From 055e0a7dc5d4fe65f92c5621a26432cda206f07f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:42:31 -0700 Subject: Remove a completed @todo --- modules/gallery/helpers/gallery_menu.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index 1dc9cb41..ccbc681c 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -49,7 +49,6 @@ class gallery_menu_Core { ->url(url::site("form/edit/{$item->type}s/$item->id"))); // @todo Move album options menu to the album quick edit pane - // @todo Create resized item quick edit pane menu if ($item->is_album()) { $options_menu ->append(Menu::factory("dialog") -- cgit v1.2.3 From 381dd0574a9d83ceed1dbf6bcb1f7e158d46c85c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:53:33 -0700 Subject: Don't show the add photo/album options to users who don't have the permission. This isn't a security hole, since they can't actually add stuff.. but they can try and fail which is a bad user experience. Also fix it up so that we show the option menu only if there's stuff to show, and cache some of the permissions for performance (which I'm guessing at-- didn't benchmark it). --- modules/gallery/helpers/gallery_menu.php | 48 +++++++++++++++++++------------- 1 file changed, 28 insertions(+), 20 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index ccbc681c..7377bc9d 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -19,7 +19,8 @@ */ class gallery_menu_Core { static function site($menu, $theme) { - if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && user::active()->admin) { + $is_admin = user::active()->admin; + if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && $is_admin) { $menu->append($scaffold_menu = Menu::factory("submenu") ->id("scaffold") ->label("Scaffold")); @@ -36,38 +37,45 @@ class gallery_menu_Core { $item = $theme->item(); - if (user::active()->admin || ($item && access::can("edit", $item))) { + $can_edit = access::can("edit", $item) || $is_admin; + $can_add = access::can("add", $item) || $is_admin; + + if ($item && $can_edit || $can_add) { $menu->append($options_menu = Menu::factory("submenu") ->id("options_menu") ->label(t("Options"))); - if ($item && access::can("edit", $item)) { + if ($can_edit) { $options_menu ->append(Menu::factory("dialog") ->id("edit_item") ->label($item->is_album() ? t("Edit album") : t("Edit photo")) ->url(url::site("form/edit/{$item->type}s/$item->id"))); + } - // @todo Move album options menu to the album quick edit pane - if ($item->is_album()) { - $options_menu - ->append(Menu::factory("dialog") - ->id("add_item") - ->label(t("Add a photo")) - ->url(url::site("simple_uploader/app/$item->id"))) - ->append(Menu::factory("dialog") - ->id("add_album") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))) - ->append(Menu::factory("dialog") - ->id("edit_permissions") - ->label(t("Edit permissions")) - ->url(url::site("permissions/browse/$item->id"))); - } + // @todo Move album options menu to the album quick edit pane + if ($item->is_album() && $can_add) { + $options_menu + ->append(Menu::factory("dialog") + ->id("add_item") + ->label(t("Add a photo")) + ->url(url::site("simple_uploader/app/$item->id"))) + ->append(Menu::factory("dialog") + ->id("add_album") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } + + if ($can_edit) { + $options_menu + ->append(Menu::factory("dialog") + ->id("edit_permissions") + ->label(t("Edit permissions")) + ->url(url::site("permissions/browse/$item->id"))); } } - if (user::active()->admin) { + if ($is_admin) { $menu->append($admin_menu = Menu::factory("submenu") ->id("admin_menu") ->label(t("Admin"))); -- cgit v1.2.3 From 60d1bbc2d68f86b7ed4632cab03f61ee458d0751 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 20:24:42 -0700 Subject: Move credits message into a variable, which can be changed in Admin > Settings > Advanced. It's stored in the variable as an internationalized string and localized at output time. --- installer/install.sql | 6 +++--- modules/gallery/helpers/gallery_installer.php | 3 +++ modules/gallery/helpers/gallery_theme.php | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/installer/install.sql b/installer/install.sql index b021250a..860d552c 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -249,7 +249,7 @@ CREATE TABLE {search_records} ( FULLTEXT KEY `data` (`data`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {search_records} VALUES (1,1,0,' Gallery '); +INSERT INTO {search_records} VALUES (1,1,0,' Gallery'); DROP TABLE IF EXISTS {sessions}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; @@ -333,6 +333,6 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) ENGINE=InnoDB AUTO_INCREMENT=22 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {vars} VALUES (1,'gallery','active_site_theme','default'),(2,'gallery','active_admin_theme','admin_default'),(3,'gallery','page_size','9'),(4,'gallery','thumb_size','200'),(5,'gallery','resize_size','640'),(6,'gallery','default_locale','en_US'),(7,'gallery','image_quality','75'),(9,'gallery','blocks_dashboard_sidebar','a:4:{i:809046100;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:517357050;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:864881363;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:375523668;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}'),(14,'gallery','blocks_dashboard_center','a:4:{i:306281171;a:2:{i:0;s:7:\"gallery\";i:1;s:7:\"welcome\";}i:636407494;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"photo_stream\";}i:1735763319;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"log_entries\";}i:1348141451;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(17,'gallery','version','3.0 pre-beta git'),(18,'gallery','choose_default_tookit','1'),(20,'comment','spam_caught','0'); +INSERT INTO {vars} VALUES (1,'gallery','active_site_theme','default'),(2,'gallery','active_admin_theme','admin_default'),(3,'gallery','page_size','9'),(4,'gallery','thumb_size','200'),(5,'gallery','resize_size','640'),(6,'gallery','default_locale','en_US'),(7,'gallery','image_quality','75'),(9,'gallery','blocks_dashboard_sidebar','a:4:{i:1021536970;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:62586177;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:1314474428;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:2072050158;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}'),(14,'gallery','blocks_dashboard_center','a:4:{i:2103644216;a:2:{i:0;s:7:\"gallery\";i:1;s:7:\"welcome\";}i:1234407127;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"photo_stream\";}i:1844887955;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"log_entries\";}i:1497904257;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(17,'gallery','version','3.0 pre-beta git'),(18,'gallery','choose_default_tookit','1'),(19,'gallery','credits','Powered by Gallery %version'),(21,'comment','spam_caught','0'); diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index fbbee194..b97adcd0 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -251,6 +251,9 @@ class gallery_installer { module::set_version("gallery", 1); module::set_var("gallery", "version", "3.0 pre-beta git"); module::set_var("gallery", "choose_default_tookit", 1); + + // @todo this string needs to be picked up by l10n_scanner + module::set_var("gallery", "credits", "Powered by Gallery %version"); } } diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index d45e1b98..f955e8f7 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -124,8 +124,8 @@ class gallery_theme_Core { } static function credits() { - return "
  • " . - t("Powered by Gallery %version", + return "
  • " . + t(module::get_var("gallery", "credits"), array("url" => "http://gallery.menalto.com", "version" => module::get_var("gallery", "version"))) . "
    • "; -- cgit v1.2.3 From cbec883d8a572fd8b94c9db78b652caf1a22de23 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 20:59:34 -0700 Subject: Don't show "edit permissions" for non-albums. --- modules/gallery/helpers/gallery_menu.php | 36 +++++++++++++++++--------------- 1 file changed, 19 insertions(+), 17 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index 7377bc9d..1f5151a3 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -54,24 +54,26 @@ class gallery_menu_Core { } // @todo Move album options menu to the album quick edit pane - if ($item->is_album() && $can_add) { - $options_menu - ->append(Menu::factory("dialog") - ->id("add_item") - ->label(t("Add a photo")) - ->url(url::site("simple_uploader/app/$item->id"))) - ->append(Menu::factory("dialog") - ->id("add_album") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))); - } + if ($item->is_album()) { + if ($can_add) { + $options_menu + ->append(Menu::factory("dialog") + ->id("add_item") + ->label(t("Add a photo")) + ->url(url::site("simple_uploader/app/$item->id"))) + ->append(Menu::factory("dialog") + ->id("add_album") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } - if ($can_edit) { - $options_menu - ->append(Menu::factory("dialog") - ->id("edit_permissions") - ->label(t("Edit permissions")) - ->url(url::site("permissions/browse/$item->id"))); + if ($can_edit) { + $options_menu + ->append(Menu::factory("dialog") + ->id("edit_permissions") + ->label(t("Edit permissions")) + ->url(url::site("permissions/browse/$item->id"))); + } } } -- cgit v1.2.3 From ce285b8feba2f9c495fb153517c2a582421f50e0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 21:23:08 -0700 Subject: Use the relative_path_cache to look up items which should be a faster query than using the level + the components. --- modules/gallery/controllers/file_proxy.php | 69 +++++++++++++++--------------- modules/gallery/helpers/MY_url.php | 20 ++++++--- 2 files changed, 47 insertions(+), 42 deletions(-) (limited to 'modules/gallery/helpers') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index f3c5f109..2037ad98 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -41,56 +41,55 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } - $file = substr($request_uri, strlen($var_uri)); + $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir - if (strpos($file, "..") !== false) { + if (strpos($file_uri, "..") !== false) { kohana::show_404(); } - // We only handle var/resizes and var/albums - $paths = explode("/", $file); - $type = $paths[0]; + list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { kohana::show_404(); } // If the last element is .album.jpg, pop that off since it's not a real item - if ($paths[count($paths)-1] == ".album.jpg") { - array_pop($paths); - } - if ($paths[count($paths)-1] == "") { - array_pop($paths); - } + $path = preg_replace("|/.album.jpg$|", "", $path); - // Find all items that match the level and name, then iterate over those to find a match. - // In most cases we'll get it in one. Note that for the level calculation, we just count the - // size of $paths. $paths includes the type ("thumbs", etc) but it doesn't include the root, - // so it's a wash. - $count = count($paths); - $compare_file = VARPATH . $file; - $item = null; - foreach (ORM::factory("item") - ->where("name", $paths[$count - 1]) - ->where("level", $count) - ->find_all() as $match) { - if ($type == "albums") { - $match_file = $match->file_path(); - } else if ($type == "resizes") { - $match_file = $match->resize_path(); - } else { - $match_file = $match->thumb_path(); - } - if ($match_file == $compare_file) { - $item = $match; - break; + // We now have the relative path to the item. Search for it in the path cache + $item = ORM::factory("item")->where("relative_path_cache", $path)->find(); + if (!$item->loaded) { + // We didn't turn it up. This may mean that the path cache is out of date, so look it up + // the hard way. + // + // Find all items that match the level and name, then iterate over those to find a match. + // In most cases we'll get it in one. Note that for the level calculation, we just count the + // size of $paths. + $paths = explode("/", $path); + $count = count($paths); + foreach (ORM::factory("item") + ->where("name", $paths[$count - 1]) + ->where("level", $count + 1) + ->find_all() as $match) { + if ($match->relative_path() == $path) { + $item = $match; + break; + } } } - if (!$item) { + if (!$item->loaded) { kohana::show_404(); } + if ($type == "albums") { + $file = $item->file_path(); + } else if ($type == "resizes") { + $file = $item->resize_path(); + } else { + $file = $item->thumb_path(); + } + // Make sure we have access to the item if (!access::can("view", $item)) { kohana::show_404(); @@ -106,14 +105,14 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } - if (!file_exists($match_file)) { + if (!file_exists($file)) { kohana::show_404(); } // Dump out the image header("Content-Type: $item->mime_type"); Kohana::close_buffers(false); - $fd = fopen($match_file, "rb"); + $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); } diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 5e8bfc9e..019e416f 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -38,13 +38,19 @@ class url extends url_Core { return; } - $count = count(Router::$segments); - foreach (ORM::factory("item") - ->where("name", html_entity_decode(Router::$segments[$count - 1], ENT_QUOTES)) - ->where("level", $count + 1) - ->find_all() as $match) { - if ($match->relative_path() == html_entity_decode(Router::$current_uri, ENT_QUOTES)) { - $item = $match; + $current_uri = html_entity_decode(Router::$current_uri, ENT_QUOTES); + $item = ORM::factory("item")->where("relative_path_cache", $current_uri)->find(); + if (!$item->loaded) { + // It's possible that the relative path cache for the item we're looking for is out of date, + // so find it the hard way. + $count = count(Router::$segments); + foreach (ORM::factory("item") + ->where("name", html_entity_decode(Router::$segments[$count - 1], ENT_QUOTES)) + ->where("level", $count + 1) + ->find_all() as $match) { + if ($match->relative_path() == $current_uri) { + $item = $match; + } } } -- cgit v1.2.3