summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/gallery/helpers/access.php17
-rw-r--r--modules/gallery/tests/Access_Helper_Test.php42
2 files changed, 3 insertions, 56 deletions
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 79394d35..8c6f5d54 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -95,24 +95,13 @@ class access_Core {
return false;
}
- if ($user->admin) {
+ if ($user->admin && $item->owner_id == $user->id) {
return true;
}
- print "Before owner id check\n";
- if ($item->owner_id == $user->id &&
- in_array($perm_name, array("view_full", "edit", "add"))) {
- return true;
- }
-
- if ($perm_name == "view") {
- $resource = $item->owner_id == $user->id ? $item->parent() : $item;
- } else {
- $resource = model_cache::get("access_cache", $item->id, "item_id");
- }
- print Kohana::debug($resource->as_array()) . "\n";
+ $resource = $perm_name == "view" ?
+ $item : model_cache::get("access_cache", $item->id, "item_id");
foreach ($user->groups as $group) {
- print "$group->name\n";
if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) {
return true;
}
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index 737ed8a6..59cec453 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -101,48 +101,6 @@ class Access_Helper_Test extends Unit_Test_Case {
$this->assert_false(access::user_can($user, "view", $item), "Should be unable to view");
}
- public function owner_can_view_album_test() {
- $user = user::create("access_test", "Access Test", "");
- foreach ($user->groups as $group) {
- $user->remove($group);
- }
- $user->save();
-
- $root = ORM::factory("item", 1);
- $item = album::create($root, rand(), "test album", $user->id);
-
- $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
- }
-
- public function owner_can_view_photo_test() {
- $user = user::create("access_test", "Access Test", "");
- foreach ($user->groups as $group) {
- $user->remove($group);
- }
- $user->save();
-
- $root = ORM::factory("item", 1);
- $album = album::create($root, rand(), "test album", $user->id);
- $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
-
- $this->assert_true(access::user_can($user, "view", $item), "Should be able to view");
- }
-
- public function owner_cant_view_photo_test() {
- $user = user::create("access_test", "Access Test", "");
- foreach ($user->groups as $group) {
- $user->remove($group);
- }
- $user->save();
-
- $root = ORM::factory("item", 1);
- $album = album::create($root, rand(), "test album");
- access::deny(group::everybody(), "view", $album);
- $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id);
-
- $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view");
- }
-
public function adding_and_removing_items_adds_ands_removes_rows_test() {
$root = ORM::factory("item", 1);
$item = album::create($root, rand(), "test album");
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 06:58:24 +0000