diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:18:24 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2008-12-31 00:18:24 +0000 |
| commit | ad719b9b6f3391da1ba7e481890317cdc409c616 (patch) | |
| tree | d809173b1dbdd3cf4e05a9bc5984d3aa4c0398f3 /core/helpers | |
| parent | cbbbc23c2f5f1f4b5325f1a25251e419b512733f (diff) | |
Fully implement the view_full permission.
Diffstat (limited to 'core/helpers')
| -rw-r--r-- | core/helpers/access.php | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php index a30ce79d..9154fa75 100644 --- a/core/helpers/access.php +++ b/core/helpers/access.php @@ -114,8 +114,8 @@ class access_Core { * @return boolean */ public static function required($perm_name, $item) { - if (!access::can($perm_name, $item)) { - access::forbidden(); + if (!self::can($perm_name, $item)) { + self::forbidden(); } } @@ -147,11 +147,11 @@ class access_Core { if ($perm_name == "view") { self::_update_access_view_cache($group, $album); - self::_update_htaccess_files($album, $group, $perm_name, $value); } else { self::_update_access_non_view_cache($group, $perm_name, $album); } + self::_update_htaccess_files($album, $group, $perm_name, $value); } /** @@ -302,7 +302,7 @@ class access_Core { public static function verify_csrf() { $input = Input::instance(); if ($input->post("csrf", $input->get("csrf", null)) !== Session::instance()->get("csrf")) { - access::forbidden(); + self::forbidden(); } } @@ -519,11 +519,15 @@ class access_Core { return; } - if ($value === self::DENY) { - foreach (array($album->file_path(), - dirname($album->resize_path()), - dirname($album->thumb_path())) as $dir) { - $base_url = url::site("file_proxy"); + $dirs = array($album->file_path()); + if ($perm_name == "view") { + $dirs[] = dirname($album->resize_path()); + $dirs[] = dirname($album->thumb_path()); + } + + $base_url = url::site("file_proxy"); + foreach ($dirs as $dir) { + if ($value === self::DENY) { $fp = fopen("$dir/.htaccess", "w+"); fwrite($fp, "<IfModule mod_rewrite.c>\n"); fwrite($fp, " RewriteEngine On\n"); @@ -534,11 +538,9 @@ class access_Core { fwrite($fp, " Deny from All\n"); fwrite($fp, "</IfModule>\n"); fclose($fp); + } else { + @unlink($dir . "/.htaccess"); } - } else { - @unlink($album->file_path() . "/.htaccess"); - @unlink(dirname($album->resize_path()) . "/.htaccess"); - @unlink(dirname($album->thumb_path()) . "/.htaccess"); } } } |