From 38b2efc44cf3345d97798e9637db241b05e2dded Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 29 Aug 2009 11:43:10 -0700
Subject: Fix for 641... extend viewable functionality to comments. Viewable
 unit test is not working.

---
 modules/gallery/helpers/item.php           | 37 +++++++++++++
 modules/gallery/models/item.php            | 34 +-----------
 modules/gallery/tests/Item_Helper_Test.php | 84 ++++++++++++++++++++++++++++++
 3 files changed, 122 insertions(+), 33 deletions(-)
 create mode 100644 modules/gallery/tests/Item_Helper_Test.php

(limited to 'modules/gallery')

diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index a2d3859f..8839861f 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -151,4 +151,41 @@ class item_Core {
       ->get()->current();
     return ($result ? $result->weight : 0) + 1;
   }
+
+  /**
+   * Add a set of restrictions to any following queries to restrict access only to items
+   * viewable by the active user.
+   * @chainable
+   */
+  static function viewable($model) {
+    $view_restrictions = array();
+    if (!user::active()->admin) {
+      foreach (user::group_ids() as $id) {
+        // Separate the first restriction from the rest to make it easier for us to formulate
+        // our where clause below
+        if (empty($view_restrictions)) {
+          $view_restrictions[0] = "items.view_$id";
+        } else {
+          $view_restrictions[1]["items.view_$id"] = access::ALLOW;
+        }
+      }
+    }
+    switch (count($view_restrictions)) {
+    case 0:
+      break;
+
+    case 1:
+      $model->where($view_restrictions[0], access::ALLOW);
+      break;
+
+    default:
+      $model->open_paren();
+      $model->where($view_restrictions[0], access::ALLOW);
+      $model->orwhere($view_restrictions[1]);
+      $model->close_paren();
+      break;
+    }
+
+    return $model;
+  }
 }
\ No newline at end of file
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 7a3a2ba7..68e89db6 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -19,7 +19,6 @@
  */
 class Item_Model extends ORM_MPTT {
   protected $children = 'items';
-  private $view_restrictions = null;
   protected $sorting = array();
 
   var $rules = array(
@@ -34,38 +33,7 @@ class Item_Model extends ORM_MPTT {
    * @chainable
    */
   public function viewable() {
-    if (is_null($this->view_restrictions)) {
-      if (user::active()->admin) {
-        $this->view_restrictions = array();
-      } else {
-        foreach (user::group_ids() as $id) {
-          // Separate the first restriction from the rest to make it easier for us to formulate
-          // our where clause below
-          if (empty($this->view_restrictions)) {
-            $this->view_restrictions[0] = "view_$id";
-          } else {
-            $this->view_restrictions[1]["view_$id"] = access::ALLOW;
-          }
-        }
-      }
-    }
-    switch (count($this->view_restrictions)) {
-    case 0:
-      break;
-
-    case 1:
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      break;
-
-    default:
-      $this->open_paren();
-      $this->where($this->view_restrictions[0], access::ALLOW);
-      $this->orwhere($this->view_restrictions[1]);
-      $this->close_paren();
-      break;
-    }
-
-    return $this;
+    return item::viewable($this);
   }
 
   /**
diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php
new file mode 100644
index 00000000..48fdd962
--- /dev/null
+++ b/modules/gallery/tests/Item_Helper_Test.php
@@ -0,0 +1,84 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Item_Helper_Test extends Unit_Test_Case {
+  private $_group;
+  private $_album;
+  private $_item;
+  //private $_user;
+
+  public function teardown() {
+    try {
+      $this->_group->delete();
+    } catch (Exception $e) { }
+
+    try {
+      $this->_album->delete();
+    } catch (Exception $e) { }
+
+    //try {
+    //  $this->_user->delete();
+    //} catch (Exception $e) { }
+  }
+
+  public function setup() {
+  }
+
+  public function viewable_item_test() {
+    $this->_group = group::create("access_test");
+    $root = ORM::factory("item", 1);
+    $this->_album = album::create($root, rand(), "visible_test");
+    $this->_user = user::create("visible_test", "Visible Test", "");
+    $this->_user->add($this->_group);
+    $this->_item = self::_create_random_item($this->_album);
+    comment::create($this->_item, $this->_user, "This is a comment");
+    access::deny(group::everybody(), "view", $this->_album);
+    $active = user::active();
+
+    $items = ORM::factory("item")
+      ->where("id", $this->_album->id)
+      ->find_all();
+    print Database::instance()->last_query() . "\n";
+    $items = ORM::factory("item")
+      ->where("id", $this->_album->id)
+      ->viewable()
+      ->find_all();
+    print Database::instance()->last_query() . "\n";
+  }
+
+
+  //public function viewable_one_restrictions_test() {
+  //  $item = self::create_random_item();
+  //  $this->assert_true(!empty($item->created));
+  //  $this->assert_true(!empty($item->updated));
+  //}
+  //public function viewable_multiple_restrictions_test() {
+  //  $item = self::create_random_item();
+  //  $this->assert_true(!empty($item->created));
+  //  $this->assert_true(!empty($item->updated));
+  //}
+
+  private static function _create_random_item($album) {
+    $item = ORM::factory("item");
+    /* Set all required fields (values are irrelevant) */
+    $item->name = rand();
+    $item->type = "photo";
+    return $item->add_to_parent($album);
+  }
+}
-- 
cgit v1.2.3