Lots of deltas rolled up into a bigger change. Sorry for the mess.

1) Deleted in-place-editing.  We'll be replacing this with a real edit
   system that groups settings together and is more coherent.

2) Tweaked the way that dialog boxes work to get the ajax stuff working
   again.  It's imperfect and does not work properly for uploading images.
   This is going to get redone also, but this is a good resting point.

3) Created edit forms for albums and photos.  Moved _update and _create out
   of Items_Controller and into the individual subclasses.

4) Created access::required which is a shorthand for:
    if (!access::can(...)) {
      access::forbidden();
    }

5) Added validation rules to Items_Model

6) Converted login to use the regular modal dialog approach in the theme.

6 files changed, 70 insertions, 25 deletions

diff --git a/core/helpers/access.php b/core/helpers/access.php
index ab113375..c6ee1fcc 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -107,6 +107,19 @@ class access_Core {
   }
 
   /**
+   * If the active user does not have this permission, failed with an access::forbidden().
+   *
+   * @param  string     $perm_name
+   * @param  Item_Model $item
+   * @return boolean
+   */
+  public static function required($perm_name, $item) {
+    if (!access::can($perm_name, $item)) {
+      access::forbidden();
+    }
+  }
+
+  /**
    * Terminate immediately with an HTTP 503 Forbidden response.
    */
   public static function forbidden() {
diff --git a/core/helpers/album.php b/core/helpers/album.php
index 70b05006..82697254 100644
--- a/core/helpers/album.php
+++ b/core/helpers/album.php
@@ -65,13 +65,28 @@ class album_Core {
 
   static function get_add_form($parent) {
     $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gAddAlbumForm"));
-    $group = $form->group(sprintf(_("Add Album to %s"), $parent->title));
-    $group->input("name")->label(true);
-    $group->input("title")->label(true);
-    $group->input("description")->label(true);
+    $group = $form->group("add_album")->label(sprintf(_("Add Album to %s"), $parent->title));
+    $group->input("name")->label(_("Name"));
+    $group->input("title")->label(_("Title"));
+    $group->textarea("description")->label(_("Description"));
     $group->hidden("type")->value("album");
     $group->submit(_("Create"));
     $form->add_rules_from(ORM::factory("item"));
     return $form;
   }
+
+  static function get_edit_form($parent) {
+    $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm"));
+    $form->hidden("_method")->value("put");
+    $group = $form->group("edit_album")->label(_("Edit Album"));
+    if ($parent->id != 1) {
+      $group->input("name")->label(_("Name"))->value($parent->name);
+    }
+    $group->input("title")->label(_("Title"))->value($parent->title);
+    $group->textarea("description")->label(_("Description"))->value($parent->description);
+    $group->hidden("type")->value("album");
+    $group->submit(_("Modify"));
+    $form->add_rules_from(ORM::factory("item"));
+    return $form;
+  }
 }
diff --git a/core/helpers/core_block.php b/core/helpers/core_block.php
index ec1ee066..b7e4ad44 100644
--- a/core/helpers/core_block.php
+++ b/core/helpers/core_block.php
@@ -24,10 +24,6 @@ class core_block_Core {
       $profiler = new Profiler();
       $profiler->render();
     }
-
-    if ($theme->item() && access::can("edit", $theme->item())) {
-      return new View("in_place_edit.html");
-    }
   }
 
   public static function admin_page_bottom($theme) {
diff --git a/core/helpers/core_menu.php b/core/helpers/core_menu.php
index 63a742ee..685ccf64 100644
--- a/core/helpers/core_menu.php
+++ b/core/helpers/core_menu.php
@@ -32,24 +32,31 @@ class core_menu_Core {
     $item = $theme->item();
 
     if (!user::active()->guest) {
-      $admin_menu = Menu::factory("submenu")
-        ->id("admin_menu")
-        ->label(_("Admin"));
-      $menu->append($admin_menu);
+      $menu->append($admin_menu = Menu::factory("submenu")
+                    ->id("admin_menu")
+                    ->label(_("Admin")));
     }
 
     if ($item && access::can("edit", $item)) {
-      $menu->append(Menu::factory("submenu")
-                    ->id("options_menu")
-                    ->label(_("Options"))
-                    ->append(Menu::factory("dialog")
-                             ->id("add_item")
-                             ->label(_("Add an item"))
-                             ->url(url::site("form/add/photos/$item->id")))
-                    ->append(Menu::factory("dialog")
-                             ->id("add_album")
-                             ->label(_("Add album"))
-                             ->url(url::site("form/add/albums/$item->id"))));
+      $menu->append($options_menu = Menu::factory("submenu")
+        ->id("options_menu")
+        ->label(_("Options"))
+        ->append(Menu::factory("dialog")
+                 ->id("edit_item")
+                 ->label($item->type == "album" ? _("Edit album") : _("Edit photo"))
+                 ->url(url::site("form/edit/{$item->type}s/$item->id"))));
+
+      if ($item->type == "album") {
+        $options_menu
+          ->append(Menu::factory("dialog")
+                   ->id("add_item")
+                   ->label(_("Add a photo"))
+                   ->url(url::site("form/add/albums/$item->id?type=photo")))
+          ->append(Menu::factory("dialog")
+                   ->id("add_album")
+                   ->label(_("Add an album"))
+                   ->url(url::site("form/add/albums/$item->id?type=album")));
+      }
 
       $admin_menu->append(Menu::factory("dialog")
                           ->id("edit")
diff --git a/core/helpers/photo.php b/core/helpers/photo.php
index e5ed2b22..29f2ac6f 100644
--- a/core/helpers/photo.php
+++ b/core/helpers/photo.php
@@ -99,14 +99,26 @@ class photo_Core {
     $group = $form->group("add_photo")->label(sprintf(_("Add Photo to %s"), $parent->title));
     $group->input("name")->label(_("Name"));
     $group->input("title")->label(_("Title"));
-    $group->textarea("description")->label(_("Description"))->rules("length[0, 255");
-    $group->upload("file")->label(_("File"))->rules("allow[jpg,png,gif,tiff]");
+    $group->textarea("description")->label(_("Description"));
+    $group->upload("file")->label(_("File"))->rules("required|allow[jpg,png,gif]");
     $group->hidden("type")->value("photo");
     $group->submit(_("Upload"));
     $form->add_rules_from(ORM::factory("item"));
     return $form;
   }
 
+  static function get_edit_form($photo) {
+    $form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm"));
+    $form->hidden("_method")->value("put");
+    $group = $form->group("edit_photo")->label(_("Edit Photo"));
+    $group->input("name")->label(_("Name"))->value($photo->name);
+    $group->input("title")->label(_("Title"))->value($photo->title);
+    $group->textarea("description")->label(_("Description"))->value($photo->description);
+    $group->submit(_("Modify"));
+    $form->add_rules_from(ORM::factory("item"));
+    return $form;
+  }
+
   /**
    * Return scaled width and height.
    *
diff --git a/core/helpers/rest.php b/core/helpers/rest.php
index a0d6e732..061c2f6b 100644
--- a/core/helpers/rest.php
+++ b/core/helpers/rest.php
@@ -23,8 +23,10 @@ class rest_Core {
   const CREATED = "201 Created";
   const ACCEPTED = "202 Accepted";
   const NO_CONTENT = "204 No Content";
+  const RESET_CONTENT = "205 Reset Content";
   const PARTIAL_CONTENT = "206 Partial Content";
   const MOVED_PERMANENTLY = "301 Moved Permanently";
+  const FOUND = "302 Found";
   const SEE_OTHER = "303 See Other";
   const NOT_MODIFIED = "304 Not Modified";
   const TEMPORARY_REDIRECT = "307 Temporary Redirect";