From 8a6556b30bc34d69284df6246f4010a8835f3bc2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 17 Jul 2009 08:14:08 -0700 Subject: Fix a bug where moved items don't properly inherit permissions from their new target. After each move, recalculate the permissions for the new parent's hierarchy. Fixes ticket #552 --- modules/gallery/helpers/access.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c48f0b79..5dd1e465 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -243,6 +243,21 @@ class access_Core { self::_set($group, $perm_name, $item, null); } + /** + * Recalculate the permissions for a given item and its hierarchy. $item must be an album. + */ + static function recalculate_permissions($item) { + foreach (self::_get_all_groups() as $group) { + foreach (ORM::factory("permission")->find_all() as $perm) { + if ($perm->name == "view") { + self::_update_access_view_cache($group, $item); + } else { + self::_update_access_non_view_cache($group, $perm->name, $item); + } + } + } + } + /** * Register a permission so that modules can use it. * -- cgit v1.2.3 From cd907c2b42f8b50ebe6d490aab42365e16deb258 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 17 Jul 2009 12:51:27 -0700 Subject: Change model_cache::clear() API to clear everything. This prevents old ORM relationships from hanging around, which was causing problems when doing MPTT manipulations (resulting in incorrect permission propagation-- very bad!) --- modules/gallery/helpers/access.php | 4 ++++ modules/gallery/helpers/item.php | 4 ++-- modules/gallery/helpers/model_cache.php | 6 ++---- modules/gallery/libraries/MY_ORM.php | 2 +- modules/gallery/libraries/ORM_MPTT.php | 1 + modules/gallery/models/item.php | 1 + 6 files changed, 11 insertions(+), 7 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 5dd1e465..63324e5d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -205,6 +205,7 @@ class access_Core { } self::_update_htaccess_files($album, $group, $perm_name, $value); + model_cache::clear(); } /** @@ -256,6 +257,7 @@ class access_Core { } } } + model_cache::clear(); } /** @@ -426,6 +428,7 @@ class access_Core { $cache_table = $perm_name == "view" ? "items" : "access_caches"; $db->query("ALTER TABLE {{$cache_table}} DROP `$field`"); $db->query("ALTER TABLE {access_intents} DROP `$field`"); + model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -443,6 +446,7 @@ class access_Core { $db->query("ALTER TABLE {{$cache_table}} ADD `$field` SMALLINT NOT NULL DEFAULT 0"); $db->query("ALTER TABLE {access_intents} ADD `$field` BOOLEAN DEFAULT NULL"); $db->update("access_intents", array($field => 0), array("item_id" => 1)); + model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index f40b5c97..80c25862 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -53,7 +53,7 @@ class item_Core { access::required("view", $parent); access::required("edit", $parent); - model_cache::clear("item", $parent->album_cover_item_id); + model_cache::clear(); $parent->album_cover_item_id = $item->is_album() ? $item->album_cover_item_id : $item->id; $parent->thumb_dirty = 1; $parent->save(); @@ -69,7 +69,7 @@ class item_Core { access::required("edit", $album); @unlink($album->thumb_path()); - model_cache::clear("item", $album->album_cover_item_id) ; + model_cache::clear(); $album->album_cover_item_id = null; $album->thumb_width = 0; $album->thumb_height = 0; diff --git a/modules/gallery/helpers/model_cache.php b/modules/gallery/helpers/model_cache.php index 2649fdbd..a3e09862 100644 --- a/modules/gallery/helpers/model_cache.php +++ b/modules/gallery/helpers/model_cache.php @@ -32,10 +32,8 @@ class model_cache_Core { return self::$cache->$model_name->$field_name->$id; } - static function clear($model_name, $id, $field_name="id") { - if (!empty(self::$cache->$model_name->$field_name->$id)) { - unset(self::$cache->$model_name->$field_name->$id); - } + static function clear() { + self::$cache = new stdClass(); } static function set($model) { diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index 319cbe09..1d3c1ef3 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -32,7 +32,7 @@ class ORM extends ORM_Core { } public function save() { - model_cache::clear($this->object_name, $this->{$this->primary_key}, $this->primary_key); + model_cache::clear(); $result = parent::save(); $this->original = $this->object; return $result; diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index 46280d95..e371f159 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -285,6 +285,7 @@ class ORM_MPTT_Core extends ORM { // Lets reload to get the changes. $this->reload(); + $target->reload(); return $this; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 6512e9e5..05c4e656 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -140,6 +140,7 @@ class Item_Model extends ORM_MPTT { $original_parent = $this->parent(); parent::move_to($target, true); + model_cache::clear(); $this->relative_path_cache = null; rename($original_path, $this->file_path()); -- cgit v1.2.3 From f533aee1cc71e8db739406859ac0cf43dce030ec Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 21 Jul 2009 15:52:46 -0700 Subject: Add an API method user_can that allows for checking a specific user has the specified permission to the item. Changed can to delegate to this method passing in the active user. --- modules/gallery/helpers/access.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 63324e5d..224b51e0 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -78,11 +78,23 @@ class access_Core { * @return boolean */ static function can($perm_name, $item) { + return self::user_can(user::active(), $perm_name, $item); + } + + /** + * Does the user have this permission on this item? + * + * @param User_Model $user + * @param string $perm_name + * @param Item_Model $item + * @return boolean + */ + static function user_can($user, $perm_name, $item) { if (!$item->loaded) { return false; } - if (user::active()->admin) { + if ($user->admin) { return true; } -- cgit v1.2.3 From 4ddaaeb9dd3359226d0406f85c58ea219f559e4e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 22 Jul 2009 09:39:22 -0700 Subject: Duh... when I added user_can, I passed in the user, but still used the groups from the session --- modules/gallery/helpers/access.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 224b51e0..65316a8a 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -100,8 +100,8 @@ class access_Core { $resource = $perm_name == "view" ? $item : model_cache::get("access_cache", $item->id, "item_id"); - foreach (user::group_ids() as $id) { - if ($resource->__get("{$perm_name}_$id") === self::ALLOW) { + foreach ($user->groups as $group) { + if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } } -- cgit v1.2.3 From d4104a23ec504e451e7a96f9798ea4ed695e9d97 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 22 Jul 2009 15:16:56 -0700 Subject: Add explicit unit tests for access::user_can --- modules/gallery/helpers/access.php | 1 + modules/gallery/tests/Access_Helper_Test.php | 37 ++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 65316a8a..956b4e5c 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -209,6 +209,7 @@ class access_Core { $access = model_cache::get("access_intent", $album->id, "item_id"); $access->__set("{$perm_name}_{$group->id}", $value); $access->save(); + $album->reload(); if ($perm_name == "view") { self::_update_access_view_cache($group, $album); diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 1352b493..59cec453 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -64,6 +64,43 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(array_key_exists("access_test_{$group->id}", $fields)); } + public function user_can_access_test() { + $access_test = group::create("access_test"); + + $root = ORM::factory("item", 1); + access::allow($access_test, "view", $root); + + $item = album::create($root, rand(), "test album"); + + access::deny(group::everybody(), "view", $item); + access::deny(group::registered_users(), "view", $item); + + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->add($access_test); + $user->save(); + + $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); + } + + public function user_can_no_access_test() { + $root = ORM::factory("item", 1); + $item = album::create($root, rand(), "test album"); + + access::deny(group::everybody(), "view", $item); + access::deny(group::registered_users(), "view", $item); + + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->save(); + + $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); + } + public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); -- cgit v1.2.3 From 85ed445e2333a884e140afebaeba35d08079cda6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 22 Jul 2009 15:20:30 -0700 Subject: remove an extra ->reload() that was there for testing --- modules/gallery/helpers/access.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 956b4e5c..65316a8a 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -209,7 +209,6 @@ class access_Core { $access = model_cache::get("access_intent", $album->id, "item_id"); $access->__set("{$perm_name}_{$group->id}", $value); $access->save(); - $album->reload(); if ($perm_name == "view") { self::_update_access_view_cache($group, $album); -- cgit v1.2.3 From 350c1b02670d971d3a389f786f46fb9be2dec8ed Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 19 Jul 2009 00:49:47 +0200 Subject: Use BOOLEAN instead of integer to describe the permissions : - DENY = false - ALLOW = true - UNKNOW = null (for intent only) - INHERIT = null (for cache) Upgrade is not included for now. (cherry picked from commit 719c59e0402464a0e2b14915f6d10218ff5d4729) --- installer/install.sql | 32 ++++++++++++------------- modules/gallery/helpers/access.php | 31 +++++++++++++----------- modules/gallery/views/permissions_form.html.php | 2 +- modules/search/helpers/search.php | 2 +- system/libraries/drivers/Database.php | 4 ++-- 5 files changed, 37 insertions(+), 34 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/installer/install.sql b/installer/install.sql index bda576d1..b17b5888 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -4,12 +4,12 @@ DROP TABLE IF EXISTS {access_caches}; CREATE TABLE {access_caches} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_full_1` smallint(6) NOT NULL default '0', - `edit_1` smallint(6) NOT NULL default '0', - `add_1` smallint(6) NOT NULL default '0', - `view_full_2` smallint(6) NOT NULL default '0', - `edit_2` smallint(6) NOT NULL default '0', - `add_2` smallint(6) NOT NULL default '0', + `view_full_1` binary(1) NOT NULL default false, + `edit_1` binary(1) NOT NULL default false, + `add_1` binary(1) NOT NULL default false, + `view_full_2` binary(1) NOT NULL default false, + `edit_2` binary(1) NOT NULL default false, + `add_2` binary(1) NOT NULL default false, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -20,14 +20,14 @@ DROP TABLE IF EXISTS {access_intents}; CREATE TABLE {access_intents} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_1` tinyint(1) default NULL, - `view_full_1` tinyint(1) default NULL, - `edit_1` tinyint(1) default NULL, - `add_1` tinyint(1) default NULL, - `view_2` tinyint(1) default NULL, - `view_full_2` tinyint(1) default NULL, - `edit_2` tinyint(1) default NULL, - `add_2` tinyint(1) default NULL, + `view_1` binary(1) default NULL, + `view_full_1` binary(1) default NULL, + `edit_1` binary(1) default NULL, + `add_1` binary(1) default NULL, + `view_2` binary(1) default NULL, + `view_full_2` binary(1) default NULL, + `edit_2` binary(1) default NULL, + `add_2` binary(1) default NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -164,8 +164,8 @@ CREATE TABLE {items} ( `view_count` int(9) default '0', `weight` int(9) NOT NULL default '0', `width` int(9) default NULL, - `view_1` smallint(6) NOT NULL default '0', - `view_2` smallint(6) NOT NULL default '0', + `view_1` binary(1) default false, + `view_2` binary(1) default false, PRIMARY KEY (`id`), KEY `parent_id` (`parent_id`), KEY `type` (`type`), diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 65316a8a..4130964d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -66,9 +66,10 @@ * the Access_Intent_Model */ class access_Core { - const DENY = 0; - const ALLOW = 1; - const UNKNOWN = 2; + const DENY = false; + const ALLOW = true; + const INHERIT = null; // access_intent + const UNKNOWN = null; // cache (access_cache, items) /** * Does the active user have this permission on this item? @@ -141,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return integer access::ALLOW, access::DENY or null for no intent + * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); @@ -169,7 +170,7 @@ class access_Core { ->where("`right` >= $item->right") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("access_intents.view_$group->id", 0) + ->where("access_intents.view_$group->id", access::DENY) ->orderby("level", "DESC") ->limit(1) ->find(); @@ -253,7 +254,7 @@ class access_Core { if ($item->id == 1) { throw new Exception("@todo CANT_RESET_ROOT_PERMISSION"); } - self::_set($group, $perm_name, $item, null); + self::_set($group, $perm_name, $item, access::INHERIT); } /** @@ -455,9 +456,10 @@ class access_Core { $db = Database::instance(); $field = "{$perm_name}_{$group->id}"; $cache_table = $perm_name == "view" ? "items" : "access_caches"; - $db->query("ALTER TABLE {{$cache_table}} ADD `$field` SMALLINT NOT NULL DEFAULT 0"); - $db->query("ALTER TABLE {access_intents} ADD `$field` BOOLEAN DEFAULT NULL"); - $db->update("access_intents", array($field => 0), array("item_id" => 1)); + $not_null = $cache_table == "items" ? "" : "NOT NULL"; + $db->query("ALTER TABLE {{$cache_table}} ADD `$field` BINARY $not_null DEFAULT FALSE"); + $db->query("ALTER TABLE {access_intents} ADD `$field` BINARY DEFAULT NULL"); + $db->update("access_intents", array($field => access::DENY), array("item_id" => 1)); model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -513,7 +515,7 @@ class access_Core { ->where("left >=", $item->left) ->where("right <=", $item->right) ->where("type", "album") - ->where("access_intents.$field IS NOT", null) + ->where("access_intents.$field IS NOT", self::INHERIT) ->orderby("level", "DESC") ->find_all(); foreach ($query as $row) { @@ -557,12 +559,12 @@ class access_Core { // // @todo To optimize this, we wouldn't need to propagate from the parent, we could just // propagate from here with the parent's intent. - if ($access->$field === null) { + if ($access->$field === self::INHERIT) { $tmp_item = ORM::factory("item") ->join("access_intents", "items.id", "access_intents.item_id") ->where("left <", $item->left) ->where("right >", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::UNKNOWN) ->orderby("left", "DESC") ->limit(1) ->find(); @@ -578,12 +580,13 @@ class access_Core { ->join("items", "items.id", "access_intents.item_id") ->where("left >=", $item->left) ->where("right <=", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::INHERIT) ->orderby("level", "ASC") ->find_all(); foreach ($query as $row) { + $value = ($row->$field === access::ALLOW) ? "TRUE" : "FALSE"; $db->query( - "UPDATE {access_caches} SET `$field` = {$row->$field} " . + "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . " (SELECT `id` FROM {items} " . " WHERE `left` >= $row->left " . diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 0f60070a..ee5e3a24 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -26,7 +26,7 @@ - + admin) { foreach (user::group_ids() as $id) { - $fields[] = "`view_$id` = " . access::ALLOW; + $fields[] = "`view_$id` = TRUE"; // access::ALLOW } $access_sql = "AND (" . join(" AND ", $fields) . ")"; } else { diff --git a/system/libraries/drivers/Database.php b/system/libraries/drivers/Database.php index 807469f6..27f6ea8e 100644 --- a/system/libraries/drivers/Database.php +++ b/system/libraries/drivers/Database.php @@ -120,7 +120,7 @@ abstract class Database_Driver { $key .= ' ='; } - $value = ($value == TRUE) ? ' 1' : ' 0'; + $value = ($value == TRUE) ? ' TRUE' : ' FALSE'; } else { @@ -310,7 +310,7 @@ abstract class Database_Driver { $value = '\''.$this->escape_str($value).'\''; break; case 'boolean': - $value = (int) $value; + $value = ($value == TRUE) ? 'TRUE' : 'FALSE'; break; case 'double': // Convert to non-locale aware float to prevent possible commas -- cgit v1.2.3 From 7c7d4c0ec0386550e121da8ef0adf3fb65f7881e Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 19 Jul 2009 01:11:13 +0200 Subject: Consistency : always use self::XXX (cherry picked from commit c9017ae2f21ff8f5d745f296a636b80a30add6a1) --- modules/gallery/helpers/access.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 4130964d..b5be192c 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -142,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent + * @return boolean access::ALLOW, ccess::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); @@ -170,7 +170,7 @@ class access_Core { ->where("`right` >= $item->right") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("access_intents.view_$group->id", access::DENY) + ->where("access_intents.view_$group->id", self::DENY) ->orderby("level", "DESC") ->limit(1) ->find(); @@ -254,7 +254,7 @@ class access_Core { if ($item->id == 1) { throw new Exception("@todo CANT_RESET_ROOT_PERMISSION"); } - self::_set($group, $perm_name, $item, access::INHERIT); + self::_set($group, $perm_name, $item, self::INHERIT); } /** @@ -459,7 +459,7 @@ class access_Core { $not_null = $cache_table == "items" ? "" : "NOT NULL"; $db->query("ALTER TABLE {{$cache_table}} ADD `$field` BINARY $not_null DEFAULT FALSE"); $db->query("ALTER TABLE {access_intents} ADD `$field` BINARY DEFAULT NULL"); - $db->update("access_intents", array($field => access::DENY), array("item_id" => 1)); + $db->update("access_intents", array($field => self::DENY), array("item_id" => 1)); model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -584,7 +584,7 @@ class access_Core { ->orderby("level", "ASC") ->find_all(); foreach ($query as $row) { - $value = ($row->$field === access::ALLOW) ? "TRUE" : "FALSE"; + $value = ($row->$field === self::ALLOW) ? "TRUE" : "FALSE"; $db->query( "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . -- cgit v1.2.3 From 7f1a7ead589ce85e029ff0eb7f7e88bd04b8c8cb Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Jul 2009 09:24:33 -0700 Subject: Fix a typo in a comment --- modules/gallery/helpers/access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index b5be192c..c84527f4 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -142,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return boolean access::ALLOW, ccess::DENY or access::INHERIT (null) for no intent + * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); -- cgit v1.2.3 From 23bb6eb7e35637c8a2124216dbb6d3246ad3d702 Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sat, 25 Jul 2009 19:06:54 +0200 Subject: Rename columns that use reserved SQL words : items.left and items.right --- installer/install.sql | 72 +------------------- modules/gallery/helpers/access.php | 40 +++++------ modules/gallery/helpers/gallery_installer.php | 16 +++-- modules/gallery/libraries/ORM_MPTT.php | 84 ++++++++++++------------ modules/gallery/models/item.php | 10 +-- modules/gallery/module.info | 2 +- modules/gallery/tests/Database_Test.php | 8 +-- modules/gallery/tests/Gallery_Installer_Test.php | 10 +-- modules/gallery/tests/ORM_MPTT_Test.php | 14 ++-- modules/gallery/tests/Photo_Helper_Test.php | 4 +- modules/notification/helpers/notification.php | 4 +- 11 files changed, 102 insertions(+), 162 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/installer/install.sql b/installer/install.sql index 36ccaaff..fc5f967a 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -1,6 +1,4 @@ DROP TABLE IF EXISTS {access_caches}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {access_caches} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, @@ -12,11 +10,8 @@ CREATE TABLE {access_caches} ( `add_2` binary(1) NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {access_caches} VALUES (1,1,'1','0','0','1','0','0'); DROP TABLE IF EXISTS {access_intents}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {access_intents} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, @@ -30,11 +25,8 @@ CREATE TABLE {access_intents} ( `add_2` binary(1) default NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {access_intents} VALUES (1,1,'1','1','0','0','1','1','0','0'); DROP TABLE IF EXISTS {caches}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {caches} ( `id` int(9) NOT NULL auto_increment, `key` varchar(255) NOT NULL, @@ -44,10 +36,7 @@ CREATE TABLE {caches} ( PRIMARY KEY (`id`), KEY `tags` (`tags`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {comments}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {comments} ( `author_id` int(9) default NULL, `created` int(9) NOT NULL, @@ -73,10 +62,7 @@ CREATE TABLE {comments} ( `updated` int(9) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {graphics_rules}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {graphics_rules} ( `id` int(9) NOT NULL auto_increment, `active` tinyint(1) default '0', @@ -87,12 +73,9 @@ CREATE TABLE {graphics_rules} ( `target` varchar(32) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {graphics_rules} VALUES (1,1,'a:3:{s:5:\"width\";i:200;s:6:\"height\";i:200;s:6:\"master\";i:2;}','gallery','resize',100,'thumb'); INSERT INTO {graphics_rules} VALUES (2,1,'a:3:{s:5:\"width\";i:640;s:6:\"height\";i:480;s:6:\"master\";i:2;}','gallery','resize',100,'resize'); DROP TABLE IF EXISTS {groups}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {groups} ( `id` int(9) NOT NULL auto_increment, `name` char(64) default NULL, @@ -100,25 +83,19 @@ CREATE TABLE {groups} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {groups} VALUES (1,'Everybody',1); INSERT INTO {groups} VALUES (2,'Registered Users',1); DROP TABLE IF EXISTS {groups_users}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {groups_users} ( `group_id` int(9) NOT NULL, `user_id` int(9) NOT NULL, PRIMARY KEY (`group_id`,`user_id`), UNIQUE KEY `user_id` (`user_id`,`group_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {groups_users} VALUES (1,1); INSERT INTO {groups_users} VALUES (1,2); INSERT INTO {groups_users} VALUES (2,2); DROP TABLE IF EXISTS {incoming_translations}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {incoming_translations} ( `id` int(9) NOT NULL auto_increment, `key` char(32) NOT NULL, @@ -130,10 +107,7 @@ CREATE TABLE {incoming_translations} ( UNIQUE KEY `key` (`key`,`locale`), KEY `locale_key` (`locale`,`key`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {items}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {items} ( `id` int(9) NOT NULL auto_increment, `album_cover_item_id` int(9) default NULL, @@ -141,7 +115,7 @@ CREATE TABLE {items} ( `created` int(9) default NULL, `description` varchar(2048) default NULL, `height` int(9) default NULL, - `left` int(9) NOT NULL, + `left_ptr` int(9) NOT NULL, `level` int(9) NOT NULL, `mime_type` varchar(64) default NULL, `name` varchar(255) default NULL, @@ -152,7 +126,7 @@ CREATE TABLE {items} ( `resize_dirty` tinyint(1) default '1', `resize_height` int(9) default NULL, `resize_width` int(9) default NULL, - `right` int(9) NOT NULL, + `right_ptr` int(9) NOT NULL, `sort_column` varchar(64) default NULL, `sort_order` char(4) default 'ASC', `thumb_dirty` tinyint(1) default '1', @@ -171,11 +145,8 @@ CREATE TABLE {items} ( KEY `type` (`type`), KEY `random` (`rand_key`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {items} VALUES (1,NULL,NULL,UNIX_TIMESTAMP(),'',NULL,1,1,NULL,NULL,NULL,0,NULL,'',1,NULL,NULL,2,'weight','ASC',1,NULL,NULL,'Gallery','album',UNIX_TIMESTAMP(),0,1,NULL,'1','1'); DROP TABLE IF EXISTS {items_tags}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {items_tags} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) NOT NULL, @@ -184,10 +155,7 @@ CREATE TABLE {items_tags} ( KEY `tag_id` (`tag_id`,`id`), KEY `item_id` (`item_id`,`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {logs}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {logs} ( `id` int(9) NOT NULL auto_increment, `category` varchar(64) default NULL, @@ -200,10 +168,7 @@ CREATE TABLE {logs} ( `user_id` int(9) default '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {messages}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {messages} ( `id` int(9) NOT NULL auto_increment, `key` varchar(255) default NULL, @@ -212,10 +177,7 @@ CREATE TABLE {messages} ( PRIMARY KEY (`id`), UNIQUE KEY `key` (`key`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {modules}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {modules} ( `id` int(9) NOT NULL auto_increment, `active` tinyint(1) default '0', @@ -224,8 +186,7 @@ CREATE TABLE {modules} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; -INSERT INTO {modules} VALUES (1,1,'gallery',7); +INSERT INTO {modules} VALUES (1,1,'gallery',9); INSERT INTO {modules} VALUES (2,1,'user',1); INSERT INTO {modules} VALUES (3,1,'comment',2); INSERT INTO {modules} VALUES (4,1,'organize',1); @@ -235,8 +196,6 @@ INSERT INTO {modules} VALUES (7,1,'search',1); INSERT INTO {modules} VALUES (8,1,'slideshow',1); INSERT INTO {modules} VALUES (9,1,'tag',1); DROP TABLE IF EXISTS {outgoing_translations}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {outgoing_translations} ( `id` int(9) NOT NULL auto_increment, `base_revision` int(9) default NULL, @@ -248,10 +207,7 @@ CREATE TABLE {outgoing_translations} ( UNIQUE KEY `key` (`key`,`locale`), KEY `locale_key` (`locale`,`key`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {permissions}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {permissions} ( `id` int(9) NOT NULL auto_increment, `display_name` varchar(64) default NULL, @@ -259,14 +215,11 @@ CREATE TABLE {permissions} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {permissions} VALUES (1,'View','view'); INSERT INTO {permissions} VALUES (2,'View Full Size','view_full'); INSERT INTO {permissions} VALUES (3,'Edit','edit'); INSERT INTO {permissions} VALUES (4,'Add','add'); DROP TABLE IF EXISTS {search_records}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {search_records} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, @@ -276,21 +229,15 @@ CREATE TABLE {search_records} ( KEY `item_id` (`item_id`), FULLTEXT KEY `data` (`data`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {search_records} VALUES (1,1,0,' Gallery'); DROP TABLE IF EXISTS {sessions}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {sessions} ( `session_id` varchar(127) NOT NULL, `data` text NOT NULL, `last_activity` int(10) unsigned NOT NULL, PRIMARY KEY (`session_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {tags}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {tags} ( `id` int(9) NOT NULL auto_increment, `name` varchar(64) NOT NULL, @@ -298,10 +245,7 @@ CREATE TABLE {tags} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {tasks}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {tasks} ( `id` int(9) NOT NULL auto_increment, `callback` varchar(128) default NULL, @@ -316,10 +260,7 @@ CREATE TABLE {tasks} ( PRIMARY KEY (`id`), KEY `owner_id` (`owner_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS {themes}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {themes} ( `id` int(9) NOT NULL auto_increment, `name` varchar(64) default NULL, @@ -327,12 +268,9 @@ CREATE TABLE {themes} ( PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {themes} VALUES (1,'default',1); INSERT INTO {themes} VALUES (2,'admin_default',1); DROP TABLE IF EXISTS {users}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {users} ( `id` int(9) NOT NULL auto_increment, `name` varchar(32) NOT NULL, @@ -350,12 +288,9 @@ CREATE TABLE {users} ( UNIQUE KEY `name` (`name`), UNIQUE KEY `hash` (`hash`) ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {users} VALUES (1,'guest','Guest User','',0,0,NULL,0,1,NULL,NULL,NULL); INSERT INTO {users} VALUES (2,'admin','Gallery Administrator','',0,0,NULL,1,0,NULL,NULL,NULL); DROP TABLE IF EXISTS {vars}; -SET @saved_cs_client = @@character_set_client; -SET character_set_client = utf8; CREATE TABLE {vars} ( `id` int(9) NOT NULL auto_increment, `module_name` varchar(64) NOT NULL, @@ -364,7 +299,6 @@ CREATE TABLE {vars} ( PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) ) ENGINE=InnoDB AUTO_INCREMENT=27 DEFAULT CHARSET=utf8; -SET character_set_client = @saved_cs_client; INSERT INTO {vars} VALUES (1,'gallery','active_site_theme','default'); INSERT INTO {vars} VALUES (2,'gallery','active_admin_theme','admin_default'); INSERT INTO {vars} VALUES (3,'gallery','page_size','9'); diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c84527f4..949aea84 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -166,8 +166,8 @@ class access_Core { // For view permissions, if any parent is self::DENY, then those parents lock this one. // Return $lock = ORM::factory("item") - ->where("`left` <= $item->left") - ->where("`right` >= $item->right") + ->where("`left_ptr` <= $item->left_ptr") + ->where("`right_ptr` >= $item->right_ptr") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") ->where("access_intents.view_$group->id", self::DENY) @@ -490,11 +490,11 @@ class access_Core { // item, then its safe to propagate from here. if ($access->$field !== self::DENY) { $tmp_item = ORM::factory("item") - ->where("left <", $item->left) - ->where("right >", $item->right) + ->where("left_ptr <", $item->left_ptr) + ->where("right_ptr >", $item->right_ptr) ->join("access_intents", "access_intents.item_id", "items.id") ->where("access_intents.$field", self::DENY) - ->orderby("left", "DESC") + ->orderby("left_ptr", "DESC") ->limit(1) ->find(); if ($tmp_item->loaded) { @@ -507,13 +507,13 @@ class access_Core { // them according the rule above. So mark every permission below this level as UNKNOWN so // that we can tell which permissions have been changed, and which ones need to be updated. $db->update("items", array($field => self::UNKNOWN), - array("left >=" => $item->left, "right <=" => $item->right)); + array("left_ptr >=" => $item->left_ptr, "right_ptr <=" => $item->right_ptr)); $query = ORM::factory("access_intent") - ->select(array("access_intents.$field", "items.left", "items.right", "items.id")) + ->select(array("access_intents.$field", "items.left_ptr", "items.right_ptr", "items.id")) ->join("items", "items.id", "access_intents.item_id") - ->where("left >=", $item->left) - ->where("right <=", $item->right) + ->where("left_ptr >=", $item->left_ptr) + ->where("right_ptr <=", $item->right_ptr) ->where("type", "album") ->where("access_intents.$field IS NOT", self::INHERIT) ->orderby("level", "DESC") @@ -522,11 +522,11 @@ class access_Core { if ($row->$field == self::ALLOW) { // Propagate ALLOW for any row that is still UNKNOWN. $db->update("items", array($field => $row->$field), - array($field => self::UNKNOWN, "left >=" => $row->left, "right <=" => $row->right)); + array($field => self::UNKNOWN, "left_ptr >=" => $row->left_ptr, "right_ptr <=" => $row->right_ptr)); } else if ($row->$field == self::DENY) { // DENY overwrites everything below it $db->update("items", array($field => $row->$field), - array("left >=" => $row->left, "right <=" => $row->right)); + array("left_ptr >=" => $row->left_ptr, "right_ptr <=" => $row->right_ptr)); } } @@ -534,7 +534,7 @@ class access_Core { // DENY parent in the hierarchy to propagate from. So we'll still have a UNKNOWN values in // the hierarchy, and all of those are safe to change to ALLOW. $db->update("items", array($field => self::ALLOW), - array($field => self::UNKNOWN, "left >=" => $item->left, "right <=" => $item->right)); + array($field => self::UNKNOWN, "left_ptr >=" => $item->left_ptr, "right_ptr <=" => $item->right_ptr)); } /** @@ -562,10 +562,10 @@ class access_Core { if ($access->$field === self::INHERIT) { $tmp_item = ORM::factory("item") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("left <", $item->left) - ->where("right >", $item->right) + ->where("left_ptr <", $item->left_ptr) + ->where("right_ptr >", $item->right_ptr) ->where("$field IS NOT", self::UNKNOWN) - ->orderby("left", "DESC") + ->orderby("left_ptr", "DESC") ->limit(1) ->find(); if ($tmp_item->loaded) { @@ -576,10 +576,10 @@ class access_Core { // With non-view permissions, each level can override any permissions that came above it // so start at the top and work downwards, overlaying permissions as we go. $query = ORM::factory("access_intent") - ->select(array("access_intents.$field", "items.left", "items.right")) + ->select(array("access_intents.$field", "items.left_ptr", "items.right_ptr")) ->join("items", "items.id", "access_intents.item_id") - ->where("left >=", $item->left) - ->where("right <=", $item->right) + ->where("left_ptr >=", $item->left_ptr) + ->where("right_ptr <=", $item->right_ptr) ->where("$field IS NOT", self::INHERIT) ->orderby("level", "ASC") ->find_all(); @@ -589,8 +589,8 @@ class access_Core { "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . " (SELECT `id` FROM {items} " . - " WHERE `left` >= $row->left " . - " AND `right` <= $row->right)"); + " WHERE `left_ptr` >= $row->left_ptr " . + " AND `right_ptr` <= $row->right_ptr)"); } } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index db13307f..760bec31 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -72,7 +72,7 @@ class gallery_installer { `created` int(9) default NULL, `description` varchar(2048) default NULL, `height` int(9) default NULL, - `left` int(9) NOT NULL, + `left_ptr` int(9) NOT NULL, `level` int(9) NOT NULL, `mime_type` varchar(64) default NULL, `name` varchar(255) default NULL, @@ -83,7 +83,7 @@ class gallery_installer { `resize_dirty` boolean default 1, `resize_height` int(9) default NULL, `resize_width` int(9) default NULL, - `right` int(9) NOT NULL, + `right_ptr` int(9) NOT NULL, `sort_column` varchar(64) default NULL, `sort_order` char(4) default 'ASC', `thumb_dirty` boolean default 1, @@ -204,8 +204,8 @@ class gallery_installer { $root->type = "album"; $root->title = "Gallery"; $root->description = ""; - $root->left = 1; - $root->right = 2; + $root->left_ptr = 1; + $root->right_ptr = 2; $root->parent_id = 0; $root->level = 1; $root->thumb_dirty = 1; @@ -258,7 +258,7 @@ class gallery_installer { module::set_var("gallery", "show_credits", 1); // @todo this string needs to be picked up by l10n_scanner module::set_var("gallery", "credits", "Powered by Gallery %version"); - module::set_version("gallery", 7); + module::set_version("gallery", 9); } static function upgrade($version) { @@ -323,6 +323,12 @@ class gallery_installer { } module::set_version("gallery", $version = 8); } + + if ($version == 8) { + $db->query("ALTER TABLE {items} CHANGE COLUMN `left` `left_ptr` INT(9) NOT NULL;"); + $db->query("ALTER TABLE {items} CHANGE COLUMN `right` `right_ptr` INT(9) NOT NULL;"); + module::set_version("gallery", $version = 9); + } } static function uninstall() { diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index e371f159..1917d738 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -52,14 +52,14 @@ class ORM_MPTT_Core extends ORM { try { // Make a hole in the parent for this new item $this->db->query( - "UPDATE {{$this->table_name}} SET `left` = `left` + 2 WHERE `left` >= {$parent->right}"); + "UPDATE {{$this->table_name}} SET `left_ptr` = `left_ptr` + 2 WHERE `left_ptr` >= {$parent->right_ptr}"); $this->db->query( - "UPDATE {{$this->table_name}} SET `right` = `right` + 2 WHERE `right` >= {$parent->right}"); - $parent->right += 2; + "UPDATE {{$this->table_name}} SET `right_ptr` = `right_ptr` + 2 WHERE `right_ptr` >= {$parent->right_ptr}"); + $parent->right_ptr += 2; // Insert this item into the hole - $this->left = $parent->right - 2; - $this->right = $parent->right - 1; + $this->left_ptr = $parent->right_ptr - 2; + $this->right_ptr = $parent->right_ptr - 1; $this->parent_id = $parent->id; $this->level = $parent->level + 1; $this->save(); @@ -81,7 +81,7 @@ class ORM_MPTT_Core extends ORM { if ($children) { foreach ($this->children() as $item) { // Deleting children affects the MPTT tree, so we have to reload each child before we - // delete it so that we have current left/right pointers. This is inefficient. + // delete it so that we have current left_ptr/right_ptr pointers. This is inefficient. // @todo load each child once, not twice. $item->reload()->delete(); } @@ -93,9 +93,9 @@ class ORM_MPTT_Core extends ORM { $this->lock(); try { $this->db->query( - "UPDATE {{$this->table_name}} SET `left` = `left` - 2 WHERE `left` > {$this->right}"); + "UPDATE {{$this->table_name}} SET `left_ptr` = `left_ptr` - 2 WHERE `left_ptr` > {$this->right_ptr}"); $this->db->query( - "UPDATE {{$this->table_name}} SET `right` = `right` - 2 WHERE `right` > {$this->right}"); + "UPDATE {{$this->table_name}} SET `right_ptr` = `right_ptr` - 2 WHERE `right_ptr` > {$this->right_ptr}"); } catch (Exception $e) { $this->unlock(); throw $e; @@ -111,7 +111,7 @@ class ORM_MPTT_Core extends ORM { * @return boolean */ function is_descendant($target) { - return ($this->left <= $target->left && $this->right >= $target->right); + return ($this->left_ptr <= $target->left_ptr && $this->right_ptr >= $target->right_ptr); } /** @@ -133,10 +133,10 @@ class ORM_MPTT_Core extends ORM { */ function parents() { return $this - ->where("`left` <= {$this->left}") - ->where("`right` >= {$this->right}") + ->where("`left_ptr` <= {$this->left_ptr}") + ->where("`right_ptr` >= {$this->right_ptr}") ->where("id <> {$this->id}") - ->orderby("left", "ASC") + ->orderby("left_ptr", "ASC") ->find_all(); } @@ -181,8 +181,8 @@ class ORM_MPTT_Core extends ORM { * @return object ORM_Iterator */ function descendants($limit=null, $offset=0, $type=null, $orderby=null) { - $this->where("left >", $this->left) - ->where("right <=", $this->right); + $this->where("left_ptr >", $this->left_ptr) + ->where("right_ptr <=", $this->right_ptr); if ($type) { $this->where("type", $type); } @@ -203,8 +203,8 @@ class ORM_MPTT_Core extends ORM { * @return integer child count */ function descendants_count($type=null) { - $this->where("left >", $this->left) - ->where("right <=", $this->right); + $this->where("left_ptr >", $this->left_ptr) + ->where("right_ptr <=", $this->right_ptr); if ($type) { $this->where("type", $type); } @@ -219,16 +219,16 @@ class ORM_MPTT_Core extends ORM { * @return ORM_MTPP */ function move_to($target) { - if ($this->left <= $target->left && - $this->right >= $target->right) { + if ($this->left_ptr <= $target->left_ptr && + $this->right_ptr >= $target->right_ptr) { throw new Exception("@todo INVALID_TARGET can't move item inside itself"); } - $number_to_move = (int)(($this->right - $this->left) / 2 + 1); + $number_to_move = (int)(($this->right_ptr - $this->left_ptr) / 2 + 1); $size_of_hole = $number_to_move * 2; - $original_left = $this->left; - $original_right = $this->right; - $target_right = $target->right; + $original_left_ptr = $this->left_ptr; + $original_right_ptr = $this->right_ptr; + $target_right_ptr = $target->right_ptr; $level_delta = ($target->level + 1) - $this->level; $this->lock(); @@ -237,45 +237,45 @@ class ORM_MPTT_Core extends ORM { // Update the levels for the to-be-moved items $this->db->query( "UPDATE {{$this->table_name}} SET `level` = `level` + $level_delta" . - " WHERE `left` >= $original_left AND `right` <= $original_right"); + " WHERE `left_ptr` >= $original_left_ptr AND `right_ptr` <= $original_right_ptr"); } // Make a hole in the target for the move $target->db->query( - "UPDATE {{$this->table_name}} SET `left` = `left` + $size_of_hole" . - " WHERE `left` >= $target_right"); + "UPDATE {{$this->table_name}} SET `left_ptr` = `left_ptr` + $size_of_hole" . + " WHERE `left_ptr` >= $target_right_ptr"); $target->db->query( - "UPDATE {{$this->table_name}} SET `right` = `right` + $size_of_hole" . - " WHERE `right` >= $target_right"); + "UPDATE {{$this->table_name}} SET `right_ptr` = `right_ptr` + $size_of_hole" . + " WHERE `right_ptr` >= $target_right_ptr"); // Change the parent. $this->db->query( "UPDATE {{$this->table_name}} SET `parent_id` = {$target->id}" . " WHERE `id` = {$this->id}"); - // If the source is to the right of the target then we just adjusted its left and right above. - $left = $original_left; - $right = $original_right; - if ($original_left > $target_right) { - $left += $size_of_hole; - $right += $size_of_hole; + // If the source is to the right of the target then we just adjusted its left_ptr and right_ptr above. + $left_ptr = $original_left_ptr; + $right_ptr = $original_right_ptr; + if ($original_left_ptr > $target_right_ptr) { + $left_ptr += $size_of_hole; + $right_ptr += $size_of_hole; } - $new_offset = $target->right - $left; + $new_offset = $target->right_ptr - $left_ptr; $this->db->query( "UPDATE {{$this->table_name}}" . - " SET `left` = `left` + $new_offset," . - " `right` = `right` + $new_offset" . - " WHERE `left` >= $left" . - " AND `right` <= $right"); + " SET `left_ptr` = `left_ptr` + $new_offset," . + " `right_ptr` = `right_ptr` + $new_offset" . + " WHERE `left_ptr` >= $left_ptr" . + " AND `right_ptr` <= $right_ptr"); // Close the hole in the source's parent after the move $this->db->query( - "UPDATE {{$this->table_name}} SET `left` = `left` - $size_of_hole" . - " WHERE `left` > $right"); + "UPDATE {{$this->table_name}} SET `left_ptr` = `left_ptr` - $size_of_hole" . + " WHERE `left_ptr` > $right_ptr"); $this->db->query( - "UPDATE {{$this->table_name}} SET `right` = `right` - $size_of_hole" . - " WHERE `right` > $right"); + "UPDATE {{$this->table_name}} SET `right_ptr` = `right_ptr` - $size_of_hole" . + " WHERE `right_ptr` > $right_ptr"); } catch (Exception $e) { $this->unlock(); throw $e; diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 58ac8f18..d9dd88f5 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -150,7 +150,7 @@ class Item_Model extends ORM_MPTT { Database::instance() ->update("items", array("relative_path_cache" => null), - array("left >" => $this->left, "right <" => $this->right)); + array("left_ptr >" => $this->left_ptr, "right_ptr <" => $this->right_ptr)); } else { @rename($original_resize_path, $this->resize_path()); @rename($original_thumb_path, $this->thumb_path()); @@ -186,7 +186,7 @@ class Item_Model extends ORM_MPTT { Database::instance() ->update("items", array("relative_path_cache" => null), - array("left >" => $this->left, "right <" => $this->right)); + array("left_ptr >" => $this->left_ptr, "right_ptr <" => $this->right_ptr)); } return $this; @@ -302,10 +302,10 @@ class Item_Model extends ORM_MPTT { foreach (Database::instance() ->select("name") ->from("items") - ->where("left <=", $this->left) - ->where("right >=", $this->right) + ->where("left_ptr <=", $this->left_ptr) + ->where("right_ptr >=", $this->right_ptr) ->where("id <>", 1) - ->orderby("left", "ASC") + ->orderby("left_ptr", "ASC") ->get() as $row) { $paths[] = $row->name; } diff --git a/modules/gallery/module.info b/modules/gallery/module.info index ba367878..c5a9d25d 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,3 +1,3 @@ name = "Gallery 3" description = "Gallery core application" -version = 8 +version = 9 diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php index bd3d2f53..d83212ad 100644 --- a/modules/gallery/tests/Database_Test.php +++ b/modules/gallery/tests/Database_Test.php @@ -103,15 +103,15 @@ class Database_Test extends Unit_Test_Case { $sql = "UPDATE {test_tables} SET `name` = '{test string}' " . "WHERE `item_id` IN " . " (SELECT `id` FROM {items} " . - " WHERE `left` >= 1 " . - " AND `right` <= 6)"; + " WHERE `left_ptr` >= 1 " . + " AND `right_ptr` <= 6)"; $sql = $db->add_table_prefixes($sql); $expected = "UPDATE g3test_test_tables SET `name` = '{test string}' " . "WHERE `item_id` IN " . " (SELECT `id` FROM g3test_items " . - " WHERE `left` >= 1 " . - " AND `right` <= 6)"; + " WHERE `left_ptr` >= 1 " . + " AND `right_ptr` <= 6)"; $this->assert_same($expected, $sql); } diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php index 27157d6e..36ced2bb 100644 --- a/modules/gallery/tests/Gallery_Installer_Test.php +++ b/modules/gallery/tests/Gallery_Installer_Test.php @@ -34,13 +34,13 @@ class Gallery_Installer_Test extends Unit_Test_Case { } public function install_creates_root_item_test() { - $max_right = ORM::factory("item") - ->select("MAX(`right`) AS `right`") - ->find()->right; + $max_right_ptr = ORM::factory("item") + ->select("MAX(`right_ptr`) AS `right_ptr`") + ->find()->right_ptr; $root = ORM::factory('item')->find(1); $this->assert_equal("Gallery", $root->title); - $this->assert_equal(1, $root->left); - $this->assert_equal($max_right, $root->right); + $this->assert_equal(1, $root->left_ptr); + $this->assert_equal($max_right_ptr, $root->right_ptr); $this->assert_equal(null, $root->parent_id); $this->assert_equal(1, $root->level); } diff --git a/modules/gallery/tests/ORM_MPTT_Test.php b/modules/gallery/tests/ORM_MPTT_Test.php index 200c8a74..943810c3 100644 --- a/modules/gallery/tests/ORM_MPTT_Test.php +++ b/modules/gallery/tests/ORM_MPTT_Test.php @@ -33,8 +33,8 @@ class ORM_MPTT_Test extends Unit_Test_Case { $album->sort_order = "ASC"; $album->add_to_parent($root); - $this->assert_equal($album->parent()->right - 2, $album->left); - $this->assert_equal($album->parent()->right - 1, $album->right); + $this->assert_equal($album->parent()->right_ptr - 2, $album->left_ptr); + $this->assert_equal($album->parent()->right_ptr - 1, $album->right_ptr); $this->assert_equal($album->parent()->level + 1, $album->level); $this->assert_equal($album->parent()->id, $album->parent_id); } @@ -48,10 +48,10 @@ class ORM_MPTT_Test extends Unit_Test_Case { $album1_1_2 = self::create_item_and_add_to_parent($album1_1); $album1->reload(); - $this->assert_equal(9, $album1->right - $album1->left); + $this->assert_equal(9, $album1->right_ptr - $album1->left_ptr); $album1_1->reload(); - $this->assert_equal(5, $album1_1->right - $album1_1->left); + $this->assert_equal(5, $album1_1->right_ptr - $album1_1->left_ptr); } public function delete_hierarchy_test() { @@ -66,7 +66,7 @@ class ORM_MPTT_Test extends Unit_Test_Case { $album1->reload(); // Now album1 contains only album1_2 - $this->assert_equal(3, $album1->right - $album1->left); + $this->assert_equal(3, $album1->right_ptr - $album1->left_ptr); } public function move_to_test() { @@ -85,8 +85,8 @@ class ORM_MPTT_Test extends Unit_Test_Case { $album1_1->reload(); $album1_2->reload(); - $this->assert_equal(3, $album1_1->right - $album1_1->left); - $this->assert_equal(3, $album1_2->right - $album1_2->left); + $this->assert_equal(3, $album1_1->right_ptr - $album1_1->left_ptr); + $this->assert_equal(3, $album1_2->right_ptr - $album1_2->left_ptr); $this->assert_equal( array($album1_1_2->id => "move_to_test_1_1_2"), diff --git a/modules/gallery/tests/Photo_Helper_Test.php b/modules/gallery/tests/Photo_Helper_Test.php index cc1f20da..c0641ef4 100644 --- a/modules/gallery/tests/Photo_Helper_Test.php +++ b/modules/gallery/tests/Photo_Helper_Test.php @@ -43,8 +43,8 @@ class Photo_Helper_Test extends Unit_Test_Case { $this->assert_equal($image_info[0], $photo->width); $this->assert_equal($image_info[1], $photo->height); - $this->assert_equal($photo->parent()->right - 2, $photo->left); - $this->assert_equal($photo->parent()->right - 1, $photo->right); + $this->assert_equal($photo->parent()->right_ptr - 2, $photo->left_ptr); + $this->assert_equal($photo->parent()->right_ptr - 1, $photo->right_ptr); } public function create_conflicting_photo_test() { diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index d91a37e8..92c40d4f 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -73,8 +73,8 @@ class notification { ->join("subscriptions", "users.id", "subscriptions.user_id") ->join("items", "subscriptions.item_id", "items.id") ->where("email IS NOT", null) - ->where("items.left <=", $item->left) - ->where("items.right >", $item->right) + ->where("items.left_ptr <=", $item->left_ptr) + ->where("items.right_ptr >", $item->right_ptr) ->find_all(); $subscribers = array(); -- cgit v1.2.3 From 809e52d80cbf3beb75b238fddb0da3951fb9a8e7 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 25 Jul 2009 23:45:48 -0700 Subject: Fix for ticket #452 1) Change access_Core::user_can to return true for all permissions if the owner is the specified user. 2) Change Item_Model::viewable to set the owner_id is the first view_restriction This allowed simplification of the generating the where clause to a single $this->orwhere instead of a where and an orwhere. --- modules/gallery/helpers/access.php | 2 +- modules/gallery/models/item.php | 22 ++++------------------ 2 files changed, 5 insertions(+), 19 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index c84527f4..2faa922b 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,7 +95,7 @@ class access_Core { return false; } - if ($user->admin) { + if ($user->admin && $item->owner_id == $user->id) { return true; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 129bd77f..99d1ca6d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,31 +38,17 @@ class Item_Model extends ORM_MPTT { if (user::active()->admin) { $this->view_restrictions = array(); } else { + $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - // Separate the first restriction from the rest to make it easier for us to formulate - // our where clause below - if (empty($this->view_restrictions)) { - $this->view_restrictions[0] = "view_$id"; - } else { - $this->view_restrictions[1]["view_$id"] = access::ALLOW; - } + $this->view_restrictions["view_$id"] = access::ALLOW; } } } - switch (count($this->view_restrictions)) { - case 0: - break; - case 1: - $this->where($this->view_restrictions[0], access::ALLOW); - break; - - default: + if (!empty($this->view_restrictions)) { $this->open_paren(); - $this->where($this->view_restrictions[0], access::ALLOW); - $this->orwhere($this->view_restrictions[1]); + $this->orwhere($this->view_restrictions); $this->close_paren(); - break; } return $this; -- cgit v1.2.3 From 0b97cfd6f098be08be5f3cf1dbca1cce580ae330 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 26 Jul 2009 09:29:29 -0700 Subject: Changed access::user_can to force the owner of an item to have view permission on the parent. Added a whitelist of allowable owner permissions. If the requested permission is view and the user requesting access is the owner, check that they have view permission to the parent. --- modules/gallery/helpers/access.php | 17 +++++++++-- modules/gallery/tests/Access_Helper_Test.php | 42 ++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 3 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 2faa922b..4f737c7f 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,13 +95,24 @@ class access_Core { return false; } - if ($user->admin && $item->owner_id == $user->id) { + if ($user->admin) { return true; } - $resource = $perm_name == "view" ? - $item : model_cache::get("access_cache", $item->id, "item_id"); + print "Before owner id check\n"; + if ($item->owner_id == $user->id && + in_array($perm_name, array("view_full", "edit", "add"))) { + return true; + } + + if ($perm_name == "view") { + $resource = $item->owner_id == $user->id ? $item->parent() : $item; + } else { + $resource = model_cache::get("access_cache", $item->id, "item_id"); + } + print Kohana::debug($resource->as_array()) . "\n"; foreach ($user->groups as $group) { + print "$group->name\n"; if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 59cec453..737ed8a6 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -101,6 +101,48 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); } + public function owner_can_view_album_test() { + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->save(); + + $root = ORM::factory("item", 1); + $item = album::create($root, rand(), "test album", $user->id); + + $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); + } + + public function owner_can_view_photo_test() { + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->save(); + + $root = ORM::factory("item", 1); + $album = album::create($root, rand(), "test album", $user->id); + $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); + + $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); + } + + public function owner_cant_view_photo_test() { + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->save(); + + $root = ORM::factory("item", 1); + $album = album::create($root, rand(), "test album"); + access::deny(group::everybody(), "view", $album); + $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); + + $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view"); + } + public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); -- cgit v1.2.3 From 0d76d6fd77f53e9e92a9a013cd112c69217f3ceb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 26 Jul 2009 09:33:44 -0700 Subject: It helps to save before committing :-) --- modules/gallery/helpers/access.php | 3 --- 1 file changed, 3 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 4f737c7f..abb48fc3 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,7 +99,6 @@ class access_Core { return true; } - print "Before owner id check\n"; if ($item->owner_id == $user->id && in_array($perm_name, array("view_full", "edit", "add"))) { return true; @@ -110,9 +109,7 @@ class access_Core { } else { $resource = model_cache::get("access_cache", $item->id, "item_id"); } - print Kohana::debug($resource->as_array()) . "\n"; foreach ($user->groups as $group) { - print "$group->name\n"; if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } -- cgit v1.2.3 From 1ec1f19f1a388ed8f49af13d0de77e714c286811 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 27 Jul 2009 11:12:27 -0700 Subject: Back out fixes for ticket #452 Revert "It helps to save before committing :-)" This reverts commit 0d76d6fd77f53e9e92a9a013cd112c69217f3ceb. --- modules/gallery/helpers/access.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index fbe0b550..79394d35 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,6 +99,7 @@ class access_Core { return true; } + print "Before owner id check\n"; if ($item->owner_id == $user->id && in_array($perm_name, array("view_full", "edit", "add"))) { return true; @@ -109,7 +110,9 @@ class access_Core { } else { $resource = model_cache::get("access_cache", $item->id, "item_id"); } + print Kohana::debug($resource->as_array()) . "\n"; foreach ($user->groups as $group) { + print "$group->name\n"; if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } -- cgit v1.2.3 From 5fd82a2edea41209a6936f89c56bbd53083ed182 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 27 Jul 2009 11:13:20 -0700 Subject: Back out the fix for ticket #452 Revert "Changed access::user_can to force the owner of an item to have" This reverts commit 0b97cfd6f098be08be5f3cf1dbca1cce580ae330. --- modules/gallery/helpers/access.php | 17 ++--------- modules/gallery/tests/Access_Helper_Test.php | 42 ---------------------------- 2 files changed, 3 insertions(+), 56 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 79394d35..8c6f5d54 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,24 +95,13 @@ class access_Core { return false; } - if ($user->admin) { + if ($user->admin && $item->owner_id == $user->id) { return true; } - print "Before owner id check\n"; - if ($item->owner_id == $user->id && - in_array($perm_name, array("view_full", "edit", "add"))) { - return true; - } - - if ($perm_name == "view") { - $resource = $item->owner_id == $user->id ? $item->parent() : $item; - } else { - $resource = model_cache::get("access_cache", $item->id, "item_id"); - } - print Kohana::debug($resource->as_array()) . "\n"; + $resource = $perm_name == "view" ? + $item : model_cache::get("access_cache", $item->id, "item_id"); foreach ($user->groups as $group) { - print "$group->name\n"; if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; } diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 737ed8a6..59cec453 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -101,48 +101,6 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); } - public function owner_can_view_album_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $item = album::create($root, rand(), "test album", $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_can_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album", $user->id); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_cant_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album"); - access::deny(group::everybody(), "view", $album); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view"); - } - public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); -- cgit v1.2.3 From 4edf86f0ebfedbbdfda3daf71ed55a461edf9c6c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 27 Jul 2009 11:14:03 -0700 Subject: Revert "Fix for ticket #452" This reverts commit 809e52d80cbf3beb75b238fddb0da3951fb9a8e7. --- modules/gallery/helpers/access.php | 2 +- modules/gallery/models/item.php | 22 ++++++++++++++++++---- 2 files changed, 19 insertions(+), 5 deletions(-) (limited to 'modules/gallery/helpers/access.php') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 8c6f5d54..949aea84 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -95,7 +95,7 @@ class access_Core { return false; } - if ($user->admin && $item->owner_id == $user->id) { + if ($user->admin) { return true; } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 45561380..d9dd88f5 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,17 +38,31 @@ class Item_Model extends ORM_MPTT { if (user::active()->admin) { $this->view_restrictions = array(); } else { - $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - $this->view_restrictions["view_$id"] = access::ALLOW; + // Separate the first restriction from the rest to make it easier for us to formulate + // our where clause below + if (empty($this->view_restrictions)) { + $this->view_restrictions[0] = "view_$id"; + } else { + $this->view_restrictions[1]["view_$id"] = access::ALLOW; + } } } } + switch (count($this->view_restrictions)) { + case 0: + break; - if (!empty($this->view_restrictions)) { + case 1: + $this->where($this->view_restrictions[0], access::ALLOW); + break; + + default: $this->open_paren(); - $this->orwhere($this->view_restrictions); + $this->where($this->view_restrictions[0], access::ALLOW); + $this->orwhere($this->view_restrictions[1]); $this->close_paren(); + break; } return $this; -- cgit v1.2.3