diff options
| author | mamouneyya <mamoun.diraneyya@gmail.com> | 2011-02-16 18:25:18 +0300 |
|---|---|---|
| committer | mamouneyya <mamoun.diraneyya@gmail.com> | 2011-02-16 18:25:18 +0300 |
| commit | 00772aaa62e6bce14e58e163ea72f386136c731d (patch) | |
| tree | ed658d454d8bea79d551969fffa0bc18faee5d52 /modules/gallery/helpers/access.php | |
| parent | 3e2610ea83c60805d5e727df6509da6c49fd6c7b (diff) | |
| parent | d2c77fd0590501f7b6b51d9f4cc033ed9485b082 (diff) | |
Merge remote-tracking branch 'gallery3/master'
Diffstat (limited to 'modules/gallery/helpers/access.php')
| -rw-r--r-- | modules/gallery/helpers/access.php | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 0b0dcbc1..545e544f 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -1,7 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access."); /** * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2010 Bharat Mediratta + * Copyright (C) 2000-2011 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -99,8 +99,12 @@ class access_Core { return true; } + // Use the nearest parent album (including the current item) so that we take advantage + // of the cache when checking many items in a single album. + $id = ($item->type == "album") ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); + $item : model_cache::get("access_cache", $id, "item_id"); + foreach ($user->groups() as $group) { if ($resource->__get("{$perm_name}_{$group->id}") === access::ALLOW) { return true; @@ -136,8 +140,12 @@ class access_Core { * @return boolean */ static function group_can($group, $perm_name, $item) { + // Use the nearest parent album (including the current item) so that we take advantage + // of the cache when checking many items in a single album. + $id = ($item->type == "album") ? $item->id : $item->parent_id; $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); + $item : model_cache::get("access_cache", $id, "item_id"); + return $resource->__get("{$perm_name}_{$group->id}") === access::ALLOW; } @@ -426,7 +434,7 @@ class access_Core { $session = Session::instance(); $csrf = $session->get("csrf"); if (empty($csrf)) { - $csrf = md5(rand()); + $csrf = random::hash(); $session->set("csrf", $csrf); } return $csrf; |