5 files changed, 443 insertions, 5 deletions

diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php
index fa6d1dd3..74a08c77 100644
--- a/modules/gallery/libraries/Admin_View.php
+++ b/modules/gallery/libraries/Admin_View.php
@@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_admin_theme");
-    if (user::active()->admin) {
+    if (Session::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->sidebar = "";
     $this->set_global("theme", $this);
-    $this->set_global("user", user::active());
+    $this->set_global("user", Session::active_user());
   }
 
   public function admin_menu() {
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
new file mode 100644
index 00000000..1dd5d23b
--- /dev/null
+++ b/modules/gallery/libraries/Identity.php
@@ -0,0 +1,222 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+/**
+ * Provides a driver-based interface for managing users and groups.
+ */
+class Identity_Core {
+  protected static $instance;
+
+  protected static $active;
+
+  // Configuration
+  protected $config;
+
+  // Driver object
+  protected $driver;
+
+  /**
+   * Returns a singleton instance of Identity.
+   * There can only be one Identity driver configured at a given point
+   *
+   * @param   string  configuration
+   * @return  Identity_Core
+   */
+  static function & instance() {
+   if (!isset(self::$instance)) {
+      // Create a new instance
+      self::$instance = new Identity();
+    }
+
+    return self::$instance;
+  }
+
+  /**
+   * Returns a singleton instance of Identity.
+   * There can only be one Identity driver configured at a given point
+   *
+   * @param   string  configuration
+   * @return  Identity_Core
+   */
+  static function reset() {
+    self::$instance = new Identity();
+  }
+
+  /**
+   * Loads the configured driver and validates it.
+   *
+   * @return  void
+   */
+  public function __construct() {
+    $config = module::get_var("gallery", "identity_provider", "user");
+
+    // Test the config group name
+    if (($this->config = Kohana::config("identity.".$config)) === NULL) {
+      throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config");
+    }
+
+    // Set driver name
+    $driver = "Identity_".ucfirst($this->config["driver"])."_Driver";
+
+    // Load the driver
+    if ( ! Kohana::auto_load($driver)) {
+      throw new Kohana_Exception("core.driver_not_found", $this->config["driver"],
+                                 get_class($this));
+    }
+
+    // Initialize the driver
+    $this->driver = new $driver($this->config["params"]);
+
+    // Validate the driver
+    if ( !($this->driver instanceof Identity_Driver)) {
+      throw new Kohana_Exception("core.driver_implements", $this->config["driver"],
+                                 get_class($this), "Identity_Driver");
+    }
+
+    Kohana::log("debug", "Identity Library initialized");
+  }
+
+  /**
+   * Return a list of installed Identity Drivers.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  static function providers() {
+    if (empty(self::$active)) {
+      $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
+      foreach (module::active() as $module) {
+        $module_name = $module->name;
+        if (file_exists(MODPATH . "{$module->name}/config/identity.php") &&
+            ($info = module::info($module_name))) {
+          $drivers->$module_name = $info->description;
+        }
+      }
+      self::$active = $drivers;
+    }
+    return self::$active;
+  }
+
+  /**
+   * @see Identity_Driver::activate.
+   */
+  static function activate() {
+    self::instance()->driver->activate();
+  }
+
+  /**
+   * @see Identity_Driver::deactivate.
+   */
+  static function deactivate() {
+    self::instance()->driver->deactivate();
+  }
+
+  /**
+   * Determine if if the current driver supports updates.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  static function is_writable() {
+    return !empty(self::instance()->config["allow_updates"]);
+  }
+
+  /**
+   * @see Identity_Driver::guest.
+   */
+  static function guest() {
+    return self::instance()->driver->guest();
+  }
+
+  /**
+   * @see Identity_Driver::create_user.
+   */
+  static function create_user($name, $full_name, $password) {
+    return self::instance()->driver->create_user($name, $full_name, $password);
+  }
+
+  /**
+   * @see Identity_Driver::is_correct_password.
+   */
+  static function is_correct_password($user, $password) {
+    return self::instance()->driver->is_correct_password($user, $password);
+  }
+
+  /**
+   * @see Identity_Driver::lookup_user.
+   */
+  static function lookup_user($id) {
+    return self::instance()->driver->lookup_user($id);
+  }
+
+  /**
+   * @see Identity_Driver::lookup_user_by_name.
+   */
+  static function lookup_user_by_name($name) {
+    return self::instance()->driver->lookup_user_by_name($name);
+  }
+
+  /**
+   * @see Identity_Driver::create_group.
+   */
+  static function create_group($name) {
+    return self::instance()->driver->create_group($name);
+  }
+
+  /**
+   * @see Identity_Driver::everybody.
+   */
+  static function everybody() {
+    return self::instance()->driver->everybody();
+  }
+
+  /**
+   * @see Identity_Driver::registered_users.
+   */
+  static function registered_users() {
+    return self::instance()->driver->everybody();
+  }
+
+  /**
+   * @see Identity_Driver::lookup_group.
+   */
+  static function lookup_group($id) {
+    return self::instance()->driver->lookup_group($id);
+  }
+
+  /**
+   * @see Identity_Driver::lookup_group_by_name.
+   */
+  static function lookup_group_by_name($name) {
+    return self::instance()->driver->lookup_group_by_name($name);
+  }
+
+  /**
+   * @see Identity_Driver::get_user_list.
+   */
+  static function get_user_list($ids) {
+    return self::instance()->driver->get_user_list($ids);
+  }
+
+  /**
+   * @see Identity_Driver::groups.
+   */
+  static function groups() {
+    return self::instance()->driver->groups();
+  }
+} // End Identity
diff --git a/modules/gallery/libraries/MY_Session.php b/modules/gallery/libraries/MY_Session.php
new file mode 100644
index 00000000..1a3ae801
--- /dev/null
+++ b/modules/gallery/libraries/MY_Session.php
@@ -0,0 +1,93 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class Session extends Session_Core {
+  /**
+   * Make sure that we have a session and group_ids cached in the session.
+   */
+  static function load_user() {
+    try {
+      $session = Session::instance();
+      if (!($user = $session->get("user"))) {
+        $session->set("user", $user = Identity::guest());
+      }
+
+      // The installer cannot set a user into the session, so it just sets an id which we should
+      // upconvert into a user.
+      // @todo set the user name into the session instead of 2 and then use it to get the user object
+      if ($user === 2) {
+        $user = Instance::lookup_user_by_name("admin");
+        self::set_active_user($user);
+        $session->set("user", $user);
+      }
+
+      if (!$session->get("group_ids")) {
+        $ids = array();
+        foreach ($user->groups as $group) {
+          $ids[] = $group->id;
+        }
+        $session->set("group_ids", $ids);
+      }
+    } catch (Exception $e) {
+      try {
+        Session::instance()->destroy();
+      } catch (Exception $e) {
+        // We don't care if there was a problem destroying the session.
+      }
+      url::redirect(item::root()->abs_url());
+    }
+  }
+
+  /**
+   * Return the array of group ids this user belongs to
+   *
+   * @return array
+   */
+  static function group_ids_for_active_user() {
+    return self::instance()->get("group_ids", array(1));
+  }
+
+  /**
+   * Return the active user.  If there's no active user, return the guest user.
+   *
+   * @return User_Definition
+   */
+  static function active_user() {
+    // @todo (maybe) cache this object so we're not always doing session lookups.
+    $user = self::instance()->get("user", null);
+    if (!isset($user)) {
+      // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+      // work.
+      $user = Identity::guest();
+    }
+    return $user;
+  }
+
+  /**
+   * Change the active user.
+   * @param User_Definition $user
+   */
+  static function set_active_user($user) {
+    $session = Session::instance();
+    $session->set("user", $user);
+    $session->delete("group_ids");
+    self::load_user();
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php
index cba436e8..2fdc7531 100644
--- a/modules/gallery/libraries/Theme_View.php
+++ b/modules/gallery/libraries/Theme_View.php
@@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View {
     parent::__construct($name);
 
     $this->theme_name = module::get_var("gallery", "active_site_theme");
-    if (user::active()->admin) {
+    if (Session::active_user()->admin) {
       $this->theme_name = Input::instance()->get("theme", $this->theme_name);
     }
     $this->item = null;
     $this->tag = null;
     $this->set_global("theme", $this);
-    $this->set_global("user", user::active());
+    $this->set_global("user", Session::active_user());
     $this->set_global("page_type", $page_type);
     $this->set_global("page_title", null);
     if ($page_type == "album") {
@@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View {
    */
   public function sidebar_blocks() {
     $sidebar = block_manager::get_html("site.sidebar", $this);
-    if (empty($sidebar) && user::active()->admin) {
+    if (empty($sidebar) && Session::active_user()->admin) {
       $sidebar = new View("no_sidebar.html");
     }
     return $sidebar;
diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php
new file mode 100644
index 00000000..39b2a9c7
--- /dev/null
+++ b/modules/gallery/libraries/drivers/Identity.php
@@ -0,0 +1,123 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+interface Identity_Driver {
+  /**
+   * Initialize the provider so it is ready to use
+   */
+  public function activate();
+
+  /**
+   * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver
+   */
+  public function deactivate();
+
+  /**
+   * Return the guest user.
+   *
+   * @return User_Definition the user object
+   */
+  public function guest();
+
+  /**
+   * Create a new user.
+   *
+   * @param string  $name
+   * @param string  $full_name
+   * @param string  $password
+   * @return User_Definition the user object
+   */
+  public function create_user($name, $full_name, $password);
+
+  /**
+   * Is the password provided correct?
+   *
+   * @param user User_Definition the user object
+   * @param string $password a plaintext password
+   * @return boolean true if the password is correct
+   */
+  public function is_correct_password($user, $password);
+
+  /**
+   * Look up a user by id.
+   * @param integer     id
+   * @return User_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_user($id);
+
+  /**
+   * Look up a user by name.
+   * @param string      name
+  * @return User_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_user_by_name($name);
+
+  /**
+   * Create a new group.
+   *
+   * @param string  $name
+   * @return Group_Definition the group object
+   */
+  public function create_group($name);
+
+  /**
+   * The group of all possible visitors.  This includes the guest user.
+   *
+   * @return Group_Definition the group object
+   */
+  public function everybody();
+
+  /**
+   * The group of all logged-in visitors.  This does not include guest users.
+   *
+   * @return Group_Definition the group object
+   */
+  public function registered_users();
+
+  /**
+   * List the users
+   * @param array      array of ids to return the user objects for
+   * @return array     the user list.
+   */
+  public function get_user_list($ids);
+
+  /**
+   * Look up a group by id.
+   * @param integer     id
+   * @return Group_Definition the user object, or null if the name was invalid.
+   */
+  public function lookup_group($id);
+
+  /**
+   * Look up the group by name.
+   * @param string     $name the name of the group to locate
+   * @return Group_Definition
+   */
+  public function lookup_group_by_name($name);
+
+  /**
+   * List the groups defined in the Identity Provider
+   */
+  public function groups();
+
+} // End Identity Driver Definition
+
+interface Group_Definition {}
+
+interface User_Definition {}