| Age | Commit message (Collapse) | Author |
|---|
|
grotty looking stuff in themes.
|
|
interface.
|
|
|
|
yet, but it shows you which items have locked view perms.
|
|
|
|
the isAdmin bit at creation time.
|
|
toolkit we use. We only allow users to use one toolkit. The UI needs
work!
|
|
directly help since text/html works just as well for our JSON communications
|
|
|
|
|
|
admin more control. You can now track running tasks, resume stalled
tasks, cancel running tasks, and remove finished tasks.
Added graphics::compose() as a placeholder for future watermark
operations.
Added CSRF protection to maintenance urls.
|
|
the database. They're started with admin/maintenance/start/[task_name]
which sends down some JS/HTML which regularly pings the task at
admin/maintenance/start/[task_id] until its done.
The UI is still very rough. It works, though!
|
|
|
|
|
|
1) they now have their own matching severity constants
2) they both have convenience functions success(), info(), warning() and error()
3) they both have severity_class()
|
|
into Admin_Controller::__call() again
|
|
invalid left/right pointers.
|
|
communicate. Almost all controllers now use JSON to speak to the
theme when we're dealing with form processing. This means tht we only
send the form back and forth, but we use a JSON protocol to tell the
browser success/error status as well as the location of any newly
created resources, or where the browser should redirect the user.
Lots of small changes:
1) Admin -> Edit Profile is gone. Instead I fixed the "Modify Profile" link
in the top right corner to be a modal dialog
2) We use json_encode everywhere. No more Atom/XML for now. We can bring those
back later, though. For now there's a lot of code duplication but that'll be
easy to clean up.
3) REST_Controller is no longer abstract. All methods its subclasses should create
throw exceptions, which means that subclasses don't have to implement stubs for
those methods.
4) New pattern: helper method get_add_form calls take an Item_Model,
not an id since we have to load the Item_Model in the controller
anyway to check permissions.
5) User/Groups REST resources are separate from User/Group in the site
admin. They do different things, we should avoid confusing overlap.
|
|
|
|
their results, as opposed to having them return their view back
upstream. This is a little more code in every controller, but it's
much less magical and more consistent.
Look up the active_theme and active_admin_theme inside the view
itself, no need to do that in the controllers. This makes view
initialization easier in the controllers.
|
|
1) Deleted in-place-editing. We'll be replacing this with a real edit
system that groups settings together and is more coherent.
2) Tweaked the way that dialog boxes work to get the ajax stuff working
again. It's imperfect and does not work properly for uploading images.
This is going to get redone also, but this is a good resting point.
3) Created edit forms for albums and photos. Moved _update and _create out
of Items_Controller and into the individual subclasses.
4) Created access::required which is a shorthand for:
if (!access::can(...)) {
access::forbidden();
}
5) Added validation rules to Items_Model
6) Converted login to use the regular modal dialog approach in the theme.
|
|
1) If the create request is Ajax, then return a 201 Created response code
2) If we receive back a 201 response, then switch to the new page.
3) Display a status message when we do an upload.
|
|
|
|
instead of ids.
|
|
Track a set of rules in Graphics_Rule_Model which specify how we turn
original images into thumbnails and resizes. There's one set of rules
that applies to every image in the Gallery.
Track the state of thumbs and resizes with a "dirty" bit. The new
graphics helper manages the rules and can rebuild the thumbs and
resizes for any images that are considered "dirty".
Introduce the concept of an "album cover" which is an item that an
album points to. We'll use that item as the source for the album's
thumbnail/resize.
Conflated with this change (sorry!) I also changed the Var table to
use module_name instead of module_id. This may be marginally less
efficient, but it's much easier to follow in the database.
|
|
module install/uninstall work and tie it into the messaging system.
|
|
libraries that would ship with the core.
Refactor welcome.php to use the newly refactored module::available()
|
|
place for it, but it'll do for now.
Do CSRF checking in the Admin controller so that we're safe across the
board on the admin side.
|
|
admin/modules/save
|
|
Each module now has a "module.info" file that has information about
the module, including the core. We can display the installed version,
and the version in the code.
Also take a first shot at a modules admin page.
|
|
|
|
|
|
|
|
|
|
all dashboard blocks are stored in modules.
|
|
|
|
1) They must all start with "admin_". This pattern is not directly
routable.
2) Their urls must be /admin/xxx.
3) The Admin_Controller will take the xxx and look for Admin_Xxx_Controller
and will delegate to that admin controller, after doing security checks.
Moved the users and dashboard views into individual modules for now.
|
|
|
|
|
|
just items viewable by the active user. Ie:
ORM::factory("item")
->where("name", "foo")
->find_all()
Would get all items with the name "foo".
ORM::factory("item")
->viewable()
->where("name", "foo")
->find_all()
Restricts it to just the set of items that the user is allowed to see.
|
|
sessions; it encodes all the value into the cookie which means
little/no security, transfer costs, and storage limits.
|
|
Instead, use the level and the name to get a short list of candidates,
and check each one of those. In most cases, this query should give us
the right result the first time.
|
|
because the leading underscore confuses the Kohana router.
|
|
Item_Model and simplifies
file_proxy. It also means we can stop munging file names in the var/resizes hierarchy.
In the process, rename "thumbnail" to "thumb" everywhere in honor of
Chad (well, ok because it's shorter)..
|
|
protection on var/albums and var/resizes and only displays files to
the user if they have "view" permission on the base ite.
|
|
2) The set watermark dialog is now sizing properly. @todo is recenter in the window
|
|
resulting in
loading all photos in an album on a single page and updating the var on every page load.
|
|
Now you must call ORM::save() after ORM::add() and ORM::remove().
|
|
|
|
o Copy all the assets from default to default_admin so that they're
totally separate
o Get rid of $item_theme
o Rename list_users.html.php to users.html.php
o use __call in admin controller to allow us to load any admin page
|
