diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-30 23:26:55 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-30 23:26:55 +0000 |
| commit | 6e6d3dd9696df68e7a0bd37e1926cdbc2b894991 (patch) | |
| tree | b8562fbb4e89d9879a0e9acd7c66e64658c90db2 /core/helpers | |
| parent | cace8390dd8e5080a0faa76a992c5c11d5effeab (diff) | |
Refactor _create_htaccess_files and _delete_htaccess_files into
_update_htaccess_files in preparation for supporting the view_full
permission.
Diffstat (limited to 'core/helpers')
| -rw-r--r-- | core/helpers/access.php | 59 |
1 files changed, 28 insertions, 31 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index 9883329e..abfc8046 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -147,16 +147,11 @@ class access_Core { if ($perm_name == "view") { self::_update_access_view_cache($group, $album); - if ($group->id == 1) { - if ($value === self::DENY) { - self::_create_htaccess_files($album); - } else { - self::_delete_htaccess_files($album); - } - } } else { self::_update_access_non_view_cache($group, $perm_name, $album); } + + self::_update_htaccess_files($album, $group, $perm_name, $value); } /** @@ -516,32 +511,34 @@ class access_Core { } /** - * Create .htaccess files to prevent direct access to the given album and its hierarchy. + * Maintain .htacccess files to prevent direct access to albums, resizes and thumbnails when we + * apply the view and view_full permissions to guest users. */ - private static function _create_htaccess_files($album) { - foreach (array($album->file_path(), - dirname($album->resize_path()), - dirname($album->thumb_path())) as $dir) { - $base_url = url::site("file_proxy"); - $fp = fopen("$dir/.htaccess", "w+"); - fwrite($fp, "<IfModule mod_rewrite.c>\n"); - fwrite($fp, " RewriteEngine On\n"); - fwrite($fp, " RewriteRule (.*) $base_url/\$1 [L]\n"); - fwrite($fp, "</IfModule>\n"); - fwrite($fp, "<IfModule !mod_rewrite.c>\n"); - fwrite($fp, " Order Deny,Allow\n"); - fwrite($fp, " Deny from All\n"); - fwrite($fp, "</IfModule>\n"); - fclose($fp); + private static function _update_htaccess_files($album, $group, $perm_name, $value) { + if ($group->id != 1 || !($perm_name == "view" || $perm_name == "view_full")) { + return; } - } - /** - * Delete the .htaccess files that are preventing access to the given album and its hierarchy. - */ - private static function _delete_htaccess_files($album) { - @unlink($album->file_path() . "/.htaccess"); - @unlink(dirname($album->resize_path()) . "/.htaccess"); - @unlink(dirname($album->thumb_path()) . "/.htaccess"); + if ($value == self::DENY) { + foreach (array($album->file_path(), + dirname($album->resize_path()), + dirname($album->thumb_path())) as $dir) { + $base_url = url::site("file_proxy"); + $fp = fopen("$dir/.htaccess", "w+"); + fwrite($fp, "<IfModule mod_rewrite.c>\n"); + fwrite($fp, " RewriteEngine On\n"); + fwrite($fp, " RewriteRule (.*) $base_url/\$1 [L]\n"); + fwrite($fp, "</IfModule>\n"); + fwrite($fp, "<IfModule !mod_rewrite.c>\n"); + fwrite($fp, " Order Deny,Allow\n"); + fwrite($fp, " Deny from All\n"); + fwrite($fp, "</IfModule>\n"); + fclose($fp); + } + } else { + @unlink($album->file_path() . "/.htaccess"); + @unlink(dirname($album->resize_path()) . "/.htaccess"); + @unlink(dirname($album->thumb_path()) . "/.htaccess"); + } } } |