From 350c1b02670d971d3a389f786f46fb9be2dec8ed Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 19 Jul 2009 00:49:47 +0200 Subject: Use BOOLEAN instead of integer to describe the permissions : - DENY = false - ALLOW = true - UNKNOW = null (for intent only) - INHERIT = null (for cache) Upgrade is not included for now. (cherry picked from commit 719c59e0402464a0e2b14915f6d10218ff5d4729) --- installer/install.sql | 32 ++++++++++++------------- modules/gallery/helpers/access.php | 31 +++++++++++++----------- modules/gallery/views/permissions_form.html.php | 2 +- modules/search/helpers/search.php | 2 +- system/libraries/drivers/Database.php | 4 ++-- 5 files changed, 37 insertions(+), 34 deletions(-) diff --git a/installer/install.sql b/installer/install.sql index bda576d1..b17b5888 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -4,12 +4,12 @@ DROP TABLE IF EXISTS {access_caches}; CREATE TABLE {access_caches} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_full_1` smallint(6) NOT NULL default '0', - `edit_1` smallint(6) NOT NULL default '0', - `add_1` smallint(6) NOT NULL default '0', - `view_full_2` smallint(6) NOT NULL default '0', - `edit_2` smallint(6) NOT NULL default '0', - `add_2` smallint(6) NOT NULL default '0', + `view_full_1` binary(1) NOT NULL default false, + `edit_1` binary(1) NOT NULL default false, + `add_1` binary(1) NOT NULL default false, + `view_full_2` binary(1) NOT NULL default false, + `edit_2` binary(1) NOT NULL default false, + `add_2` binary(1) NOT NULL default false, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -20,14 +20,14 @@ DROP TABLE IF EXISTS {access_intents}; CREATE TABLE {access_intents} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_1` tinyint(1) default NULL, - `view_full_1` tinyint(1) default NULL, - `edit_1` tinyint(1) default NULL, - `add_1` tinyint(1) default NULL, - `view_2` tinyint(1) default NULL, - `view_full_2` tinyint(1) default NULL, - `edit_2` tinyint(1) default NULL, - `add_2` tinyint(1) default NULL, + `view_1` binary(1) default NULL, + `view_full_1` binary(1) default NULL, + `edit_1` binary(1) default NULL, + `add_1` binary(1) default NULL, + `view_2` binary(1) default NULL, + `view_full_2` binary(1) default NULL, + `edit_2` binary(1) default NULL, + `add_2` binary(1) default NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -164,8 +164,8 @@ CREATE TABLE {items} ( `view_count` int(9) default '0', `weight` int(9) NOT NULL default '0', `width` int(9) default NULL, - `view_1` smallint(6) NOT NULL default '0', - `view_2` smallint(6) NOT NULL default '0', + `view_1` binary(1) default false, + `view_2` binary(1) default false, PRIMARY KEY (`id`), KEY `parent_id` (`parent_id`), KEY `type` (`type`), diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 65316a8a..4130964d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -66,9 +66,10 @@ * the Access_Intent_Model */ class access_Core { - const DENY = 0; - const ALLOW = 1; - const UNKNOWN = 2; + const DENY = false; + const ALLOW = true; + const INHERIT = null; // access_intent + const UNKNOWN = null; // cache (access_cache, items) /** * Does the active user have this permission on this item? @@ -141,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return integer access::ALLOW, access::DENY or null for no intent + * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); @@ -169,7 +170,7 @@ class access_Core { ->where("`right` >= $item->right") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("access_intents.view_$group->id", 0) + ->where("access_intents.view_$group->id", access::DENY) ->orderby("level", "DESC") ->limit(1) ->find(); @@ -253,7 +254,7 @@ class access_Core { if ($item->id == 1) { throw new Exception("@todo CANT_RESET_ROOT_PERMISSION"); } - self::_set($group, $perm_name, $item, null); + self::_set($group, $perm_name, $item, access::INHERIT); } /** @@ -455,9 +456,10 @@ class access_Core { $db = Database::instance(); $field = "{$perm_name}_{$group->id}"; $cache_table = $perm_name == "view" ? "items" : "access_caches"; - $db->query("ALTER TABLE {{$cache_table}} ADD `$field` SMALLINT NOT NULL DEFAULT 0"); - $db->query("ALTER TABLE {access_intents} ADD `$field` BOOLEAN DEFAULT NULL"); - $db->update("access_intents", array($field => 0), array("item_id" => 1)); + $not_null = $cache_table == "items" ? "" : "NOT NULL"; + $db->query("ALTER TABLE {{$cache_table}} ADD `$field` BINARY $not_null DEFAULT FALSE"); + $db->query("ALTER TABLE {access_intents} ADD `$field` BINARY DEFAULT NULL"); + $db->update("access_intents", array($field => access::DENY), array("item_id" => 1)); model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -513,7 +515,7 @@ class access_Core { ->where("left >=", $item->left) ->where("right <=", $item->right) ->where("type", "album") - ->where("access_intents.$field IS NOT", null) + ->where("access_intents.$field IS NOT", self::INHERIT) ->orderby("level", "DESC") ->find_all(); foreach ($query as $row) { @@ -557,12 +559,12 @@ class access_Core { // // @todo To optimize this, we wouldn't need to propagate from the parent, we could just // propagate from here with the parent's intent. - if ($access->$field === null) { + if ($access->$field === self::INHERIT) { $tmp_item = ORM::factory("item") ->join("access_intents", "items.id", "access_intents.item_id") ->where("left <", $item->left) ->where("right >", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::UNKNOWN) ->orderby("left", "DESC") ->limit(1) ->find(); @@ -578,12 +580,13 @@ class access_Core { ->join("items", "items.id", "access_intents.item_id") ->where("left >=", $item->left) ->where("right <=", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::INHERIT) ->orderby("level", "ASC") ->find_all(); foreach ($query as $row) { + $value = ($row->$field === access::ALLOW) ? "TRUE" : "FALSE"; $db->query( - "UPDATE {access_caches} SET `$field` = {$row->$field} " . + "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . " (SELECT `id` FROM {items} " . " WHERE `left` >= $row->left " . diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 0f60070a..ee5e3a24 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -26,7 +26,7 @@ - + admin) { foreach (user::group_ids() as $id) { - $fields[] = "`view_$id` = " . access::ALLOW; + $fields[] = "`view_$id` = TRUE"; // access::ALLOW } $access_sql = "AND (" . join(" AND ", $fields) . ")"; } else { diff --git a/system/libraries/drivers/Database.php b/system/libraries/drivers/Database.php index 807469f6..27f6ea8e 100644 --- a/system/libraries/drivers/Database.php +++ b/system/libraries/drivers/Database.php @@ -120,7 +120,7 @@ abstract class Database_Driver { $key .= ' ='; } - $value = ($value == TRUE) ? ' 1' : ' 0'; + $value = ($value == TRUE) ? ' TRUE' : ' FALSE'; } else { @@ -310,7 +310,7 @@ abstract class Database_Driver { $value = '\''.$this->escape_str($value).'\''; break; case 'boolean': - $value = (int) $value; + $value = ($value == TRUE) ? 'TRUE' : 'FALSE'; break; case 'double': // Convert to non-locale aware float to prevent possible commas -- cgit v1.2.3 From 7c7d4c0ec0386550e121da8ef0adf3fb65f7881e Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 19 Jul 2009 01:11:13 +0200 Subject: Consistency : always use self::XXX (cherry picked from commit c9017ae2f21ff8f5d745f296a636b80a30add6a1) --- modules/gallery/helpers/access.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 4130964d..b5be192c 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -142,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent + * @return boolean access::ALLOW, ccess::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); @@ -170,7 +170,7 @@ class access_Core { ->where("`right` >= $item->right") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("access_intents.view_$group->id", access::DENY) + ->where("access_intents.view_$group->id", self::DENY) ->orderby("level", "DESC") ->limit(1) ->find(); @@ -254,7 +254,7 @@ class access_Core { if ($item->id == 1) { throw new Exception("@todo CANT_RESET_ROOT_PERMISSION"); } - self::_set($group, $perm_name, $item, access::INHERIT); + self::_set($group, $perm_name, $item, self::INHERIT); } /** @@ -459,7 +459,7 @@ class access_Core { $not_null = $cache_table == "items" ? "" : "NOT NULL"; $db->query("ALTER TABLE {{$cache_table}} ADD `$field` BINARY $not_null DEFAULT FALSE"); $db->query("ALTER TABLE {access_intents} ADD `$field` BINARY DEFAULT NULL"); - $db->update("access_intents", array($field => access::DENY), array("item_id" => 1)); + $db->update("access_intents", array($field => self::DENY), array("item_id" => 1)); model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -584,7 +584,7 @@ class access_Core { ->orderby("level", "ASC") ->find_all(); foreach ($query as $row) { - $value = ($row->$field === access::ALLOW) ? "TRUE" : "FALSE"; + $value = ($row->$field === self::ALLOW) ? "TRUE" : "FALSE"; $db->query( "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . -- cgit v1.2.3 From 2282f9977eab2c32b5192506a124c9a3ccda7578 Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Mon, 20 Jul 2009 10:51:07 +0200 Subject: Improve PgSQL compatibility in Kohana ( see http://dev.kohanaphp.com/issues/1855 ) (cherry picked from commit 8cbf43ed2abe9772045766e598bb9fe3d4def983) --- system/libraries/ORM.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/libraries/ORM.php b/system/libraries/ORM.php index c1048604..5196ba27 100644 --- a/system/libraries/ORM.php +++ b/system/libraries/ORM.php @@ -1295,7 +1295,9 @@ class ORM_Core { $value = (float) $value; break; case 'boolean': - $value = (bool) $value; + if ($value === "t") $value = true; // For PgSQL + else if ($value === "f") $value = false; // For PgSQL + else $value = (bool) $value; break; case 'string': $value = (string) $value; -- cgit v1.2.3 From 216a21ba8a2580811596b353261dfb88e2b09bd6 Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Wed, 22 Jul 2009 15:40:49 +0200 Subject: Upgrade code to migrate the ACL from integer to boolean. Related to 719c59e0402464a0e2b14915f6d10218ff5d4729 (cherry picked from commit 831bf63c236fe88624470d2906729e035e9dbfc8) --- modules/gallery/helpers/gallery_installer.php | 18 ++++++++++++++++++ modules/gallery/module.info | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 28c1990f..db13307f 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -305,6 +305,24 @@ class gallery_installer { module::clear_var("gallery", "version"); module::set_version("gallery", $version = 7); } + + if ($version == 7) { + $groups = ORM::factory("group")->find_all(); + $permissions = ORM::factory("permission")->find_all(); + foreach($groups as $group) { + foreach($permissions as $permission) { + // Update access intents + $db->query("ALTER TABLE {access_intents} MODIFY COLUMN {$permission->name}_{$group->id} BINARY(1) DEFAULT NULL"); + // Update access cache + if ($permission->name === "view") { + $db->query("ALTER TABLE {items} MODIFY COLUMN {$permission->name}_{$group->id} BINARY(1) DEFAULT FALSE"); + } else { + $db->query("ALTER TABLE {access_caches} MODIFY COLUMN {$permission->name}_{$group->id} BINARY(1) NOT NULL DEFAULT FALSE"); + } + } + } + module::set_version("gallery", $version = 8); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index cefcaa08..ba367878 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 7 +version = 8 -- cgit v1.2.3 From 7f1a7ead589ce85e029ff0eb7f7e88bd04b8c8cb Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Jul 2009 09:24:33 -0700 Subject: Fix a typo in a comment --- modules/gallery/helpers/access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index b5be192c..c84527f4 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -142,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return boolean access::ALLOW, ccess::DENY or access::INHERIT (null) for no intent + * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); -- cgit v1.2.3