_count); + $template->set_global("parents", $item->parents()); $template->content = new View("album.html"); print $template; diff --git a/core/models/item.php b/core/models/item.php index 64af79ce..e5eb4039 100644 --- a/core/models/item.php +++ b/core/models/item.php @@ -20,10 +20,26 @@ class Item_Model extends ORM_MPTT { protected $children = 'items'; private $relative_path = null; + private $view_restrictions = array(); var $rules = array(); /** + * Add a set of restrictions to any following queries to restrict access only to items + * viewable by the active user. + * @chainable + */ + public function viewable() { + if (empty($this->view_restrictions)) { + foreach (user::group_ids() as $id) { + $this->view_restrictions["view_$id"] = access::ALLOW; + } + } + $this->where($this->view_restrictions); + return $this; + } + + /** * Is this item an album? * @return true if it's an album */ diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index ee39bfec..94890639 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -23,15 +23,20 @@ class Tags_Controller extends REST_Controller { public function _show($tag) { $theme_name = module::get_var("core", "active_theme", "default"); $page_size = module::get_var("core", "page_size", 9); - - $template = new Theme_View("page.html", "tag", $theme_name); - $page = $this->input->get("page", "1"); + $children_count = $tag->items_count(); + $offset = ($page-1) * $page_size; + // Make sure that the page references a valid offset + if ($page < 1 || $page > ceil($children_count / $page_size)) { + Kohana::show_404(); + } + + $template = new Theme_View("page.html", "tag", $theme_name); $template->set_global('page_size', $page_size); $template->set_global('tag', $tag); - $template->set_global('children', $tag->items($page_size, ($page-1) * $page_size)); - $template->set_global('children_count', $tag->count); + $template->set_global('children', $tag->items($page_size, $offset)); + $template->set_global('children_count', $children_count); $template->content = new View("tag.html"); print $template; diff --git a/modules/tag/models/tag.php b/modules/tag/models/tag.php index de892db2..37fd92fb 100644 --- a/modules/tag/models/tag.php +++ b/modules/tag/models/tag.php @@ -24,14 +24,15 @@ class Tag_Model extends ORM { "name" => "required|length[4,32]"); /** - * Return all items associated with this tag. - * @param string $type the type of item (album, photo) + * Return all viewable items associated with this tag. * @param integer $limit number of rows to limit result to * @param integer $offset offset in result to start returning rows from + * @param string $type the type of item (album, photo) * @return ORM_Iterator */ public function items($limit=null, $offset=0, $type=null) { $model = ORM::factory("item") + ->viewable() ->join("items_tags", "items.id", "items_tags.item_id") ->where("items_tags.tag_id", $this->id); if ($type) { @@ -39,4 +40,17 @@ class Tag_Model extends ORM { } return $model->find_all($limit, $offset); } + + /** + * Return the count of all viewable items associated with this tag. + * @param string $type the type of item (album, photo) + * @return integer + */ + public function items_count($type=null) { + return ORM::factory("item") + ->viewable() + ->join("items_tags", "items.id", "items_tags.item_id") + ->where("items_tags.tag_id", $this->id) + ->count_all(); + } }
\ No newline at end of file |