7 files changed, 61 insertions, 23 deletions

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 949aea84..fbe0b550 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -99,8 +99,16 @@ class access_Core {
       return true;
     }
 
-    $resource = $perm_name == "view" ?
-      $item : model_cache::get("access_cache", $item->id, "item_id");
+    if ($item->owner_id == $user->id  &&
+        in_array($perm_name, array("view_full", "edit", "add"))) {
+      return true;
+    }
+
+    if ($perm_name == "view") {
+      $resource = $item->owner_id == $user->id ? $item->parent() : $item;
+    } else {
+      $resource = model_cache::get("access_cache", $item->id, "item_id");
+    }
     foreach ($user->groups as $group) {
       if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
         return true;
diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 0263e0e1..f146bfb3 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -104,6 +104,7 @@ class album_Core {
     $group->textarea("description")->label(t("Description"))->value($parent->description);
     if ($parent->id != 1) {
       $group->input("dirname")->label(t("Directory Name"))->value($parent->name)
+        ->rules("required")
         ->callback("item::validate_no_slashes")
         ->error_messages("no_slashes", t("The directory name can't contain a \"/\""))
         ->callback("item::validate_no_trailing_period")
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index d9dd88f5..45561380 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -38,31 +38,17 @@ class Item_Model extends ORM_MPTT {
       if (user::active()->admin) {
         $this->view_restrictions = array();
       } else {
+        $this->view_restrictions["owner_id"] = user::active()->id;
         foreach (user::group_ids() as $id) {
-          // Separate the first restriction from the rest to make it easier for us to formulate
-          // our where clause below
-          if (empty($this->view_restrictions)) {
-            $this->view_restrictions[0] = "view_$id";
-          } else {
-            $this->view_restrictions[1]["view_$id"] = access::ALLOW;
-          }
+          $this->view_restrictions["view_$id"] = access::ALLOW;
         }
       }
     }
-    switch (count($this->view_restrictions)) {
-    case 0:
-      break;
 
-    case 1:
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      break;
-
-    default:
+    if (!empty($this->view_restrictions)) {
       $this->open_paren();
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      $this->orwhere($this->view_restrictions[1]);
+      $this->orwhere($this->view_restrictions);
       $this->close_paren();
-      break;
     }
 
     return $this;
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 59cec453..737ed8a6 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -101,6 +101,48 @@ class Access_Helper_Test extends Unit_Test_Case {
     $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view");
   }
 
+  public function owner_can_view_album_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $item = album::create($root,  rand(), "test album", $user->id);
+
+    $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
+  }
+
+  public function owner_can_view_photo_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $album = album::create($root,  rand(), "test album", $user->id);
+    $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
+
+    $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
+  }
+
+  public function owner_cant_view_photo_test() {
+    $user = user::create("access_test", "Access Test", "");
+    foreach ($user->groups as $group) {
+      $user->remove($group);
+    }
+    $user->save();
+
+    $root = ORM::factory("item", 1);
+    $album = album::create($root,  rand(), "test album");
+    access::deny(group::everybody(), "view", $album);
+    $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
+
+    $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view");
+  }
+
   public function adding_and_removing_items_adds_ands_removes_rows_test() {
     $root = ORM::factory("item", 1);
     $item = album::create($root,  rand(), "test album");
diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php
index 58034900..bf60978d 100644
--- a/modules/tag/helpers/tag_event.php
+++ b/modules/tag/helpers/tag_event.php
@@ -72,7 +72,7 @@ class tag_event_Core {
                          );
                       });";
     $tag_value = implode("; ", tag::item_tags($item));
-    $view->form->edit_item->input("tags")->label(t("Tags (separate by , or ;)"))
+    $view->form->edit_item->input("tags")->label(t("Tags (comma or semicolon separated)"))
       ->value($tag_value);
   }
 
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 0a0086ff..043a4ee5 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -130,6 +130,7 @@ class Admin_Users_Controller extends Controller {
         $user->password = $form->edit_user->password->value;
       }
       $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
       if ($form->edit_user->locale) {
         $desired_locale = $form->edit_user->locale->value;
         $user->locale = $desired_locale == "none" ? null : $desired_locale;
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index a153ab69..b1722a1e 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -37,7 +37,7 @@ class user_Core {
     $group->submit("")->value(t("Save"));
     $form->add_rules_from($user);
 
-    module::event("user_edit_form", $user);
+    module::event("user_edit_form", $user, $form);
     return $form;
   }
 
@@ -59,7 +59,7 @@ class user_Core {
     $form->add_rules_from($user);
     $form->edit_user->password->rules("-required");
 
-    module::event("user_edit_form_admin", $user);
+    module::event("user_edit_form_admin", $user, $form);
     return $form;
   }