From 5b3b675b6d8a1cd9a5f2b9455c551791e18d88ff Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 16 Jul 2009 11:19:34 -0700
Subject: Non-trivial changes to the event handling code:

1) The item_updated event no longer takes the old and new items.
   Instead we overload ORM to track the original data and make
   that available via the item.  This will allow us to move event
   publishing down into the API methods which in turn will give us
   more stability since we won't require each controller to remember
   to do it.

2) ORM class now tracks the original values.  It doesn't track
   the original relationships (no need for that, yet)

3) Added new events:
     item_deleted
     group_deleted
     user_deleted
---
 modules/gallery/helpers/gallery_event.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/helpers/gallery_event.php')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index aa11b7c0..2f3a64d3 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -23,7 +23,7 @@ class gallery_event_Core {
     access::add_group($group);
   }
 
-  static function group_before_delete($group) {
+  static function group_deleted($group) {
     access::delete_group($group);
   }
 
@@ -31,7 +31,7 @@ class gallery_event_Core {
     access::add_item($item);
   }
 
-  static function item_before_delete($item) {
+  static function item_deleted($item) {
     access::delete_item($item);
   }
 
-- 
cgit v1.2.3


From 8a6556b30bc34d69284df6246f4010a8835f3bc2 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 17 Jul 2009 08:14:08 -0700
Subject: Fix a bug where moved items don't properly inherit permissions from
 their new target.  After each move, recalculate the permissions for the new
 parent's hierarchy.

Fixes ticket #552
---
 modules/gallery/helpers/access.php           | 15 ++++++++++++
 modules/gallery/helpers/gallery_event.php    |  4 ++++
 modules/gallery/models/item.php              |  6 +++--
 modules/gallery/tests/Access_Helper_Test.php | 36 ++++++++++++++++++++++++++++
 4 files changed, 59 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/helpers/gallery_event.php')

diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
index c48f0b79..5dd1e465 100644
--- a/modules/gallery/helpers/access.php
+++ b/modules/gallery/helpers/access.php
@@ -243,6 +243,21 @@ class access_Core {
     self::_set($group, $perm_name, $item, null);
   }
 
+  /**
+   * Recalculate the permissions for a given item and its hierarchy.  $item must be an album.
+   */
+  static function recalculate_permissions($item) {
+    foreach (self::_get_all_groups() as $group) {
+      foreach (ORM::factory("permission")->find_all() as $perm) {
+        if ($perm->name == "view") {
+          self::_update_access_view_cache($group, $item);
+        } else {
+          self::_update_access_non_view_cache($group, $perm->name, $item);
+        }
+      }
+    }
+  }
+
   /**
    * Register a permission so that modules can use it.
    *
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 2f3a64d3..1cd96372 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -35,6 +35,10 @@ class gallery_event_Core {
     access::delete_item($item);
   }
 
+  static function item_moved($item, $old_parent) {
+    access::recalculate_permissions($item->parent());
+  }
+
   static function user_login($user) {
     // If this user is an admin, check to see if there are any post-install tasks that we need
     // to run and take care of those now.
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 94e2fcf7..6512e9e5 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -122,8 +122,8 @@ class Item_Model extends ORM_MPTT {
   /**
    * Move this item to the specified target.
    * @chainable
-   * @param   Item_Model $target  Target item (must be an album
-   * @return  ORM_MTPP
+   * @param   Item_Model $target  Target item (must be an album)
+   * @return  ORM_MPTT
    */
   function move_to($target) {
     if (!$target->is_album()) {
@@ -137,6 +137,7 @@ class Item_Model extends ORM_MPTT {
     $original_path = $this->file_path();
     $original_resize_path = $this->resize_path();
     $original_thumb_path = $this->thumb_path();
+    $original_parent = $this->parent();
 
     parent::move_to($target, true);
     $this->relative_path_cache = null;
@@ -154,6 +155,7 @@ class Item_Model extends ORM_MPTT {
       @rename($original_thumb_path, $this->thumb_path());
     }
 
+    module::event("item_moved", $this, $original_parent);
     return $this;
   }
 
diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php
index d71bf971..1352b493 100644
--- a/modules/gallery/tests/Access_Helper_Test.php
+++ b/modules/gallery/tests/Access_Helper_Test.php
@@ -324,4 +324,40 @@ class Access_Helper_Test extends Unit_Test_Case {
     $this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
     $this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
   }
+
+  public function moved_items_inherit_new_permissions_test() {
+    user::set_active(user::lookup_by_name("admin"));
+
+    $root = ORM::factory("item", 1);
+    $public_album = album::create($root, rand(), "public album");
+    $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
+    access::allow(group::everybody(), "view", $public_album);
+
+    $root->reload();  // Account for MPTT changes
+
+    $private_album = album::create($root, rand(), "private album");
+    access::deny(group::everybody(), "view", $private_album);
+    $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
+
+    // Make sure that we now have a public photo and private photo.
+    $this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
+    $this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
+
+    // Swap the photos
+    item::move($public_photo, $private_album);
+    $private_album->reload(); // Reload to get new MPTT pointers and cached perms.
+    $public_album->reload();
+    $private_photo->reload();
+    $public_photo->reload();
+
+    item::move($private_photo, $public_album);
+    $private_album->reload(); // Reload to get new MPTT pointers and cached perms.
+    $public_album->reload();
+    $private_photo->reload();
+    $public_photo->reload();
+
+    // Make sure that the public_photo is now private, and the private_photo is now public.
+    $this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
+    $this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
+  }
 }
-- 
cgit v1.2.3