4 files changed, 57 insertions, 20 deletions

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 949aea84..fbe0b550 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -99,8 +99,16 @@ class access_Core {
       return true;
     }
 
-    $resource = $perm_name == "view" ?
-      $item : model_cache::get("access_cache", $item->id, "item_id");
+    if ($item->owner_id == $user->id  &&
+        in_array($perm_name, array("view_full", "edit", "add"))) {
+      return true;
+    }
+
+    if ($perm_name == "view") {
+      $resource = $item->owner_id == $user->id ? $item->parent() : $item;
+    } else {
+      $resource = model_cache::get("access_cache", $item->id, "item_id");
+    }
     foreach ($user->groups as $group) {
       if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
         return true;
diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 0263e0e1..f146bfb3 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -104,6 +104,7 @@ class album_Core {
     $group->textarea("description")->label(t("Description"))->value($parent->description);
     if ($parent->id != 1) {
       $group->input("dirname")->label(t("Directory Name"))->value($parent->name)
+        ->rules("required")
         ->callback("item::validate_no_slashes")
         ->error_messages("no_slashes", t("The directory name can't contain a \"/\""))
         ->callback("item::validate_no_trailing_period")
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index d9dd88f5..45561380 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -38,31 +38,17 @@ class Item_Model extends ORM_MPTT {
       if (user::active()->admin) {
         $this->view_restrictions = array();
       } else {
+        $this->view_restrictions["owner_id"] = user::active()->id;
         foreach (user::group_ids() as $id) {
-          // Separate the first restriction from the rest to make it easier for us to formulate
-          // our where clause below
-          if (empty($this->view_restrictions)) {
-            $this->view_restrictions[0] = "view_$id";
-          } else {
-            $this->view_restrictions[1]["view_$id"] = access::ALLOW;
-          }
+          $this->view_restrictions["view_$id"] = access::ALLOW;
         }
       }
     }
-    switch (count($this->view_restrictions)) {
-    case 0:
-      break;
 
-    case 1:
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      break;
-
-    default:
+    if (!empty($this->view_restrictions)) {
       $this->open_paren();
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      $this->orwhere($this->view_restrictions[1]);
+      $this->orwhere($this->view_restrictions);
       $this->close_paren();
-      break;
     }
 
     return $this;
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 59cec453..737ed8a6 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -101,6 +101,48 @@ class Access_Helper_Test extends Unit_Test_Case {
     $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view");
   }
 
+  public function owner_can_view_album_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $item = album::create($root,  rand(), "test album", $user->id);
+
+    $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
+  }
+
+  public function owner_can_view_photo_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $album = album::create($root,  rand(), "test album", $user->id);
+    $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
+
+    $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
+  }
+
+  public function owner_cant_view_photo_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $album = album::create($root,  rand(), "test album");
+    access::deny(group::everybody(), "view", $album);
+    $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
+
+    $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view");
+  }
+
   public function adding_and_removing_items_adds_ands_removes_rows_test() {
     $root = ORM::factory("item", 1);
     $item = album::create($root,  rand(), "test album");