From 59e410bb792cf1d8703c17f9034b681d4114f8fc Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 07:25:34 -0700
Subject: Updated for movieplayer.html.php update

---
 modules/gallery/tests/xss_data.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index e6f3721b..ce2fa2a5 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -237,7 +237,7 @@ modules/gallery/views/move_tree.html.php                     15  DIRTY $child->i
 modules/gallery/views/move_tree.html.php                     15        $child->title
 modules/gallery/views/movieplayer.html.php                   2   DIRTY $item->file_url(true)
 modules/gallery/views/movieplayer.html.php                   2   DIRTY $attrs
-modules/gallery/views/movieplayer.html.php                   4   DIRTY $attrs
+modules/gallery/views/movieplayer.html.php                   5   DIRTY $attrs
 modules/gallery/views/permissions_browse.html.php            15  DIRTY $csrf
 modules/gallery/views/permissions_browse.html.php            37  DIRTY $parent->id
 modules/gallery/views/permissions_browse.html.php            38        $parent->title
-- 
cgit v1.2.3


From 2572e5810f9d66fa39fa97838818a25bf4f393f3 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 07:29:14 -0700
Subject: Updated Kohana to r4468

---
 system/libraries/Database.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/system/libraries/Database.php b/system/libraries/Database.php
index 6267f63a..2039371c 100644
--- a/system/libraries/Database.php
+++ b/system/libraries/Database.php
@@ -2,7 +2,7 @@
 /**
  * Provides database access in a platform agnostic way, using simple query building blocks.
  *
- * $Id: Database.php 4342 2009-05-08 16:56:01Z jheathco $
+ * $Id: Database.php 4438 2009-07-06 04:11:16Z kiall $
  *
  * @package    Core
  * @author     Kohana Team
@@ -1144,7 +1144,12 @@ class Database_Core {
 
 		$query = $this->select('COUNT(*) AS '.$this->escape_column('records_found'))->get()->result(TRUE);
 
-		return (int) $query->current()->records_found;
+		$query = $query->current();
+		
+		if ( ! $query)
+			return 0;
+		else
+			return (int) $query->records_found;
 	}
 
 	/**
-- 
cgit v1.2.3


From 51dca582cd2cda9416ec0172f8ed9a19ba828fec Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 19 Jul 2009 16:50:35 -0700
Subject: More thorough fix for #421.  Create User_Model::display_name() which
 uses the full name if there is one, or falls back to the name if that's all
 we have.

---
 modules/info/views/info_block.html.php | 4 ++--
 modules/user/models/user.php           | 9 +++++++++
 modules/user/views/login.html.php      | 2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php
index 9f544376..f86ae39d 100644
--- a/modules/info/views/info_block.html.php
+++ b/modules/info/views/info_block.html.php
@@ -26,9 +26,9 @@
   <li>
     <strong class="caption"><?= t("Owner:") ?></strong>
     <? if ($item->owner->url): ?>
-    <a href="<?= $item->owner->url ?>"><?= p::clean($item->owner->full_name) ?></a>
+    <a href="<?= $item->owner->url ?>"><?= p::clean($item->owner->display_name()) ?></a>
     <? else: ?>
-    <?= p::clean($item->owner->name) ?>
+    <?= p::clean($item->owner->display_name()) ?>
     <? endif ?>
   </li>
   <? endif ?>
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index 0234f186..def65a6f 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -72,4 +72,13 @@ class User_Model extends ORM {
     }
     return $this;
   }
+
+  /**
+   * Return the best version of the user's name.  Either their specified full name, or fall back
+   * to the user name.
+   * @return string
+   */
+  public function display_name() {
+    return empty($this->full_name) ? $this->name : $this->full_name;
+  }
 }
\ No newline at end of file
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 7617d131..4c1a5b3c 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -12,7 +12,7 @@
     '<a href="' . url::site("form/edit/users/{$user->id}") .
       '" title="' . t("Edit Your Profile") .
       '" id="gUserProfileLink" class="gDialogLink">' .
-      p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?>
+      p::clean($user->display_name()) . '</a>')) ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&continue=" . url::current(true)) ?>"
-- 
cgit v1.2.3


From 050c82cf80b06a555252efaf701434b0cfd59bed Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 11:09:23 -0700
Subject: Escape bare & symbols so that we use valid entities.  Fixes ticket
 #577.

---
 modules/organize/views/organize.html.php                 | 2 +-
 modules/server_add/views/admin_server_add.html.php       | 2 +-
 modules/server_add/views/server_add_tree_dialog.html.php | 2 +-
 modules/user/views/login.html.php                        | 2 +-
 themes/admin_default/views/admin.html.php                | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php
index 65d67d04..1686d255 100644
--- a/modules/organize/views/organize.html.php
+++ b/modules/organize/views/organize.html.php
@@ -33,7 +33,7 @@ var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums an
         <?= $album_tree ?>
       </div>
       <div id="gMicroThumbPanel" class="yui-u"
-           ref="<?= url::site("organize/content/__ITEM_ID__?width=__WIDTH__&height=__HEIGHT__&offset=__OFFSET__") ?>">
+           ref="<?= url::site("organize/content/__ITEM_ID__?width=__WIDTH__&amp;height=__HEIGHT__&amp;offset=__OFFSET__") ?>">
         <ul id="gMicroThumbGrid"></ul>
       </div>
       <div id="gOrganizeEditDrawer" class="yui-u">
diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php
index 588a9fca..30ab3536 100644
--- a/modules/server_add/views/admin_server_add.html.php
+++ b/modules/server_add/views/admin_server_add.html.php
@@ -11,7 +11,7 @@
     <ul id="gPathList">
       <? foreach ($paths as $id => $path): ?>
       <li class="ui-icon-left">
-        <a href="<?= url::site("admin/server_add/remove_path?path=$path&csrf=$csrf") ?>"
+        <a href="<?= url::site("admin/server_add/remove_path?path=$path&amp;csrf=$csrf") ?>"
            id="icon_<?= $id?>"
            class="gRemoveDir ui-icon ui-icon-trash">
           X
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 21952849..a4eda3b9 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <script type="text/javascript">
   var GET_CHILDREN_URL = "<?= url::site("server_add/children?path=__PATH__") ?>";
-  var START_URL = "<?= url::site("server_add/start?item_id={$item->id}&csrf=$csrf") ?>";
+  var START_URL = "<?= url::site("server_add/start?item_id={$item->id}&amp;csrf=$csrf") ?>";
 </script>
 
 <div id="gServerAdd">
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 4c1a5b3c..42bff4da 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -15,7 +15,7 @@
       p::clean($user->display_name()) . '</a>')) ?>
   </li>
   <li>
-    <a href="<?= url::site("logout?csrf=$csrf&continue=" . url::current(true)) ?>"
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . url::current(true)) ?>"
        id="gLogoutLink"><?= t("Logout") ?></a>
   </li>
   <? endif ?>
diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php
index 575f8a96..b0ddb6c5 100644
--- a/themes/admin_default/views/admin.html.php
+++ b/themes/admin_default/views/admin.html.php
@@ -45,7 +45,7 @@
         <?= $theme->admin_header_top() ?>
         <ul id="gLoginMenu">
           <li class="first"><?= html::anchor("albums/1", "&larr; ".t("Back to the Gallery")) ?></li>
-          <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1&csrf=$csrf") ?>"><?= t("Logout") ?></a></li>
+          <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1&amp;csrf=$csrf") ?>"><?= t("Logout") ?></a></li>
         </ul>
         <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery") ?>">
           &larr; <?= t("back to the ...") ?>
-- 
cgit v1.2.3


From 2de6b77d61f79248eff99f439a96de6d5cb68f6f Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 11:20:36 -0700
Subject: Use php_uname() instead of PHP_OS for greater accuracy.  Fixes ticket
 #563.

---
 modules/gallery/views/admin_block_platform.html.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/gallery/views/admin_block_platform.html.php b/modules/gallery/views/admin_block_platform.html.php
index 6b79f047..f27b9e7a 100644
--- a/modules/gallery/views/admin_block_platform.html.php
+++ b/modules/gallery/views/admin_block_platform.html.php
@@ -1,7 +1,10 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <ul>
   <li>
-    <?= t("Operating System: %operating_system", array("operating_system" => PHP_OS)) ?>
+    <?= t("Host name: %host_name", array("host_name" => php_uname("n"))) ?>
+  </li>
+  <li>
+    <?= t("Operating System: %os %version", array("os" => php_uname("s"), "version" => php_uname("r"))) ?>
   </li>
   <li>
     <?= t("Apache: %apache_version", array("apache_version" => function_exists("apache_get_version") ? apache_get_version() : t("Unknown"))) ?>
-- 
cgit v1.2.3


From 90ba32065578289898040f686cce766bfeb9cb51 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 11:25:03 -0700
Subject: The RSS link should go to the parent album when looking at
 photos/movies. Fixes ticket #566.

---
 modules/gallery/helpers/gallery_theme.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php
index 226b8a42..f245ea31 100644
--- a/modules/gallery/helpers/gallery_theme.php
+++ b/modules/gallery/helpers/gallery_theme.php
@@ -32,7 +32,11 @@ class gallery_theme_Core {
 
     if (module::is_active("rss")) {
       if ($item = $theme->item()) {
-        $buf .= rss::feed_link("gallery/album/{$item->id}");
+        if ($item->is_album()) {
+          $buf .= rss::feed_link("gallery/album/{$item->id}");
+        } else {
+          $buf .= rss::feed_link("gallery/album/{$item->parent()->id}");
+        }
       } else if ($tag = $theme->tag()) {
         $buf .= rss::feed_link("tag/tag/{$tag->id}");
       }
-- 
cgit v1.2.3


From 8f1bca7459af7eeebb30bf116ae03c25d30836f3 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 12:18:49 -0700
Subject: Remove the fallback code.  It should trigger extremely rarely and
 seems highly inefficient to me, so let's see if we can live without it.

---
 modules/gallery/controllers/file_proxy.php | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index c5b34033..799260b5 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -66,20 +66,6 @@ class File_Proxy_Controller extends Controller {
       // We didn't turn it up.  This may mean that the path cache is out of date, so look it up
       // the hard way.
       //
-      // Find all items that match the level and name, then iterate over those to find a match.
-      // In most cases we'll get it in one.  Note that for the level calculation, we just count the
-      // size of $paths.
-      $paths = explode("/", $path);
-      $count = count($paths);
-      foreach (ORM::factory("item")
-               ->where("name", $paths[$count - 1])
-               ->where("level", $count + 1)
-               ->find_all() as $match) {
-        if ($match->relative_path() == $path) {
-          $item = $match;
-          break;
-        }
-      }
     }
 
     if (!$item->loaded) {
-- 
cgit v1.2.3


From f83db99d39cc65b212f894c7e4ed66a52625f3c8 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 12:26:16 -0700
Subject: Properly display thumbnails for private movies by backtracking from
 the thumbnail to the movie and then showing it as a JPG.  Fixes ticket #570.

---
 modules/gallery/controllers/file_proxy.php | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php
index 799260b5..a85f0a85 100644
--- a/modules/gallery/controllers/file_proxy.php
+++ b/modules/gallery/controllers/file_proxy.php
@@ -63,9 +63,22 @@ class File_Proxy_Controller extends Controller {
     // We now have the relative path to the item.  Search for it in the path cache
     $item = ORM::factory("item")->where("relative_path_cache", $path)->find();
     if (!$item->loaded) {
-      // We didn't turn it up.  This may mean that the path cache is out of date, so look it up
-      // the hard way.
-      //
+      // We didn't turn it up.  It's possible that the relative_path_cache is out of date here.
+      // There was fallback code, but bharat deleted it in 8f1bca74.  If it turns out to be
+      // necessary, it's easily resurrected.
+
+      // If we're looking for a .jpg then it's it's possible that we're requesting the thumbnail
+      // for a movie.  In that case, the .flv or .mp4 file would have been converted to a .jpg.
+      // So try some alternate types:
+      if (preg_match('/.jpg$/', $path)) {
+        foreach (array("flv", "mp4") as $ext) {
+          $movie_path = preg_replace('/.jpg$/', ".$ext", $path);
+          $item = ORM::factory("item")->where("relative_path_cache", $movie_path)->find();
+          if ($item->loaded) {
+            break;
+          }
+        }
+      }
     }
 
     if (!$item->loaded) {
@@ -102,8 +115,13 @@ class File_Proxy_Controller extends Controller {
     // We don't need to save the session for this request
     Session::abort_save();
 
-    // Dump out the image
-    header("Content-Type: $item->mime_type");
+    // Dump out the image.  If the item is a movie, then its thumbnail will be a JPG.
+    if (in_array($item->mime_type, array("video/x-flv", "video/mp4"))) {
+      header("Content-type: image/jpeg");
+    } else {
+      print("Content-Type: $item->mime_type");
+    }
+
     Kohana::close_buffers(false);
     $fd = fopen($file, "rb");
     fpassthru($fd);
-- 
cgit v1.2.3


From 80f48b084af874fea52ed29f06a1337954b137bf Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 13:02:20 -0700
Subject: In the logout link, urlencode the continue url so that ampersands,
 etc don't break encapsulation.  In the logout controller, don't run the url
 through url::redirect because that uses url::site().  Just set the Location
 header directly.

This fixes ticket #483.
---
 modules/user/controllers/logout.php | 11 ++++++-----
 modules/user/views/login.html.php   |  2 +-
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 63971789..099b1952 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -19,18 +19,19 @@
  */
 class Logout_Controller extends Controller {
   public function index() {
-    access::verify_csrf();
+    //access::verify_csrf();
 
     $user = user::active();
     user::logout();
     log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
               html::anchor("user/$user->id", p::clean($user->name)));
-    if ($this->input->get("continue")) {
-      $item = url::get_item_from_uri($this->input->get("continue"));
+    if ($continue_url = $this->input->get("continue")) {
+      $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
-        url::redirect($this->input->get("continue"));
+        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+        header("Location: $continue_url");
       } else {
-        url::redirect("");
+        url::redirect("albums/1");
       }
     }
   }
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 42bff4da..10ed31b2 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -15,7 +15,7 @@
       p::clean($user->display_name()) . '</a>')) ?>
   </li>
   <li>
-    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . url::current(true)) ?>"
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
        id="gLogoutLink"><?= t("Logout") ?></a>
   </li>
   <? endif ?>
-- 
cgit v1.2.3


From 0546f0df13471664255a18b45c7464cc7f7f370e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 21 Jul 2009 13:39:40 -0700
Subject: Fix the bug that the quick menu fires for the wrong photo.  This
 stems from using a single gQuickPane <div> that we move around.  A race
 condition happens when you mouse over two thumbnails quickly. Whichever
 server response loses the race gets displayed, and sometimes it's the one
 that you're no longer hovering over.

Fix it by changing gQuickPane to be a class and creating a <div> per
thumbnail.

Fixes ticket #290.
---
 modules/gallery/css/quick.css             | 12 ++++++------
 modules/gallery/js/quick.js               | 20 ++++++++------------
 modules/gallery/views/quick_pane.html.php |  2 +-
 themes/default/css/fix-ie.css             |  4 ++--
 4 files changed, 17 insertions(+), 21 deletions(-)

diff --git a/modules/gallery/css/quick.css b/modules/gallery/css/quick.css
index 0e45eac2..f153d475 100644
--- a/modules/gallery/css/quick.css
+++ b/modules/gallery/css/quick.css
@@ -1,4 +1,4 @@
-#gQuickPane {
+.gQuickPane {
   position: absolute;
   top: 0;
   left: 0;
@@ -17,7 +17,7 @@
   padding: 0 !important;
 }
 
-#gQuickPane {
+.gQuickPane {
   background: #000;
   border-bottom: 1px solid #ccc;
   opacity: 0.9;
@@ -26,19 +26,19 @@
   left: 0;
 }
 
-#gQuickPane a {
+.gQuickPane a {
   cursor: pointer;
   float: left;
   margin: 4px;
 }
 
-#gQuickPaneOptions {
+.gQuickPaneOptions {
   background: #000;
   float: left;
   width: 100%;
 }
 
-#gQuickPaneOptions li a {
+.gQuickPaneOptions li a {
   display: block;
   float: none;
   width: auto;
@@ -47,6 +47,6 @@
   text-align: left;
 }
 
-#gQuickPaneOptions li a:hover {
+.gQuickPaneOptions li a:hover {
   background-color: #4d4d4d;
 }
diff --git a/modules/gallery/js/quick.js b/modules/gallery/js/quick.js
index 3ac97f8e..fda6470f 100644
--- a/modules/gallery/js/quick.js
+++ b/modules/gallery/js/quick.js
@@ -12,15 +12,15 @@ var show_quick = function() {
   var cont = $(this);
   var quick = $(this).find(".gQuick");
   var img = cont.find(".gThumbnail,.gResize");
-  $("#gQuickPane").remove();
-  cont.append("<div id=\"gQuickPane\"></div>");
-  $("#gQuickPane").hide();
-  cont.hover(function() {}, hide_quick);
+  cont.find(".gQuickPane").remove();
+  cont.append("<div class=\"gQuickPane\"></div>");
+  cont.find(".gQuickPane").hide();
+  cont.hover(function() {}, function() { cont.find(".gQuickPane").remove(); });
   $.get(
     quick.attr("href"),
     {},
     function(data, textStatus) {
-      $("#gQuickPane").html(data).slideDown("fast");
+      cont.find(".gQuickPane").html(data).slideDown("fast");
       $(".ui-state-default").hover(
         function() {
           $(this).addClass("ui-state-hover");
@@ -29,13 +29,13 @@ var show_quick = function() {
           $(this).removeClass("ui-state-hover");
         }
       );
-      $("#gQuickPane a:not(.options)").click(function(e) {
+      cont.find(".gQuickPane a:not(.options)").click(function(e) {
         e.preventDefault();
         quick_do(cont, $(this), img);
       });
-      $("#gQuickPane a.options").click(function(e) {
+      cont.find(".gQuickPane a.options").click(function(e) {
         e.preventDefault();
-        $("#gQuickPaneOptions").slideToggle("fast");
+        cont.find(".gQuickPaneOptions").slideToggle("fast");
       });
     }
   );
@@ -76,7 +76,3 @@ var quick_do = function(cont, pane, img) {
   }
   return false;
 };
-
-var hide_quick = function() {
-  $("#gQuickPane").remove();
-};
diff --git a/modules/gallery/views/quick_pane.html.php b/modules/gallery/views/quick_pane.html.php
index eabf4a67..e5469696 100644
--- a/modules/gallery/views/quick_pane.html.php
+++ b/modules/gallery/views/quick_pane.html.php
@@ -15,7 +15,7 @@
   </span>
 </a>
 
-<ul id="gQuickPaneOptions" style="display: none">
+<ul class="gQuickPaneOptions" style="display: none">
   <? foreach ($button_list->additional as $button): ?>
   <li><a class="<?= $button->class ?>" href="<?= $button->href ?>"
     title="<?= $button->title ?>">
diff --git a/themes/default/css/fix-ie.css b/themes/default/css/fix-ie.css
index 3d9604e6..d071abac 100644
--- a/themes/default/css/fix-ie.css
+++ b/themes/default/css/fix-ie.css
@@ -45,6 +45,6 @@ input.submit {
   width: 60px;
 }
 
-#gQuickPane {
+.gQuickPane {
   height: 32px !important;
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3


From 9f410ec764cdb8ece4dc6ce1fb1754afad929335 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 21 Jul 2009 15:49:42 -0700
Subject: Always display the option menu so that modules with options that
 require menu items with view permission have somewhere to hang these menu
 items from.  If its empty it will get removed by $menu->compact()

---
 modules/gallery/helpers/gallery_menu.php | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php
index b6f763b8..040b19e1 100644
--- a/modules/gallery/helpers/gallery_menu.php
+++ b/modules/gallery/helpers/gallery_menu.php
@@ -19,8 +19,6 @@
  */
 class gallery_menu_Core {
   static function site($menu, $theme) {
-    $is_admin = user::active()->admin;
-
     $menu->append(Menu::factory("link")
                   ->id("home")
                   ->label(t("Home"))
@@ -28,8 +26,8 @@ class gallery_menu_Core {
 
     $item = $theme->item();
 
-    $can_edit = $item && access::can("edit", $item) || $is_admin;
-    $can_add = $item && (access::can("add", $item) || $is_admin);
+    $can_edit = $item && access::can("edit", $item);
+    $can_add = $item && access::can("add", $item);
 
     if ($can_add) {
       $menu->append(Menu::factory("dialog")
@@ -38,11 +36,10 @@ class gallery_menu_Core {
                     ->url(url::site("simple_uploader/app/$item->id")));
     }
 
-    if ($item && $can_edit || $can_add) {
-      $menu->append($options_menu = Menu::factory("submenu")
-                    ->id("options_menu")
-                    ->label(t("Options")));
-
+    $menu->append($options_menu = Menu::factory("submenu")
+                  ->id("options_menu")
+                  ->label(t("Options")));
+    if ($item && ($can_edit || $can_add)) {
       if ($can_edit) {
         $options_menu
           ->append(Menu::factory("dialog")
@@ -71,7 +68,7 @@ class gallery_menu_Core {
       }
     }
 
-    if ($is_admin) {
+    if (user::active()->admin) {
       $menu->append($admin_menu = Menu::factory("submenu")
                     ->id("admin_menu")
                     ->label(t("Admin")));
-- 
cgit v1.2.3


From f533aee1cc71e8db739406859ac0cf43dce030ec Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 21 Jul 2009 15:52:46 -0700
Subject: Add an API method user_can that allows for checking a specific user
 has the specified permission to the item.  Changed can to delegate to this
 method passing in the active user.

---
 modules/gallery/helpers/access.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index 63324e5d..224b51e0 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -78,11 +78,23 @@ class access_Core {
    * @return boolean
    */
   static function can($perm_name, $item) {
+    return self::user_can(user::active(), $perm_name, $item);
+  }
+
+  /**
+   * Does the user have this permission on this item?
+   *
+   * @param  User_Model $user
+   * @param  string     $perm_name
+   * @param  Item_Model $item
+   * @return boolean
+   */
+  static function user_can($user, $perm_name, $item) {
     if (!$item->loaded) {
       return false;
     }
 
-    if (user::active()->admin) {
+    if ($user->admin) {
       return true;
     }
 
-- 
cgit v1.2.3