diff options
Diffstat (limited to 'modules/gallery/helpers')
| -rw-r--r-- | modules/gallery/helpers/gallery.php | 68 |
1 files changed, 39 insertions, 29 deletions
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 2bb55ccb..69aabc4f 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -25,18 +25,27 @@ class gallery_Core { * down for maintenance" page. */ static function maintenance_mode() { - // @todo: we need a mechanism here to identify controllers that are still legally accessible - // when the entire Gallery is in maintenance mode. Perhaps a controller class function or - // method? - // https://sourceforge.net/apps/trac/gallery/ticket/1411 - if (Router::$controller != "login" && - Router::$controller != "combined" && - module::get_var("gallery", "maintenance_mode", 0) && + if (module::get_var("gallery", "maintenance_mode", 0) && !identity::active_user()->admin) { - Session::instance()->set("continue_url", url::abs_site("admin/maintenance")); - Router::$controller = "login"; - Router::$controller_path = MODPATH . "gallery/controllers/login.php"; - Router::$method = "html"; + try { + $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller'); + $allowed = $class->getConstant("ALLOW_MAINTENANCE_MODE") === true; + } catch (ReflectionClass $e) { + $allowed = false; + } + if (!$allowed) { + if (Router::$controller == "admin") { + // At this point we're in the admin theme and it doesn't have a themed login page, so + // we can't just swap in the login controller and have it work. So redirect back to the + // root item where we'll run this code again with the site theme. + url::redirect(item::root()->abs_url()); + } else { + Session::instance()->set("continue_url", url::abs_site("admin/maintenance")); + Router::$controller = "login"; + Router::$controller_path = MODPATH . "gallery/controllers/login.php"; + Router::$method = "html"; + } + } } } @@ -45,26 +54,27 @@ class gallery_Core { * the login page. */ static function private_gallery() { - // @todo: we need a mechanism here to identify controllers that are still legally accessible - // when the entire Gallery is private. Perhaps a controller class function or method? - // https://sourceforge.net/apps/trac/gallery/ticket/1411 - if (Router::$controller != "login" && - Router::$controller != "combined" && - Router::$controller != "digibug" && - Router::$controller != "rest" && - identity::active_user()->guest && + if (identity::active_user()->guest && !access::user_can(identity::guest(), "view", item::root()) && php_sapi_name() != "cli") { - if (Router::$controller == "admin") { - // At this point we're in the admin theme and it doesn't have a themed login page, so - // we can't just swap in the login controller and have it work. So redirect back to the - // root item where we'll run this code again with the site theme. - url::redirect(item::root()->abs_url()); - } else { - Session::instance()->set("continue_url", url::abs_current()); - Router::$controller = "login"; - Router::$controller_path = MODPATH . "gallery/controllers/login.php"; - Router::$method = "html"; + try { + $class = new ReflectionClass(ucfirst(Router::$controller).'_Controller'); + $allowed = $class->getConstant("ALLOW_PRIVATE_GALLERY") === true; + } catch (ReflectionClass $e) { + $allowed = false; + } + if (!$allowed) { + if (Router::$controller == "admin") { + // At this point we're in the admin theme and it doesn't have a themed login page, so + // we can't just swap in the login controller and have it work. So redirect back to the + // root item where we'll run this code again with the site theme. + url::redirect(item::root()->abs_url()); + } else { + Session::instance()->set("continue_url", url::abs_current()); + Router::$controller = "login"; + Router::$controller_path = MODPATH . "gallery/controllers/login.php"; + Router::$method = "html"; + } } } } |