diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-07-25 23:45:48 -0700 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-07-25 23:45:48 -0700 |
| commit | 809e52d80cbf3beb75b238fddb0da3951fb9a8e7 (patch) | |
| tree | 39488ef113d539995b4543945107bc1caf2b39e1 /modules | |
| parent | f8516b55d2f0fcf145bb6c27475d633e8a89ccf8 (diff) | |
Fix for ticket #452
1) Change access_Core::user_can to return true for all permissions if the
owner is the specified user.
2) Change Item_Model::viewable to set the owner_id is the first view_restriction
This allowed simplification of the generating the where clause to a single
$this->orwhere instead of a where and an orwhere.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/gallery/helpers/access.php | 2 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 22 |
2 files changed, 5 insertions, 19 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c84527f4..2faa922b 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,7 +95,7 @@ class access_Core { return false; } - if ($user->admin) { + if ($user->admin && $item->owner_id == $user->id) { return true; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 129bd77f..99d1ca6d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,31 +38,17 @@ class Item_Model extends ORM_MPTT { if (user::active()->admin) { $this->view_restrictions = array(); } else { + $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - // Separate the first restriction from the rest to make it easier for us to formulate - // our where clause below - if (empty($this->view_restrictions)) { - $this->view_restrictions[0] = "view_$id"; - } else { - $this->view_restrictions[1]["view_$id"] = access::ALLOW; - } + $this->view_restrictions["view_$id"] = access::ALLOW; } } } - switch (count($this->view_restrictions)) { - case 0: - break; - case 1: - $this->where($this->view_restrictions[0], access::ALLOW); - break; - - default: + if (!empty($this->view_restrictions)) { $this->open_paren(); - $this->where($this->view_restrictions[0], access::ALLOW); - $this->orwhere($this->view_restrictions[1]); + $this->orwhere($this->view_restrictions); $this->close_paren(); - break; } return $this; |