diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-29 17:53:33 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-29 17:53:33 -0700 |
| commit | 381dd0574a9d83ceed1dbf6bcb1f7e158d46c85c (patch) | |
| tree | cbfc6bf8c304a800e7c0d6781763c1c4dc53aee9 /modules | |
| parent | 055e0a7dc5d4fe65f92c5621a26432cda206f07f (diff) | |
Don't show the add photo/album options to users who don't have the
permission. This isn't a security hole, since they can't actually add
stuff.. but they can try and fail which is a bad user experience.
Also fix it up so that we show the option menu only if there's stuff
to show, and cache some of the permissions for performance (which I'm
guessing at-- didn't benchmark it).
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/helpers/gallery_menu.php | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index ccbc681c..7377bc9d 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -19,7 +19,8 @@ */ class gallery_menu_Core { static function site($menu, $theme) { - if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && user::active()->admin) { + $is_admin = user::active()->admin; + if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && $is_admin) { $menu->append($scaffold_menu = Menu::factory("submenu") ->id("scaffold") ->label("Scaffold")); @@ -36,38 +37,45 @@ class gallery_menu_Core { $item = $theme->item(); - if (user::active()->admin || ($item && access::can("edit", $item))) { + $can_edit = access::can("edit", $item) || $is_admin; + $can_add = access::can("add", $item) || $is_admin; + + if ($item && $can_edit || $can_add) { $menu->append($options_menu = Menu::factory("submenu") ->id("options_menu") ->label(t("Options"))); - if ($item && access::can("edit", $item)) { + if ($can_edit) { $options_menu ->append(Menu::factory("dialog") ->id("edit_item") ->label($item->is_album() ? t("Edit album") : t("Edit photo")) ->url(url::site("form/edit/{$item->type}s/$item->id"))); + } - // @todo Move album options menu to the album quick edit pane - if ($item->is_album()) { - $options_menu - ->append(Menu::factory("dialog") - ->id("add_item") - ->label(t("Add a photo")) - ->url(url::site("simple_uploader/app/$item->id"))) - ->append(Menu::factory("dialog") - ->id("add_album") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))) - ->append(Menu::factory("dialog") - ->id("edit_permissions") - ->label(t("Edit permissions")) - ->url(url::site("permissions/browse/$item->id"))); - } + // @todo Move album options menu to the album quick edit pane + if ($item->is_album() && $can_add) { + $options_menu + ->append(Menu::factory("dialog") + ->id("add_item") + ->label(t("Add a photo")) + ->url(url::site("simple_uploader/app/$item->id"))) + ->append(Menu::factory("dialog") + ->id("add_album") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } + + if ($can_edit) { + $options_menu + ->append(Menu::factory("dialog") + ->id("edit_permissions") + ->label(t("Edit permissions")) + ->url(url::site("permissions/browse/$item->id"))); } } - if (user::active()->admin) { + if ($is_admin) { $menu->append($admin_menu = Menu::factory("submenu") ->id("admin_menu") ->label(t("Admin"))); |