summaryrefslogtreecommitdiff
path: root/core/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'core/helpers')
-rw-r--r--core/helpers/access.php46
-rw-r--r--core/helpers/core_installer.php3
-rw-r--r--core/helpers/core_menu.php9
3 files changed, 18 insertions, 40 deletions
diff --git a/core/helpers/access.php b/core/helpers/access.php
index ad62595d..82325900 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -84,8 +84,7 @@ class access_Core {
throw new Exception("@todo MISSING_ACCESS for $item->id");
}
- $group_id = $group ? $group->id : 0;
- return $access->__get("{$perm_name}_$group_id") === self::ALLOW;
+ return $access->__get("{$perm_name}_{$group->id}") === self::ALLOW;
}
/**
@@ -96,25 +95,17 @@ class access_Core {
* @return boolean
*/
public static function can($perm_name, $item) {
- $user = Session::instance()->get("user", null);
- if ($user) {
- $access = ORM::factory("access_cache")->where("item_id", $item->id)->find();
- if (!$access) {
- throw new Exception("@todo MISSING_ACCESS for $item->id");
- }
+ $access = ORM::factory("access_cache")->where("item_id", $item->id)->find();
+ if (!$access) {
+ throw new Exception("@todo MISSING_ACCESS for $item->id");
+ }
- if ($access->view_0 == self::ALLOW) {
+ foreach (user::active()->groups as $group) {
+ if ($access->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
return true;
}
- foreach ($user->groups as $group) {
- if ($access->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
- return true;
- }
- }
- return false;
- } else {
- return self::group_can(group::EVERYBODY, $perm_name, $item);
}
+ return false;
}
/**
@@ -132,8 +123,7 @@ class access_Core {
throw new Exception("@todo MISSING_ACCESS for $item->id");
}
- $group_id = $group ? $group->id : 0;
- $access->__set("{$perm_name}_$group_id", $value);
+ $access->__set("{$perm_name}_{$group->id}", $value);
$access->save();
if ($perm_name =="view") {
@@ -199,7 +189,6 @@ class access_Core {
foreach (self::_get_all_groups() as $group) {
self::_add_columns($perm_name, $group);
}
- self::_add_columns($perm_name, null);
}
/**
@@ -212,7 +201,6 @@ class access_Core {
foreach (self::_get_all_groups() as $group) {
self::_drop_columns($name, $group);
}
- self::_drop_columns($name, null);
$permission = ORM::factory("permission")->where("name", $name)->find();
if ($permission->loaded) {
$permission->delete();
@@ -264,8 +252,6 @@ class access_Core {
$field = "{$perm->name}_{$group->id}";
$access_cache->$field = $parent_access_cache->$field;
}
- $field = "{$perm->name}_0";
- $access_cache->$field = $parent_access_cache->$field;
}
$access_cache->save();
}
@@ -302,9 +288,8 @@ class access_Core {
* @return void
*/
private static function _drop_columns($perm_name, $group) {
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
+ $field = "{$perm_name}_{$group->id}";
$db->query("ALTER TABLE `access_caches` DROP `$field`");
$db->query("ALTER TABLE `access_intents` DROP `$field`");
}
@@ -317,11 +302,11 @@ class access_Core {
* @return void
*/
private static function _add_columns($perm_name, $group) {
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
+ $field = "{$perm_name}_{$group->id}";
$db->query("ALTER TABLE `access_caches` ADD `$field` TINYINT(2) NOT NULL DEFAULT 0");
$db->query("ALTER TABLE `access_intents` ADD `$field` BOOLEAN DEFAULT NULL");
+ $db->query("UPDATE `access_intents` SET `$field` = 0 WHERE `item_id` = 1");
}
/**
@@ -337,9 +322,8 @@ class access_Core {
public static function _update_access_view_cache($group, $item) {
$access = ORM::factory("access_intent")->where("item_id", $item->id)->find();
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "view_$group_id";
+ $field = "view_{$group->id}";
// With view permissions, deny values in the parent can override allow values in the child,
// so start from the bottom of the tree and work upwards overlaying negative on top of
@@ -430,10 +414,8 @@ class access_Core {
public static function _update_access_non_view_cache($group, $perm_name, $item) {
$access = ORM::factory("access_intent")->where("item_id", $item->id)->find();
- $group_id = $group ? $group->id : 0;
$db = Database::instance();
- $field = "{$perm_name}_$group_id";
-
+ $field = "{$perm_name}_{$group->id}";
// If the item's intent is DEFAULT, then we need to back up the chain to find the nearest
// parent with an intent and propagate from there.
diff --git a/core/helpers/core_installer.php b/core/helpers/core_installer.php
index d2c03948..8f24b659 100644
--- a/core/helpers/core_installer.php
+++ b/core/helpers/core_installer.php
@@ -108,10 +108,7 @@ class core_installer {
$root->level = 1;
$root->set_thumbnail(DOCROOT . "core/tests/test.jpg", 200, 150)
->save();
-
access::add_item($root);
- access::allow(0, "view", $root);
- access::deny(0, "edit", $root);
module::set_version("core", 1);
}
diff --git a/core/helpers/core_menu.php b/core/helpers/core_menu.php
index e4a3dd92..69398302 100644
--- a/core/helpers/core_menu.php
+++ b/core/helpers/core_menu.php
@@ -32,9 +32,8 @@ class core_menu_Core {
->url(url::site("albums/1")));
$item = $theme->item();
- $user = Session::instance()->get("user", null);
- if ($user) {
- // @todo need to do a permission check here
+
+ if (access::can("edit", $item)) {
$menu->append(
Menu::factory("submenu")
->id("options_menu")
@@ -50,19 +49,19 @@ class core_menu_Core {
->label(_("Add album"))
->url(url::site("form/add/albums/$item->id"))));
+
$admin_menu = Menu::factory("submenu")
->id("admin_menu")
->label(_("Admin"));
$menu->append($admin_menu);
- // @todo need to do a permission check here
$admin_menu->append(
Menu::factory("dialog")
->id("edit")
->label(_("Edit"))
->url(url::site("form/edit/{$item->type}s/$item->id")));
- if ($user->admin) {
+ if (user::active()->admin) {
$admin_menu->append(
Menu::factory("link")
->id("site_admin")
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 18:30:41 +0000