diff options
| -rw-r--r-- | modules/gallery/helpers/access.php | 30 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 6 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_task.php | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/Access_Helper_Test.php | 4 |
4 files changed, 36 insertions, 6 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 86ea9572..52a36298 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -263,15 +263,15 @@ class access_Core { } /** - * Recalculate the permissions for a given item and its hierarchy. $item must be an album. + * Recalculate the permissions for an album's hierarchy. */ - static function recalculate_permissions($item) { + static function recalculate_album_permissions($album) { foreach (self::_get_all_groups() as $group) { foreach (ORM::factory("permission")->find_all() as $perm) { if ($perm->name == "view") { - self::_update_access_view_cache($group, $item); + self::_update_access_view_cache($group, $album); } else { - self::_update_access_non_view_cache($group, $perm->name, $item); + self::_update_access_non_view_cache($group, $perm->name, $album); } } } @@ -279,6 +279,28 @@ class access_Core { } /** + * Recalculate the permissions for a single photo. + */ + static function recalculate_photo_permissions($photo) { + $parent = $photo->parent(); + $parent_access_cache = ORM::factory("access_cache")->where("item_id", "=", $parent->id)->find(); + $photo_access_cache = ORM::factory("access_cache")->where("item_id", "=", $photo->id)->find(); + foreach (self::_get_all_groups() as $group) { + foreach (ORM::factory("permission")->find_all() as $perm) { + $field = "{$perm->name}_{$group->id}"; + if ($perm->name == "view") { + $photo->$field = $parent->$field; + } else { + $photo_access_cache->$field = $parent_access_cache->$field; + } + } + } + $photo_access_cache->save(); + $photo->save(); + model_cache::clear(); + } + + /** * Register a permission so that modules can use it. * * @param string $name The internal name for for this permission diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 78a9f5a9..b59bb9b9 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,7 +157,11 @@ class gallery_event_Core { } static function item_moved($item, $old_parent) { - access::recalculate_permissions($item->parent()); + if ($item->is_album()) { + access::recalculate_album_permissions($item->parent()); + } else { + access::recalculate_photo_permissions($item); + } // If the new parent doesn't have an album cover, make this it. if (!$item->parent()->album_cover_item_id) { diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 985346ba..3b173928 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -571,7 +571,7 @@ class gallery_task_Core { // The new cache rows are there, but they're incorrectly populated so we have to fix // them. If this turns out to be too slow, we'll have to refactor // access::recalculate_permissions to allow us to do it in slices. - access::recalculate_permissions(item::root()); + access::recalculate_album_permissions(item::root()); $state = self::FIX_STATE_DONE; } break; diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index c092e3fd..32b3020f 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -359,11 +359,13 @@ class Access_Helper_Test extends Gallery_Unit_Test_Case { $public_album = test::random_album(); $public_photo = test::random_photo($public_album); access::allow(identity::everybody(), "view", $public_album); + access::allow(identity::everybody(), "edit", $public_album); item::root()->reload(); // Account for MPTT changes $private_album = test::random_album(); access::deny(identity::everybody(), "view", $private_album); + access::deny(identity::everybody(), "edit", $private_album); $private_photo = test::random_photo($private_album); // Make sure that we now have a public photo and private photo. @@ -385,6 +387,8 @@ class Access_Helper_Test extends Gallery_Unit_Test_Case { // Make sure that the public_photo is now private, and the private_photo is now public. $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo)); + $this->assert_false(access::group_can(identity::everybody(), "edit", $public_photo)); $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo)); + $this->assert_true(access::group_can(identity::everybody(), "edit", $private_photo)); } } |