diff options
| -rw-r--r-- | core/controllers/albums.php | 8 | ||||
| -rw-r--r-- | core/controllers/simple_uploader.php | 2 | ||||
| -rw-r--r-- | core/helpers/core_installer.php | 1 | ||||
| -rw-r--r-- | installer/install.sql | 14 | ||||
| -rw-r--r-- | modules/server_add/controllers/server_add.php | 1 | ||||
| -rw-r--r-- | modules/server_add/helpers/server_add_task.php | 1 |
6 files changed, 17 insertions, 10 deletions
diff --git a/core/controllers/albums.php b/core/controllers/albums.php index adf59c02..6b976163 100644 --- a/core/controllers/albums.php +++ b/core/controllers/albums.php @@ -75,7 +75,7 @@ class Albums_Controller extends Items_Controller { * @see REST_Controller::_create($resource) */ public function _create($album) { - access::required("edit", $album); + access::required("add", $album); switch ($this->input->post("type")) { case "album": @@ -90,7 +90,7 @@ class Albums_Controller extends Items_Controller { } private function _create_album($album) { - access::required("edit", $album); + access::required("add", $album); $form = album::get_add_form($album); if ($form->validate()) { @@ -117,7 +117,7 @@ class Albums_Controller extends Items_Controller { } private function _create_photo($album) { - access::required("edit", $album); + access::required("add", $album); // If we set the content type as JSON, it triggers saving the result as // a document in the browser (well, in Chrome at least). @@ -185,7 +185,7 @@ class Albums_Controller extends Items_Controller { */ public function _form_add($album_id) { $album = ORM::factory("item", $album_id); - access::required("edit", $album); + access::required("add", $album); switch ($this->input->get("type")) { case "album": diff --git a/core/controllers/simple_uploader.php b/core/controllers/simple_uploader.php index 479082d5..8d8bbbc0 100644 --- a/core/controllers/simple_uploader.php +++ b/core/controllers/simple_uploader.php @@ -33,7 +33,7 @@ class Simple_Uploader_Controller extends Controller { public function add_photo($id) { $album = ORM::factory("item", $id); - access::required("edit", $album); + access::required("add", $album); access::verify_csrf(); $file_validation = new Validation($_FILES); diff --git a/core/helpers/core_installer.php b/core/helpers/core_installer.php index a933762a..724c0b92 100644 --- a/core/helpers/core_installer.php +++ b/core/helpers/core_installer.php @@ -192,6 +192,7 @@ class core_installer { access::register_permission("view", "View"); access::register_permission("view_full", "View Full Size"); access::register_permission("edit", "Edit"); + access::register_permission("add", "Add"); $root = ORM::factory("item"); $root->type = "album"; diff --git a/installer/install.sql b/installer/install.sql index 9a356e7d..62240b50 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -6,12 +6,14 @@ CREATE TABLE {access_caches} ( `item_id` int(9) default NULL, `view_full_1` smallint(6) NOT NULL default '0', `edit_1` smallint(6) NOT NULL default '0', + `add_1` smallint(6) NOT NULL default '0', `view_full_2` smallint(6) NOT NULL default '0', `edit_2` smallint(6) NOT NULL default '0', + `add_2` smallint(6) NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {access_caches} VALUES (1,1,1,0,1,0); +INSERT INTO {access_caches} VALUES (1,1,1,0,0,1,0,0); DROP TABLE IF EXISTS {access_intents}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; @@ -21,13 +23,15 @@ CREATE TABLE {access_intents} ( `view_1` tinyint(1) default NULL, `view_full_1` tinyint(1) default NULL, `edit_1` tinyint(1) default NULL, + `add_1` tinyint(1) default NULL, `view_2` tinyint(1) default NULL, `view_full_2` tinyint(1) default NULL, `edit_2` tinyint(1) default NULL, + `add_2` tinyint(1) default NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {access_intents} VALUES (1,1,1,1,0,1,1,0); +INSERT INTO {access_intents} VALUES (1,1,1,1,0,0,1,1,0,0); DROP TABLE IF EXISTS {comments}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; @@ -226,9 +230,9 @@ CREATE TABLE {permissions} ( `display_name` varchar(64) default NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {permissions} VALUES (1,'view','View'),(2,'view_full','View Full Size'),(3,'edit','Edit'); +INSERT INTO {permissions} VALUES (1,'view','View'),(2,'view_full','View Full Size'),(3,'edit','Edit'),(4,'add','Add'); DROP TABLE IF EXISTS {search_records}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; @@ -328,4 +332,4 @@ CREATE TABLE {vars} ( UNIQUE KEY `module_name` (`module_name`,`name`) ) ENGINE=InnoDB AUTO_INCREMENT=12 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {vars} VALUES (1,'core','active_site_theme','default'),(2,'core','active_admin_theme','admin_default'),(3,'core','page_size','9'),(4,'core','thumb_size','200'),(5,'core','resize_size','640'),(6,'core','default_locale','en_US'),(7,'core','blocks_dashboard_sidebar','a:4:{i:531020499;a:2:{i:0;s:4:\"core\";i:1;s:11:\"block_adder\";}i:1479562888;a:2:{i:0;s:4:\"core\";i:1;s:5:\"stats\";}i:1168271687;a:2:{i:0;s:4:\"core\";i:1;s:13:\"platform_info\";}i:1586054560;a:2:{i:0;s:4:\"core\";i:1;s:12:\"project_news\";}}'),(8,'core','blocks_dashboard_center','a:4:{i:691719060;a:2:{i:0;s:4:\"core\";i:1;s:7:\"welcome\";}i:540620474;a:2:{i:0;s:4:\"core\";i:1;s:12:\"photo_stream\";}i:1948724228;a:2:{i:0;s:4:\"core\";i:1;s:11:\"log_entries\";}i:1518099168;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(9,'core','version','3.0 pre-beta svn'),(10,'core','choose_default_tookit','1'),(11,'comment','spam_caught','0'); +INSERT INTO {vars} VALUES (1,'core','active_site_theme','default'),(2,'core','active_admin_theme','admin_default'),(3,'core','page_size','9'),(4,'core','thumb_size','200'),(5,'core','resize_size','640'),(6,'core','default_locale','en_US'),(7,'core','blocks_dashboard_sidebar','a:4:{i:1712034437;a:2:{i:0;s:4:\"core\";i:1;s:11:\"block_adder\";}i:283628656;a:2:{i:0;s:4:\"core\";i:1;s:5:\"stats\";}i:1436662733;a:2:{i:0;s:4:\"core\";i:1;s:13:\"platform_info\";}i:1831514378;a:2:{i:0;s:4:\"core\";i:1;s:12:\"project_news\";}}'),(8,'core','blocks_dashboard_center','a:4:{i:186640350;a:2:{i:0;s:4:\"core\";i:1;s:7:\"welcome\";}i:1060186635;a:2:{i:0;s:4:\"core\";i:1;s:12:\"photo_stream\";}i:769529551;a:2:{i:0;s:4:\"core\";i:1;s:11:\"log_entries\";}i:1182339620;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(9,'core','version','3.0 pre-beta svn'),(10,'core','choose_default_tookit','1'),(11,'comment','spam_caught','0'); diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 8d3986b0..7cb9a9e2 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -23,6 +23,7 @@ class Server_Add_Controller extends Controller { $item = ORM::factory("item", $id); access::required("server_add", $item); + access::required("add", $item); $view = new View("server_add_tree_dialog.html"); $view->action = url::site("__ARGS__/{$id}__TASK_ID__?csrf=" . access::csrf_token()); diff --git a/modules/server_add/helpers/server_add_task.php b/modules/server_add/helpers/server_add_task.php index 3ed770e8..e3e22ab4 100644 --- a/modules/server_add/helpers/server_add_task.php +++ b/modules/server_add/helpers/server_add_task.php @@ -32,6 +32,7 @@ class server_add_task_Core { $file = $context["files"][$path][$context["position"]]; $parent = ORM::factory("item", $file["parent_id"]); access::required("server_add", $parent); + access::required("add", $parent); if (!$parent->is_album()) { throw new Exception("@todo BAD_ALBUM"); } |