From 17f0a1b10f3df250129188316c14b01f0e3b45f0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 10 Feb 2010 08:45:14 -0800
Subject: If the user does not have permission to view the album, photo or
 movie, redirect to a logon page to allow the user to login.  Pass the target
 url as a session variable to allow the user to be redirected where they want
 to go if the login was successful.  Fixes ticket #1009.

---
 modules/gallery/controllers/albums.php | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'modules/gallery/controllers/albums.php')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index a378f3ee..1d369b95 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -28,20 +28,19 @@ class Albums_Controller extends Items_Controller {
       // sure that we're actually receiving an object
       Kohana::show_404();
     }
-    $page_size = module::get_var("gallery", "page_size", 9);
+
     if (!access::can("view", $album)) {
-      if ($album->id == 1) {
-        $view = new Theme_View("page.html", "other", "login");
-        $view->page_title = t("Log in to Gallery");
-        $view->content = new View("login_ajax.html");
-        $view->content->form = auth::get_login_form("login/auth_html");
-        print $view;
-        return;
-      } else {
-        access::forbidden();
-      }
+      $view = new Theme_View("page.html", "other", "login");
+      $view->page_title = t("Log in to Gallery");
+      $view->content = new View("login_ajax.html");
+      $view->content->form = auth::get_login_form("login/auth_html");
+      // Avoid anti-phishing protection by passing the url as session variable.
+      Session::instance()->set("continue_url", url::current(true));
+      print $view;
+      return;
     }
 
+    $page_size = module::get_var("gallery", "page_size", 9);
     $input = Input::instance();
     $show = $input->get("show");
 
-- 
cgit v1.2.3


From 8ef08d20883d9b9aa0b7560ce3bf6da8a6632149 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 10 Feb 2010 08:53:39 -0800
Subject: Refactor the code to display the login page if the user does not have
 view permission into the common auth::require_login() method.

---
 modules/gallery/controllers/albums.php |  8 +-------
 modules/gallery/controllers/movies.php |  7 +------
 modules/gallery/controllers/photos.php |  6 +-----
 modules/gallery/helpers/auth.php       | 13 +++++++++++++
 4 files changed, 16 insertions(+), 18 deletions(-)

(limited to 'modules/gallery/controllers/albums.php')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 1d369b95..e1985cfb 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -30,13 +30,7 @@ class Albums_Controller extends Items_Controller {
     }
 
     if (!access::can("view", $album)) {
-      $view = new Theme_View("page.html", "other", "login");
-      $view->page_title = t("Log in to Gallery");
-      $view->content = new View("login_ajax.html");
-      $view->content->form = auth::get_login_form("login/auth_html");
-      // Avoid anti-phishing protection by passing the url as session variable.
-      Session::instance()->set("continue_url", url::current(true));
-      print $view;
+      print auth::require_login();
       return;
     }
 
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 9e882ef4..8041066e 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -26,12 +26,7 @@ class Movies_Controller extends Items_Controller {
     }
 
     if (!access::can("view", $movie)) {
-      $view = new Theme_View("page.html", "other", "login");
-      $view->page_title = t("Log in to Gallery");
-      $view->content = new View("login_ajax.html");
-      $view->content->form = auth::get_login_form("login/auth_html");
-
-      print $view;
+      print auth::require_login();
       return;
     }
 
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 8beae207..778e9ae7 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -26,11 +26,7 @@ class Photos_Controller extends Items_Controller {
     }
 
     if (!access::can("view", $photo)) {
-      $view = new Theme_View("page.html", "other", "login");
-      $view->page_title = t("Log in to Gallery");
-      $view->content = new View("login_ajax.html");
-      $view->content->form = auth::get_login_form("login/auth_html");
-      print $view;
+      print auth::require_login();
       return;
     }
 
diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php
index c3e9e6e9..f5454f85 100644
--- a/modules/gallery/helpers/auth.php
+++ b/modules/gallery/helpers/auth.php
@@ -130,4 +130,17 @@ class auth_Core {
     $session->set("admin_area_activity_timestamp", time());
     return false;
   }
+
+  /**
+   * Redirect to the login page.
+   */
+  static function require_login() {
+    $view = new Theme_View("page.html", "other", "login");
+    $view->page_title = t("Log in to Gallery");
+    $view->content = new View("login_ajax.html");
+    $view->content->form = auth::get_login_form("login/auth_html");
+    // Avoid anti-phishing protection by passing the url as session variable.
+    Session::instance()->set("continue_url", url::current(true));
+    return $view;
+  }
 }
\ No newline at end of file
-- 
cgit v1.2.3