diff options
| -rw-r--r-- | modules/gallery/config/identity.php | 37 | ||||
| -rw-r--r-- | modules/gallery/controllers/albums.php | 1 | ||||
| -rw-r--r-- | modules/gallery/controllers/login.php | 1 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_theme.php | 1 | ||||
| -rw-r--r-- | modules/gallery/helpers/group.php | 57 | ||||
| -rw-r--r-- | modules/gallery/helpers/locales.php | 34 | ||||
| -rw-r--r-- | modules/gallery/helpers/user.php | 248 | ||||
| -rw-r--r-- | modules/gallery/libraries/Identity.php | 189 | ||||
| -rw-r--r-- | modules/gallery/libraries/drivers/Identity.php | 301 | ||||
| -rw-r--r-- | modules/gallery/views/login.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/login_ajax.html.php | 2 | ||||
| -rw-r--r-- | modules/user/controllers/admin_users.php | 1 | ||||
| -rw-r--r-- | modules/user/libraries/drivers/Identity/Gallery.php | 256 | ||||
| -rw-r--r-- | modules/user/models/user.php | 21 | ||||
| -rw-r--r-- | modules/user/views/admin_users.html.php | 36 | ||||
| -rw-r--r-- | modules/user/views/admin_users_group.html.php | 4 | ||||
| -rw-r--r-- | themes/admin_wind/css/screen.css | 3 |
17 files changed, 994 insertions, 200 deletions
diff --git a/modules/gallery/config/identity.php b/modules/gallery/config/identity.php new file mode 100644 index 00000000..0479d08b --- /dev/null +++ b/modules/gallery/config/identity.php @@ -0,0 +1,37 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +/* + * @package Identity + * + * User settings, defined as arrays, or "groups". If no group name is + * used when loading the cache library, the group named "default" will be used. + * + * Each group can be used independently, and multiple groups can be used at once. + * + * Group Options: + * driver - User backend driver. Gallery comes with Gallery user driver. + * + * params - Driver parameters, specific to each driver. + */ +$config["default"] = array ( + "driver" => "gallery", + "allow_updates" => true, + "params" => array(), +); diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 9733d1cd..95d63308 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -29,6 +29,7 @@ class Albums_Controller extends Items_Controller { $view = new Theme_View("page.html", "login"); $view->page_title = t("Log in to Gallery"); $view->content = new View("login_ajax.html"); + $view->content->writable = user::is_writable(); $view->content->form = user::get_login_form("login/auth_html"); print $view; return; diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 2c4bd557..85f6db5d 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -21,6 +21,7 @@ class Login_Controller extends Controller { public function ajax() { $view = new View("login_ajax.html"); + $view->writable = user::is_writable(); $view->form = user::get_login_form("login/auth_ajax"); print $view; } diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index a342b4bd..54b35fb7 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -55,6 +55,7 @@ class gallery_theme_Core { if ($theme->page_type != "login") { $view = new View("login.html"); $view->user = user::active(); + $view->writable = user::is_writable(); return $view->render(); } } diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php index dbfa03fe..3369b5ab 100644 --- a/modules/gallery/helpers/group.php +++ b/modules/gallery/helpers/group.php @@ -125,7 +125,7 @@ class group_Core { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Save")); - $form->add_rules_from($group); + $form->add_rules_from(self::get_edit_rules()); return $form; } @@ -138,7 +138,7 @@ class group_Core { "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Add Group")); $group = ORM::factory("group"); - $form->add_rules_from($group); + $form->add_rules_from(self::get_edit_rules()); return $form; } @@ -150,4 +150,57 @@ class group_Core { $form_group->submit("")->value(t("Delete")); return $form; } + + /** + * @see Identity_Driver::create. + */ + static function create($name) { + return Identity::instance()->create_group($name); + } + + /** + * @see Identity_Driver::everbody. + */ + static function everybody() { + return Identity::instance()->everybody(); + } + + /** + * @see Identity_Driver::registered_users. + */ + static function registered_users() { + return Identity::instance()->everybody(); + } + + /** + * Look up a group by id. + * @param integer $id the user id + * @return Group_Definition the group object, or null if the id was invalid. + */ + static function lookup($id) { + return Identity::instance()->lookup_group_by_field("id", $id); + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Definition the group object, or null if the name was invalid. + */ + static function lookup_by_name($name) { + return Identity::instance()->lookup_group_by_field("name", $name); + } + + /** + * @see Identity_Driver::get_group_list. + */ + static function get_group_list($filter=array()) { + return Identity::instance()->get_group_list($filter); + } + + /** + * @see Identity_Driver::get_edit_rules. + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("group"); + } } diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index f0807c99..2cd8b0c2 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -136,6 +136,23 @@ class locales_Core { return in_array($language, array("he", "fa", "ar")); } + static function set_request_locale() { + // 1. Check the session specific preference (cookie) + $locale = self::cookie_locale(); + // 2. Check the user's preference + if (!$locale) { + $locale = user::active()->locale; + } + // 3. Check the browser's / OS' preference + if (!$locale) { + $locale = self::locale_from_http_request(); + } + // If we have any preference, override the site's default locale + if ($locale) { + I18n::instance()->locale($locale); + } + } + /** * Returns the best match comparing the HTTP accept-language header * with the installed locales. @@ -220,23 +237,6 @@ class locales_Core { return array(null, 0); } - static function set_request_locale() { - // 1. Check the session specific preference (cookie) - $locale = self::cookie_locale(); - // 2. Check the user's preference - if (!$locale) { - $locale = user::active()->locale; - } - // 3. Check the browser's / OS' preference - if (!$locale) { - $locale = locales::locale_from_http_request(); - } - // If we have any preference, override the site's default locale - if ($locale) { - I18n::instance()->locale($locale); - } - } - static function cookie_locale() { $cookie_data = Input::instance()->cookie("g_locale"); $locale = null; diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php index cb205170..9052e932 100644 --- a/modules/gallery/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -25,24 +25,34 @@ */ class user_Core { static function get_edit_form($user) { + $writable = self::is_writable(); $form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form")); $form->set_attr("class", "g-narrow"); $group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name))); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); - $group->password("password")->label(t("Password"))->id("g-password"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); + if ($writable) { + $group->password("password")->label(t("Password"))->id("g-password"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + } $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); + + if (!$writable) { + foreach ($group->inputs as $input) { + $input->disabled("disabled"); + } + } return $form; } static function get_edit_form_admin($user) { + $writable = self::is_writable(); $form = new Forge( "admin/users/edit_user/$user->id", "", "post", array("id" => "g-edit-user-form")); $group = $form->group("edit_user")->label(t("Edit User")); @@ -51,17 +61,23 @@ class user_Core { "in_use", t("There is already a user with that username")); $group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name); self::_add_locale_dropdown($group, $user); - $group->password("password")->label(t("Password"))->id("g-password"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); + if ($writable) { + $group->password("password")->label(t("Password"))->id("g-password"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + } $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from($user); - $form->edit_user->password->rules("-required"); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); + if (!$writable) { + foreach ($group->inputs as $input) { + $input->disabled("disabled"); + } + } return $form; } @@ -79,8 +95,7 @@ class user_Core { $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); - $user = ORM::factory("user"); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); @@ -124,41 +139,6 @@ class user_Core { } /** - * Make sure that we have a session and group_ids cached in the session. - */ - static function load_user() { - $session = Session::instance(); - if (!($user = $session->get("user"))) { - $session->set("user", $user = user::guest()); - } - - // The installer cannot set a user into the session, so it just sets an id which we should - // upconvert into a user. - if ($user === 2) { - $user = model_cache::get("user", 2); - user::login($user); - $session->set("user", $user); - } - - if (!$session->get("group_ids")) { - $ids = array(); - foreach ($user->groups as $group) { - $ids[] = $group->id; - } - $session->set("group_ids", $ids); - } - } - - /** - * Return the array of group ids this user belongs to - * - * @return array - */ - static function group_ids() { - return Session::instance()->get("group_ids", array(1)); - } - - /** * Return the active user. If there's no active user, return the guest user. * * @return User_Model @@ -169,23 +149,12 @@ class user_Core { if (!isset($user)) { // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary // work. - $user = user::guest(); + $user = self::guest(); } return $user; } /** - * Return the guest user. - * - * @todo consider caching - * - * @return User_Model - */ - static function guest() { - return model_cache::get("user", 1); - } - - /** * Change the active user. * * @return User_Model @@ -198,75 +167,42 @@ class user_Core { } /** - * Create a new user. + * Return the array of group ids this user belongs to * - * @param string $name - * @param string $full_name - * @param string $password - * @return User_Model + * @return array */ - static function create($name, $full_name, $password) { - $user = ORM::factory("user")->where("name", $name)->find(); - if ($user->loaded) { - throw new Exception("@todo USER_ALREADY_EXISTS $name"); - } - - $user->name = $name; - $user->full_name = $full_name; - $user->password = $password; - - // Required groups - $user->add(group::everybody()); - $user->add(group::registered_users()); - - $user->save(); - return $user; + static function group_ids() { + return Session::instance()->get("group_ids", array(1)); } /** - * Is the password provided correct? - * - * @param user User Model - * @param string $password a plaintext password - * @return boolean true if the password is correct + * Make sure that we have a session and group_ids cached in the session. This is one + * of the first calls to reference the user so call the Identity::instance to load the + * driver classes. */ - static function is_correct_password($user, $password) { - $valid = $user->password; - - // Try phpass first, since that's what we generate. - if (strlen($valid) == 34) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->CheckPassword($password, $valid); + static function load_user() { + Identity::instance(); + $session = Session::instance(); + if (!($user = $session->get("user"))) { + $session->set("user", $user = self::guest()); } - $salt = substr($valid, 0, 4); - // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: - $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); - if (!strcmp($guess, $valid)) { - return true; + // The installer cannot set a user into the session, so it just sets an id which we should + // upconvert into a user. + // @todo what is user id===2 + if ($user === 2) { + $user = model_cache::get("user", 2); + self::login($user); + $session->set("user", $user); } - // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities - $sanitizedPassword = html::specialchars($password, false); - $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) - : ($salt . md5($salt . $sanitizedPassword)); - if (!strcmp($guess, $valid)) { - return true; + if (!$session->get("group_ids")) { + $ids = array(); + foreach ($user->groups as $group) { + $ids[] = $group->id; + } + $session->set("group_ids", $ids); } - - return false; - } - - /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password - */ - static function hash_password($password) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->HashPassword($password); } /** @@ -274,11 +210,12 @@ class user_Core { * @param object $user the user object. */ static function login($user) { + // @todo make this an interface call $user->login_count += 1; $user->last_login = time(); $user->save(); - user::set_active($user); + self::set_active($user); module::event("user_login", $user); } @@ -287,7 +224,7 @@ class user_Core { * @param object $user the user object. */ static function logout() { - $user = user::active(); + $user = self::active(); if (!$user->guest) { try { Session::instance()->destroy(); @@ -299,58 +236,81 @@ class user_Core { } /** + * @see Identity_Core::is_writable. + */ + static function is_writable() { + return Identity::instance()->is_writable(); + } + + /** + * @see Identity_Driver::guest. + */ + static function guest() { + return Identity::instance()->guest(); + } + + /** + * @see Identity_Driver::create_user. + */ + static function create($name, $full_name, $password) { + return Identity::instance()->create_user($name, $full_name, $password); + } + + /** + * @see Identity_Driver::is_correct_password. + */ + static function is_correct_password($user, $password) { + return Identity::instance()->is_correct_password($user, $password); + } + + /** + * @see Identity_Driver::hash_password. + */ + static function hash_password($password) { + return Identity::instance()->hash_password($password); + } + + /** * Look up a user by id. * @param integer $id the user id - * @return User_Model the user object, or null if the id was invalid. + * @return User_Definition the user object, or null if the id was invalid. */ static function lookup($id) { - return self::_lookup_user_by_field("id", $id); + return Identity::instance()->lookup_user_by_field("id", $id); } /** * Look up a user by name. * @param integer $name the user name - * @return User_Model the user object, or null if the name was invalid. + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_name($name) { - return self::_lookup_user_by_field("name", $name); + return Identity::instance()->lookup_user_by_field("name", $name); } /** * Look up a user by hash. - * @param integer $hash the user hash value - * @return User_Model the user object, or null if the name was invalid. + * @param string $name the user name + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_hash($hash) { - return self::_lookup_user_by_field("hash", $hash); + return Identity::instance()->lookup_user_by_field("hash", $hash); } /** - * List the users - * @param mixed filters (@see Database.php - * @return array the user list. + * @see Identity_Driver::get_user_list. */ static function get_user_list($filter=array()) { - $user = ORM::factory("user"); - - foreach($filter as $method => $args) { - switch ($method) { - case "in": - $user->in($args[0], $args[1]); - break; - default: - $user->$method($args); - } - } - return $user->find_all(); + return Identity::instance()->get_user_list($filter); } /** - * Look up a user by field value. - * @param string search field - * @param string search value - * @return User_Core the user object, or null if the name was invalid. + * @see Identity_Driver::get_edit_rules. */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("user"); + } + private static function _lookup_user_by_field($field_name, $value) { try { $user = model_cache::get("user", $value, $field_name); diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php new file mode 100644 index 00000000..88865913 --- /dev/null +++ b/modules/gallery/libraries/Identity.php @@ -0,0 +1,189 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * Provides a driver-based interface for managing users and groups. + */ +class Identity_Core { + protected static $instances; + + // Configuration + protected $config; + + // Driver object + protected $driver; + + /** + * Returns a singleton instance of Identity. + * There can only be one Identity driver configured at a given point + * + * @param string configuration + * @return Identity_Core + */ + static function & instance($config="default") { + if (!isset(Identity::$instances)) { + // Create a new instance + Identity::$instances = new Identity($config); + } + + return Identity::$instances; + } + + /** + * Loads the configured driver and validates it. + * + * @param array|string custom configuration or config group name + * @return void + */ + public function __construct($config="default") { + if (is_string($config)) { + $name = $config; + + // Test the config group name + if (($config = Kohana::config("identity.".$config)) === NULL) { + throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $name"); + } + + if (is_array($config)) { + // Append the default configuration options + $config += Kohana::config("identity.default"); + } else { + // Load the default group + $config = Kohana::config("identity.default"); + } + + // Cache the config in the object + $this->config = $config; + + // Set driver name + $driver = "Identity_".ucfirst($this->config["driver"])."_Driver"; + + // Load the driver + if ( ! Kohana::auto_load($driver)) { + throw new Kohana_Exception("core.driver_not_found", $this->config["driver"], + get_class($this)); + } + + // Initialize the driver + $this->driver = new $driver($this->config["params"]); + + // Validate the driver + if ( !($this->driver instanceof Identity_Driver)) + throw new Kohana_Exception("core.driver_implements", $this->config["driver"], + get_class($this), "Identity_Driver"); + + Kohana::log("debug", "Identity Library initialized"); + } + } + + /** + * Determine if if the current driver supports updates. + * + * @return boolean true if the driver supports updates; false if read only + */ + public function is_writable() { + return !empty($this->config["allow_updates"]); + } + + + /** + * @see Identity_Driver::guest. + */ + public function guest() { + return $this->driver->guest(); + } + + /** + * @see Identity_Driver::create_user. + */ + public function create_user($name, $full_name, $password) { + return $this->driver->create_user($name, $full_name, $password); + } + + /** + * @see Identity_Driver::is_correct_password. + */ + public function is_correct_password($user, $password) { + return $this->driver->is_correct_password($user, $password); + } + + /** + * @see Identity_Driver::hash_password. + */ + public function hash_password($password) { + return $this->driver->hash_password($password); + } + + /** + * @see Identity_Driver::lookup_user_by_field. + */ + public function lookup_user_by_field($field_name, $value) { + return $this->driver->lookup_user_by_field($field_name, $value); + } + + /** + * @see Identity_Driver::create_group. + */ + public function create_group($name) { + return $this->driver->create_group($name); + } + + /** + * @see Identity_Driver::everybody. + */ + public function everybody() { + return $this->driver->everybody(); + } + + /** + * @see Identity_Driver::registered_users. + */ + public function registered_users() { + return $this->driver->everybody(); + } + + /** + * @see Identity_Driver::lookup_group_by_field. + */ + public function lookup_group_by_field($field_name, $value) { + return $this->driver->lookup_group_by_field($field_name, $value); + } + + /** + * @see Identity_Driver::get_user_list. + */ + public function get_user_list($filter=array()) { + return $this->driver->get_user_list($filter); + } + + /** + * @see Identity_Driver::get_group_list. + */ + public function get_group_list($filter=array()) { + return $this->driver->get_group_list($filter); + } + + /** + * @see Identity_Driver::get_edit_rules. + */ + public function get_edit_rules($object_type) { + return $this->driver->get_edit_rules($object_type); + } +} // End Identity diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php new file mode 100644 index 00000000..0b789908 --- /dev/null +++ b/modules/gallery/libraries/drivers/Identity.php @@ -0,0 +1,301 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +interface Identity_Driver { + /** + * Return the guest user. + * + * @return User_Definition the user object + */ + public function guest(); + + /** + * Create a new user. + * + * @param string $name + * @param string $full_name + * @param string $password + * @return User_Definition the user object + */ + public function create_user($name, $full_name, $password); + + /** + * Is the password provided correct? + * + * @param user User_Definition the user object + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + public function is_correct_password($user, $password); + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password + */ + public function hash_password($password); + + /** + * Look up a user by by search the specified field. + * @param string search field + * @param string search value + * @return User_Definition the user object, or null if the name was invalid. + */ + public function lookup_user_by_field($field, $value); + + /** + * Create a new group. + * + * @param string $name + * @return Group_Definition the group object + */ + public function create_group($name); + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Definition the group object + */ + public function everybody(); + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Definition the group object + */ + public function registered_users(); + + /** + * List the users + * @param mixed options to apply to the selection of the user + * currently supported: + * "orderby" => array(<field name>, "ASC|DESC") + * "in" => array(<field name>, array(values, ...)) + * "where" => array(<field name>, value) + * <field name> follows Kohana syntax where it could contain the first + * half of a logical expression (i.e. "field IS NOT") + * @return array the group list. + */ + public function get_user_list($filter=array()); + + /** + * List the groups + * @param mixed options to apply to the selection of the group + * currently supported: + * "orderby" => array(<field name>, "ASC|DESC") + * "in" => array(<field name>, array(values, ...)) + * "where" => array(<field name>, value) + * <field name> follows Kohana syntax where it could contain the first + * half of a logical expression (i.e. "field IS NOT") + * @return array the group list. + */ + public function get_group_list($filter=array()); + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type); +} // End Identity Driver Definition + +/** + * User Data wrapper + */ +abstract class User_Definition { + protected $user; + public function __get($column) { + switch ($column) { + case "id": + case "name": + case "full_name": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + case "groups": + case "hashed_password": + return $this->user->$column; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __set($column, $value) { + switch ($column) { + case "id": + case "groups": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "full_name": + case "hashed_password": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + $this->user->$column = $value; + break; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __isset($column) { + return isset($this->user->$column); + } + + public function __unset($column) { + switch ($column) { + case "id": + case "groups": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "full_name": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + case "hashed_password": + unset($this->user->$column); + break; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + /** + * Return a url to the user's avatar image. + * @param integer $size the target size of the image (default 80px) + * @return string a url + */ + public function avatar_url($size=80, $default=null) { + return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", + md5($this->user->email), $size, $default ? "&d=" . urlencode($default) : ""); + } + + /** + * Return the best version of the user's name. Either their specified full name, or fall back + * to the user name. + * @return string + */ + public function display_name() { + return empty($this->user->full_name) ? $this->user->name : $this->user->full_name; + } + + /** + * Return the internal user object without the wrapper. + * This method is used by implementing classes to access the internal user object. + * Consider it pseudo private and only declared public as PHP as not internal or friend modifier + */ + public function _uncloaked() { + return $this->user; + } + + abstract public function save(); + abstract public function delete(); +} + +/** + * Group Data wrapper + */ +abstract class Group_Definition { + protected $group; + + public function __get($column) { + switch ($column) { + case "id": + case "name": + case "special": + case "users": + return $this->group->$column; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __set($column, $value) { + switch ($column) { + case "id": + case "users": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "special": + $this->group->$column = $value; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __isset($column) { + return isset($this->group->$column); + } + + public function __unset($column) { + switch ($column) { + case "id": + case "users": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "special": + unset($this->group->$column); + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + /** + * Return the internal group object without the wrapper. + * This method is used by implementing classes to access the internal group object. + * Consider it pseudo private and only declared public as PHP as not internal or friend modifier + */ + public function _uncloaked() { + return $this->group; + } + + abstract public function save(); + abstract public function delete(); + abstract public function add($user); + abstract public function remove($user); +} diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php index 049ba043..fa6308ae 100644 --- a/modules/gallery/views/login.html.php +++ b/modules/gallery/views/login.html.php @@ -10,7 +10,7 @@ <li class="first"> <?= t('Logged in as %name', array('name' => html::mark_clean( '<a href="' . url::site("form/edit/users/{$user->id}") . - '" title="' . t("Edit Your Profile")->for_html_attr() . + '" title="' . ($writable ? t("Edit Your Profile")->for_html_attr() : t("Display Your Profile")->for_html_attr()) . '" id="g-user-profile-link" class="g-dialog-link">' . html::clean($user->display_name()) . '</a>'))) ?> </li> diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php index d3364b46..332a5365 100644 --- a/modules/gallery/views/login_ajax.html.php +++ b/modules/gallery/views/login_ajax.html.php @@ -36,8 +36,10 @@ <li id="g-login-form"> <?= $form ?> </li> + <? if (!empty($writable)): ?> <li> <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a> </li> + <? endif ?> </ul> </div> diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index a8a8cd95..34b3a426 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,6 +21,7 @@ class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); + $view->content->writable = user::is_writable(); $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC"))); $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC"))); print $view; diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php new file mode 100644 index 00000000..013497b6 --- /dev/null +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -0,0 +1,256 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +/* + * Based on the Cache_Sqlite_Driver developed by the Kohana Team + */ +class Identity_Gallery_Driver implements Identity_Driver { + /** + * @see Identity_Driver::guest. + */ + public function guest() { + return new Gallery_User(model_cache::get("user", 1)); + } + + /** + * @see Identity_Driver::create_user. + */ + public function create_user($name, $full_name, $password) { + $user = ORM::factory("user")->where("name", $name)->find(); + if ($user->loaded) { + throw new Exception("@todo USER_ALREADY_EXISTS $name"); + } + + $user->name = $name; + $user->full_name = $full_name; + $user->password = $password; + + // Required groups + $user->add($this->everybody()->_uncloaked()); + $user->add($this->registered_users()->_uncloaked()); + + $user->save(); + return new Gallery_User($user); + } + + /** + * @see Identity_Driver::is_correct_password. + */ + public function is_correct_password($user, $password) { + $valid = $user->password; + + // Try phpass first, since that's what we generate. + if (strlen($valid) == 34) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->CheckPassword($password, $valid); + } + + $salt = substr($valid, 0, 4); + // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: + $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); + if (!strcmp($guess, $valid)) { + return true; + } + + // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities + $sanitizedPassword = html::specialchars($password, false); + $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) + : ($salt . md5($salt . $sanitizedPassword)); + if (!strcmp($guess, $valid)) { + return true; + } + + return false; + } + + /** + * @see Identity_Driver::hash_password. + */ + public function hash_password($password) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->HashPassword($password); + } + + /** + * @see Identity_Driver::lookup_user_by_field. + */ + public function lookup_user_by_field($field_name, $value) { + try { + $user = model_cache::get("user", $value, $field_name); + if ($user->loaded) { + return new Gallery_User($user); + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * @see Identity_Driver::create_group. + */ + public function create_group($name) { + $group = ORM::factory("group")->where("name", $name)->find(); + if ($group->loaded) { + throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); + } + + $group->name = $name; + $group->save(); + + return new Gallery_Group($group); + } + + /** + * @see Identity_Driver::everybody. + */ + public function everybody() { + return new Gallery_Group(model_cache::get("group", 1)); + } + + /** + * @see Identity_Driver::registered_users. + */ + public function registered_users() { + return new Gallery_Group(model_cache::get("group", 2)); + } + + /** + * @see Identity_Driver::lookup_group_by_field. + */ + public function lookup_group_by_field($field_name, $value) { + try { + $group = model_cache::get("group", $value, $field_name); + if ($group->loaded) { + return new Gallery_Group($group); + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * @see Identity_Driver::get_user_list. + */ + public function get_user_list($filter=array()) { + $results = $this->_do_search("user", $filter); + $users = array(); + foreach ($results->as_array() as $user) { + $users[] = new Gallery_User($user); + } + return $users; + } + + /** + * @see Identity_Driver::get_group_list. + */ + public function get_group_list($filter=array()) { + $results = $this->_do_search("group", $filter); + $groups = array(); + foreach ($results->as_array() as $group) { + $groups[] = new Gallery_Group($group); + } + return $groups; + } + + /** + * @see Identity_Driver::get_edit_rules. + */ + public function get_edit_rules($object_type) { + return (object)ORM::factory($object_type)->rules; + } + + /** + * Build the query based on the supplied filters for the specified model. + * @param string $object_type to return rules for ("user"|"group") + * @param mixed $filters options to apply to the selection. + */ + private function _do_search($object_type, $filter) { + $object = ORM::factory($object_type); + + foreach ($filter as $method => $args) { + switch ($method) { + case "in": + $object->in($args[0], $args[1]); + break; + default: + $object->$method($args); + } + } + + return $object->find_all(); + } + +} // End Identity Gallery Driver + +/** + * User Data wrapper + */ +class Gallery_User extends User_Definition { + /* + * Not for general user, allows the back-end to easily create the interface object + */ + function __construct($user) { + $this->user = $user; + } + + public function save() { + $this->user->save(); + } + + public function delete() { + $this->user->delete(); + } + +} + +/** + * Group Data wrapper + */ +class Gallery_Group extends Group_Definition { + /* + * Not for general user, allows the back-end to easily create the interface object + */ + function __construct($group) { + $this->group = $group; + } + + public function save() { + $this->group->save(); + } + + public function delete() { + $this->group->delete(); + } + + public function add($user) { + $this->group->add($user->_uncloaked()); + } + + public function remove($user) { + $this->group->remove($user->_uncloaked()); + } +} diff --git a/modules/user/models/user.php b/modules/user/models/user.php index 55562f34..1993bd05 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -51,16 +51,6 @@ class User_Model extends ORM { module::event("user_deleted", $old); } - /** - * Return a url to the user's avatar image. - * @param integer $size the target size of the image (default 80px) - * @return string a url - */ - public function avatar_url($size=80, $default=null) { - return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", - md5($this->email), $size, $default ? "&d=" . urlencode($default) : ""); - } - public function save() { if (!$this->loaded) { $created = 1; @@ -73,13 +63,4 @@ class User_Model extends ORM { } return $this; } - - /** - * Return the best version of the user's name. Either their specified full name, or fall back - * to the user name. - * @return string - */ - public function display_name() { - return empty($this->full_name) ? $this->name : $this->full_name; - } -}
\ No newline at end of file +} diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index a127bc15..82d0926c 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -2,7 +2,7 @@ <script type="text/javascript"> var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>"; $(document).ready(function(){ - $("#g-user-admin-list .core-info").draggable({ + $("#g-user-admin-list .g-draggable").draggable({ helper: "clone" }); $("#g-group-admin .g-group").droppable({ @@ -20,6 +20,7 @@ }); $("#group-1").droppable("destroy"); $("#group-2").droppable("destroy"); + $(".g-group-disable").droppable("destroy"); }); var reload_group = function(group_id) { @@ -42,12 +43,14 @@ } </script> <div class="g-block"> + <? if (!empty($writable)): ?> <a href="<?= url::site("admin/users/add_user_form") ?>" class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all" title="<?= t("Create a new user")->for_html_attr() ?>"> <span class="ui-icon ui-icon-circle-plus"></span> <?= t("Add a new user") ?> </a> + <? endif ?> <h2> <?= t("User Admin") ?> @@ -65,7 +68,7 @@ <? foreach ($users as $i => $user): ?> <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>"> - <td id="user-<?= $user->id ?>" class="core-info g-draggable"> + <td id="user-<?= $user->id ?>" class="core-info <?= !empty($writable) ? "g-draggable" : "" ?> "> <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>" title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>" alt="<?= html::clean_attribute($user->name) ?>" @@ -86,15 +89,19 @@ <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>" open_text="<?= t("close") ?>" class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a> - <? if (user::active()->id != $user->id && !$user->guest): ?> - <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>" - class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a> - <? else: ?> - <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>" - class="g-button ui-state-disabled ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span> + <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"> + <?= (!empty($writable)) ? t("edit") : t("display") ?> + </span></a> + <? if (!empty($writable)): ?> + <? if (user::active()->id != $user->id && !$user->guest): ?> + <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>" + class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> + <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a> + <? else: ?> + <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>" + class="g-button ui-state-disabled ui-corner-all ui-icon-left"> + <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span> + <? endif ?> <? endif ?> </td> </tr> @@ -104,12 +111,14 @@ </div> <div id="g-group-admin" class="g-block g-clearfix"> + <? if (!empty($writable)): ?> <a href="<?= url::site("admin/users/add_group_form") ?>" class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all" title="<?= t("Create a new group")->for_html_attr() ?>"> <span class="ui-icon ui-icon-circle-plus"></span> <?= t("Add a new group") ?> </a> + <? endif ?> <h2> <?= t("Group Admin") ?> @@ -118,8 +127,9 @@ <div class="g-block-content"> <ul> <? foreach ($groups as $i => $group): ?> - <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" /> - <? $v = new View("admin_users_group.html"); $v->group = $group; ?> + <? $class = !empty($writable) ? "" : "g-group-disable" ?> + <li id="group-<?= $group->id ?>" class="g-group <?= $class ?> <?= ($group->special ? "g-default-group" : "") ?>" /> + <? $v = new View("admin_users_group.html"); $v->group = $group; $v->writable = !empty($writable) ?> <?= $v ?> </li> <? endforeach ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index db3645a0..539f69b7 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -4,7 +4,7 @@ <? if (!$group->special): ?> <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>" title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>" - class="g-dialog-link g-button ui-state-default ui-corner-all"> + class="g-dialog-link g-button ui-state-default ui-corner-all <?= !empty($writable) ? "" : "ui-state-disabled" ?>"> <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> <? else: ?> <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>" @@ -20,7 +20,7 @@ <?= html::clean($user->name) ?> <? if (!$group->special): ?> <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)" - class="g-button ui-state-default ui-corner-all ui-icon-left" + class="g-button ui-state-default ui-corner-all ui-icon-left <?= !empty($writable) ? "" : "ui-state-disabled" ?>" title="<?= t("Remove %user from %group group", array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>"> <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span> diff --git a/themes/admin_wind/css/screen.css b/themes/admin_wind/css/screen.css index 3c58a282..22f49d21 100644 --- a/themes/admin_wind/css/screen.css +++ b/themes/admin_wind/css/screen.css @@ -542,7 +542,8 @@ li.g-group .g-user .g-button { vertical-align: middle; } -li.g-default-group h4, li.g-default-group .g-user { +li.g-default-group h4, li.g-default-group .g-user, +li.g-group-disable h4, li.g-group-disable .g-user { color: gray; } |