summaryrefslogtreecommitdiff
path: root/modules/gallery/controllers/quick.php
diff options
context:
space:
mode:
authorandyst <andy.st@gmail.com>2009-06-01 23:45:37 -0700
committerandyst <andy.st@gmail.com>2009-06-01 23:45:37 -0700
commit02a840c84cada5a1c0cc0768f350424460310e5d (patch)
tree6a35d4afddcf291327a4ff42245bca17328084ae /modules/gallery/controllers/quick.php
parentd0845aadc629cf10b8eee490a651c039750a1430 (diff)
parent3b6567f38c206f1302c7b22d94d5eae4b458311a (diff)
Merge branch 'master' of git@github.com:gallery/gallery3
Diffstat (limited to 'modules/gallery/controllers/quick.php')
-rw-r--r--modules/gallery/controllers/quick.php26
1 files changed, 17 insertions, 9 deletions
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index 643dce30..6efcb9de 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -19,8 +19,8 @@
*/
class Quick_Controller extends Controller {
public function pane($id) {
- $item = ORM::factory("item", $id);
- if (!$item->loaded) {
+ $item = model_cache::get("item", $id);
+ if (!access::can("view", $item) || !access::can("edit", $item)) {
return "";
}
@@ -32,10 +32,9 @@ class Quick_Controller extends Controller {
public function rotate($id, $dir) {
access::verify_csrf();
- $item = ORM::factory("item", $id);
- if (!$item->loaded) {
- return "";
- }
+ $item = model_cache::get("item", $id);
+ access::required("view", $item);
+ access::required("edit", $item);
$degrees = 0;
switch($dir) {
@@ -82,14 +81,21 @@ class Quick_Controller extends Controller {
public function make_album_cover($id) {
access::verify_csrf();
- item::make_album_cover(ORM::factory("item", $id));
+
+ $item = model_cache::get("item", $id);
+ access::required("view", $item);
+ access::required("view", $item->parent());
+ access::required("edit", $item->parent());
+
+ item::make_album_cover($item);
print json_encode(array("result" => "success"));
}
public function delete($id) {
access::verify_csrf();
- $item = ORM::factory("item", $id);
+ $item = model_cache::get("item", $id);
+ access::required("view", $item);
access::required("edit", $item);
if ($item->is_album()) {
@@ -110,8 +116,10 @@ class Quick_Controller extends Controller {
}
public function form_edit($id) {
- $item = ORM::factory("item", $id);
+ $item = model_cache::get("item", $id);
+ access::required("view", $item);
access::required("edit", $item);
+
if ($item->is_album()) {
$form = album::get_edit_form($item);
} else {
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-26 08:32:46 +0000