From b37047ff557c88becd662bd6622bf27f7a9a78f2 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 17 Dec 2008 22:39:33 +0000
Subject: Add Item_Model::viewable() which we can use to restrict any query to
 just items viewable by the active user.  Ie:

  ORM::factory("item")
    ->where("name", "foo")
    ->find_all()

Would get all items with the name "foo".

  ORM::factory("item")
    ->viewable()
    ->where("name", "foo")
    ->find_all()

Restricts it to just the set of items that the user is allowed to see.
---
 modules/tag/controllers/tags.php | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

(limited to 'modules/tag/controllers')

diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php
index ee39bfec..94890639 100644
--- a/modules/tag/controllers/tags.php
+++ b/modules/tag/controllers/tags.php
@@ -23,15 +23,20 @@ class Tags_Controller extends REST_Controller {
   public function _show($tag) {
     $theme_name = module::get_var("core", "active_theme", "default");
     $page_size = module::get_var("core", "page_size", 9);
-
-    $template = new Theme_View("page.html", "tag", $theme_name);
-
     $page = $this->input->get("page", "1");
+    $children_count = $tag->items_count();
+    $offset = ($page-1) * $page_size;
 
+    // Make sure that the page references a valid offset
+    if ($page < 1 || $page > ceil($children_count / $page_size)) {
+      Kohana::show_404();
+    }
+
+    $template = new Theme_View("page.html", "tag", $theme_name);
     $template->set_global('page_size', $page_size);
     $template->set_global('tag', $tag);
-    $template->set_global('children', $tag->items($page_size, ($page-1) * $page_size));
-    $template->set_global('children_count', $tag->count);
+    $template->set_global('children', $tag->items($page_size, $offset));
+    $template->set_global('children_count', $children_count);
     $template->content = new View("tag.html");
 
     print $template;
-- 
cgit v1.2.3