diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-07-27 11:27:50 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-07-27 11:27:50 -0700 |
| commit | e68599f6d7dd2e18beaf48d9ba635ae93670101f (patch) | |
| tree | a1876c3005f5abc239d92ce18ea630f4dbf5bf6d | |
| parent | d18f31ab218c8d79d97b19079ac0078e6155bc39 (diff) | |
| parent | 4edf86f0ebfedbbdfda3daf71ed55a461edf9c6c (diff) | |
Merge branch 'master' of git@github.com:gallery/gallery3
| -rw-r--r-- | modules/gallery/helpers/access.php | 12 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 22 | ||||
| -rw-r--r-- | modules/gallery/tests/Access_Helper_Test.php | 42 |
3 files changed, 20 insertions, 56 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index fbe0b550..949aea84 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,16 +99,8 @@ class access_Core { return true; } - if ($item->owner_id == $user->id && - in_array($perm_name, array("view_full", "edit", "add"))) { - return true; - } - - if ($perm_name == "view") { - $resource = $item->owner_id == $user->id ? $item->parent() : $item; - } else { - $resource = model_cache::get("access_cache", $item->id, "item_id"); - } + $resource = $perm_name == "view" ? + $item : model_cache::get("access_cache", $item->id, "item_id"); foreach ($user->groups as $group) { if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index c1d11a96..038e11fb 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,17 +38,31 @@ class Item_Model extends ORM_MPTT { if (user::active()->admin) { $this->view_restrictions = array(); } else { - $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - $this->view_restrictions["view_$id"] = access::ALLOW; + // Separate the first restriction from the rest to make it easier for us to formulate + // our where clause below + if (empty($this->view_restrictions)) { + $this->view_restrictions[0] = "view_$id"; + } else { + $this->view_restrictions[1]["view_$id"] = access::ALLOW; + } } } } + switch (count($this->view_restrictions)) { + case 0: + break; - if (!empty($this->view_restrictions)) { + case 1: + $this->where($this->view_restrictions[0], access::ALLOW); + break; + + default: $this->open_paren(); - $this->orwhere($this->view_restrictions); + $this->where($this->view_restrictions[0], access::ALLOW); + $this->orwhere($this->view_restrictions[1]); $this->close_paren(); + break; } return $this; diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 737ed8a6..59cec453 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -101,48 +101,6 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); } - public function owner_can_view_album_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $item = album::create($root, rand(), "test album", $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_can_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album", $user->id); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_cant_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album"); - access::deny(group::everybody(), "view", $album); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view"); - } - public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); |