gallery3.git - A clone of the Gallery3 code for testing and development.

Age	Commit message (Collapse)	Author
2009-01-14	Make sure that helper functions are all static. Add new	Bharat Mediratta
	File_Structure_Test to make sure we don't regress. According to the PHP docs, the "public" keyword is implied on static functions, so remove it. Also, require private static functions to start with an _. http://php.net/manual/en/language.oop5.visibility.php
2009-01-01	Allow admins to do anything	Bharat Mediratta

2008-12-31	Extend permissions interface to allow resetting to the parental default.	Bharat Mediratta

2008-12-31	Preliminary "Edit Permissions" dialog. You can't change permissions	Bharat Mediratta
	yet, but it shows you which items have locked view perms.
2008-12-31	Fix a bug where we were accidentally allowing view permissions when	Bharat Mediratta
	allowing or resetting permission further down in the tree. This bug was introduced when I refactored the view permission cache into the items table. Updated test to catch it.
2008-12-31	Fully implement the view_full permission.	Bharat Mediratta

2008-12-30	Oops, remove some debug code.	Bharat Mediratta

2008-12-30	Fix a bug. Unit tests ftw!	Bharat Mediratta

2008-12-30	Refactor _create_htaccess_files and _delete_htaccess_files into	Bharat Mediratta
	_update_htaccess_files in preparation for supporting the view_full permission.
2008-12-30	Fix typo.	Bharat Mediratta

2008-12-28	Expand on the maintenance code to make it more robust and give the	Bharat Mediratta
	admin more control. You can now track running tasks, resume stalled tasks, cancel running tasks, and remove finished tasks. Added graphics::compose() as a placeholder for future watermark operations. Added CSRF protection to maintenance urls.
2008-12-24	Lots of deltas rolled up into a bigger change. Sorry for the mess.	Bharat Mediratta
	1) Deleted in-place-editing. We'll be replacing this with a real edit system that groups settings together and is more coherent. 2) Tweaked the way that dialog boxes work to get the ajax stuff working again. It's imperfect and does not work properly for uploading images. This is going to get redone also, but this is a good resting point. 3) Created edit forms for albums and photos. Moved _update and _create out of Items_Controller and into the individual subclasses. 4) Created access::required which is a shorthand for: if (!access::can(...)) { access::forbidden(); } 5) Added validation rules to Items_Model 6) Converted login to use the regular modal dialog approach in the theme.
2008-12-22	Normalize CSRF handling into the access helper. Probably not the best	Bharat Mediratta
	place for it, but it'll do for now. Do CSRF checking in the Admin controller so that we're safe across the board on the admin side.
2008-12-19	Add access::forbidden()	Bharat Mediratta

2008-12-19	Delete the var/thumbs .htaccess files, too.	Bharat Mediratta

2008-12-17	Add initialization to the user module to put the user and group_ids	Bharat Mediratta
	into the session, for easy access. This cuts down the number of queries when we're loading images through file_proxy.php
2008-12-17	Separate thumbnails out into var/thumbs. This clears up some ambiguity in ↵	Bharat Mediratta
	Item_Model and simplifies file_proxy. It also means we can stop munging file names in the var/resizes hierarchy. In the process, rename "thumbnail" to "thumb" everywhere in honor of Chad (well, ok because it's shorter)..
2008-12-16	Add file_proxy. This is controller gets triggered by .htaccess	Bharat Mediratta
	protection on var/albums and var/resizes and only displays files to the user if they have "view" permission on the base ite.
2008-12-16	Change htaccess rules to use mod_rewrite	Bharat Mediratta

2008-12-16	Various optimizations:	Bharat Mediratta
	o Add model_cache::get() which caches models avoiding duplicate lookups o Stop using ORM relationships for Item_Model::owner so that we can use caching o For Item_Model::xxx_edit fields, don't make them editable for guests o Other minor stuff. These optimizations reduce the number of queries for a 9-photos page from ~200 to ~45. Still way too many!
2008-12-16	Fix a bug where we were not deleting the .htaccess file on access::reset()	Bharat Mediratta

2008-12-16	Create and delete .htaccess files based on the view permissions for	Bharat Mediratta
	the group::everybody() user.
2008-12-16	phpdoc cleanup	Bharat Mediratta

2008-12-16	Permission only function on albums.	Bharat Mediratta

2008-12-13	Fix a bug where parent permissions were not getting inherited to newly	Bharat Mediratta
	created albums and photos.
2008-12-13	Make sure that access::can fails if the item is not loaded	Bharat Mediratta

2008-12-12	Move the view permission cache directly into the item table for efficiency. ↵	Bharat Mediratta
	Unit tests ftw!
2008-12-12	Get rid of all pseudo users and pseudo groups, while preserving all	Bharat Mediratta
	other functionality. This makes our user/group and access code fully consistent.
2008-12-11	Split _update_access_cache into two functions separating view from	Bharat Mediratta
	non-view. This is a step along the path towards moving the view access cache into the item model.
2008-12-10	Fix problem with access::can, where the $item->id was being passed to the ↵	Tim Almdal
	access_group::can method.
2008-12-10	Change all access API methods to take ORMs instead of ids. This will	Bharat Mediratta
	minimize reloading objects from the database.
2008-12-09	Check view permissions before allowing view access to albums/photos.	Bharat Mediratta

2008-12-09	Move code to delete users and add/remove users from groups into the	Bharat Mediratta
	model.
2008-12-09	Add access::can() which verifies that the user belongs to a group that has the	Bharat Mediratta
	given permission.
2008-12-08	Rename access::can() to access::group_can()	Bharat Mediratta

2008-12-07	Finish writing unit tests for Access. No bugs found!	Bharat Mediratta

2008-12-04	Change the startup code to only put installed modules on the autoload	Bharat Mediratta
	path. This breaks a bunch of places where we had hardcoded dependencies, so guard all of those cases. Restructure module::available() a bit and the way that we do install/uninstall in the scaffolding.
2008-12-04	Improvements to access helper.	Bharat Mediratta
	o Rename access::remove_group() to access::delete_group() for consistency. o Wrote more unit tests o Tests found a bug in access::remove_item() .. yay!
2008-12-03	Fix a bug where we weren't actually deleting permissions (hooray for unit ↵	Bharat Mediratta
	tests!)
2008-12-03	Re-enable access_cache propagation now that we've patched the MySQL driver.	Bharat Mediratta

2008-12-03	get rid of a stray space that was breaking the File_Structure_Test	Bharat Mediratta

2008-12-03	Temporarily disable some code to get tests to pass.	Bharat Mediratta

2008-12-03	Fix a bad copy/pasted comment	Bharat Mediratta

2008-12-02	Oops, this was missing from the last fix.	Bharat Mediratta

2008-12-02	Fix a problem in _update_access_cache() where if the intent is	Bharat Mediratta
	default, we weren't properly propagating ALLOW where necessary.
2008-12-01	Add access::reset() so that you can specify your intent to use the	Bharat Mediratta
	parent's permissions. Update scaffolding to demonstrate that it works.
2008-12-01	Add @todos	Bharat Mediratta

2008-12-01	Prototype access control model. There's much left to do, but it's a	Bharat Mediratta
	working implementation.