From 08c01fec6cc590eb578522164de81114b889c4b5 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Oct 2009 11:51:08 -0700 Subject: The initial commit of refactoring the user/group adminsitration into a driver. Create an Identity library that defines the interface the Gallery3 expects Move the user and group helpers into the gallery module to provide the familiar interface into the Identity library. Create a Gallery Identity back-end that is supplied by the user module. The vision here is that all user and group code that is gallery or ui specific is contained within the core product. Anything that relates to manipulating a user or group is contained in the back end code that can be replaced. --- .../user/libraries/drivers/Identity/Gallery.php | 226 +++++++++++++++++++++ 1 file changed, 226 insertions(+) create mode 100644 modules/user/libraries/drivers/Identity/Gallery.php (limited to 'modules/user/libraries/drivers') diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php new file mode 100644 index 00000000..83f553c1 --- /dev/null +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -0,0 +1,226 @@ +where("name", $name)->find(); + if ($user->loaded) { + throw new Exception("@todo USER_ALREADY_EXISTS $name"); + } + + $user->name = $name; + $user->full_name = $full_name; + $user->password = $password; + + // Required groups + $user->add(group::everybody()); + $user->add(group::registered_users()); + + $user->save(); + return $user; + } + + /** + * Is the password provided correct? + * + * @param user User Model + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + public function is_correct_password($user, $password) { + $valid = $user->password; + + // Try phpass first, since that's what we generate. + if (strlen($valid) == 34) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->CheckPassword($password, $valid); + } + + $salt = substr($valid, 0, 4); + // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: + $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); + if (!strcmp($guess, $valid)) { + return true; + } + + // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities + $sanitizedPassword = html::specialchars($password, false); + $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) + : ($salt . md5($salt . $sanitizedPassword)); + if (!strcmp($guess, $valid)) { + return true; + } + + return false; + } + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password + */ + public function hash_password($password) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->HashPassword($password); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Model the user object, or null if the id was invalid. + */ + public function lookup_user($id) { + $user = model_cache::get("user", $id); + if ($user->loaded) { + return $user; + } + return null; + } + + /** + * Look up a user by field value. + * @param string search field + * @param string search value + * @return User_Core the user object, or null if the name was invalid. + */ + public function lookup_user_by_field($field_name, $value) { + try { + $user = model_cache::get("user", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * Create a new group. + * + * @param string $name + * @return Group_Model + */ + public function create_group($name) { + $group = ORM::factory("group")->where("name", $name)->find(); + if ($group->loaded) { + throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); + } + + $group->name = $name; + $group->save(); + + return $group; + } + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Model + */ + public function everybody() { + return model_cache::get("group", 1); + } + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Model + */ + public function registered_users() { + return model_cache::get("group", 2); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Model the user object, or null if the id was invalid. + */ + public function lookup_group($id) { + $group = model_cache::get("group", $id); + if ($group->loaded) { + return $group; + } + return null; + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Model the group object, or null if the name was invalid. + */ + public function lookup_group_by_name($name) { + try { + $group = model_cache::get("group", $name, "name"); + if ($group->loaded) { + return $group; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * List the users + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_users($filter=array()) { + return ORM::factory("user")->orderby("name")->find_all(); + } + + + /** + * List the groups + * @param mixed options to apply to the selection of the user + * @return array the group list. + */ + public function list_groups($filter=array()) { + return ORM::factory("group")->orderby("name")->find_all(); + } +} // End Identity Gallery Driver \ No newline at end of file -- cgit v1.2.3 From ca17727478b44b8bec6bb7f8ed1c8c688818b8f6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Oct 2009 17:08:27 -0700 Subject: Access the form validation rules via the API for groups and users --- modules/gallery/helpers/group.php | 13 +++++++++++-- modules/gallery/helpers/user.php | 17 ++++++++++++----- modules/gallery/libraries/Identity.php | 10 ++++++++++ modules/gallery/libraries/drivers/Identity.php | 8 ++++++++ modules/user/libraries/drivers/Identity/Gallery.php | 10 ++++++++++ 5 files changed, 51 insertions(+), 7 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php index e0182f9f..074a7b83 100644 --- a/modules/gallery/helpers/group.php +++ b/modules/gallery/helpers/group.php @@ -31,7 +31,7 @@ class group_Core { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Save")); - $form->add_rules_from($group); + $form->add_rules_from(self::get_edit_rules()); return $form; } @@ -44,7 +44,7 @@ class group_Core { "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Add Group")); $group = ORM::factory("group"); - $form->add_rules_from($group); + $form->add_rules_from(self::get_edit_rules()); return $form; } @@ -111,4 +111,13 @@ class group_Core { static function groups($filter=array()) { return Identity::instance()->list_groups($filter); } + + /** + * Return the edit rules associated with an group. + * + * @return stdClass containing the rules + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("group"); + } } diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php index d859d9bd..2044964f 100644 --- a/modules/gallery/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -35,7 +35,7 @@ class user_Core { ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); @@ -57,8 +57,7 @@ class user_Core { $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from($user); - $form->edit_user->password->rules("-required"); + $form->add_rules_from(self::get_edit_rules()); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); @@ -79,8 +78,7 @@ class user_Core { $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); - $user = ORM::factory("user"); - $form->add_rules_from($user); + $form->add_rules_from(self::get_edit_rules()); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); @@ -311,4 +309,13 @@ class user_Core { static function users($filter=array()) { return Identity::instance()->list_users($filter); } + + /** + * Return the edit rules associated with an user. + * + * @return stdClass containing the rules + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("user"); + } } \ No newline at end of file diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 41c25b39..5e6f4217 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -217,4 +217,14 @@ class Identity_Core { public function list_groups($filter=array()) { return $this->driver->list_groups($filter); } + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type) { + return $this->driver->get_edit_rules($object_type); + } } // End Identity diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 13af4583..65a3891c 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -116,4 +116,12 @@ interface Identity_Driver { * @return array the group list. */ public function list_groups($filter=array()); + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type); } // End User Driver \ No newline at end of file diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 83f553c1..ab162a4c 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -223,4 +223,14 @@ class Identity_Gallery_Driver implements Identity_Driver { public function list_groups($filter=array()) { return ORM::factory("group")->orderby("name")->find_all(); } + + /** + * Return the edit rules associated with an group. + * + * @param string $object_type to return rules for ("user"|"group") + * @return stdClass containing the rules + */ + public function get_edit_rules($object_type) { + return (object)ORM::factory($object_type)->rules; + } } // End Identity Gallery Driver \ No newline at end of file -- cgit v1.2.3 From 8285cd58e27dfdc2f013f44c1e69aa82f87b7c83 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 5 Oct 2009 18:10:39 -0700 Subject: Handle the filters on Identity/Gallery::list_users and Identity/Gallery::list_groups --- modules/gallery/libraries/drivers/Identity.php | 2 ++ modules/user/controllers/admin_users.php | 4 ++-- modules/user/libraries/drivers/Identity/Gallery.php | 14 ++++++++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 65a3891c..31bcfe39 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -106,6 +106,7 @@ interface Identity_Driver { /** * List the users * @param mixed options to apply to the selection of the user + * @todo Do a longer write up on format of filters (@see Database.php) * @return array the group list. */ public function list_users($filter=array()); @@ -113,6 +114,7 @@ interface Identity_Driver { /** * List the groups * @param mixed options to apply to the selection of the user + * @todo Do a longer write up on format of filters (@see Database.php) * @return array the group list. */ public function list_groups($filter=array()); diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index c405c5e7..6c72440a 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,8 +21,8 @@ class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); - $view->content->users = user::users(array("orderby" => array("name"))); - $view->content->groups = group::groups(array("orderby" => array("name"))); + $view->content->users = user::users(array("orderby" => array("name" => "ASC"))); + $view->content->groups = group::groups(array("orderby" => array("name" => "ASC"))); print $view; } diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index ab162a4c..774ef77c 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -211,7 +211,12 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_users($filter=array()) { - return ORM::factory("user")->orderby("name")->find_all(); + $user = ORM::factory("user"); + foreach($filter as $method => $args) { + $user->$method($args); + } + + return $user->find_all(); } @@ -221,7 +226,12 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_groups($filter=array()) { - return ORM::factory("group")->orderby("name")->find_all(); + $user = ORM::factory("group"); + foreach($filter as $method => $args) { + $user->$method($args); + } + + return $user->find_all(); } /** -- cgit v1.2.3 From 6e59de2fb5b379a7a839e27c92f7546ee568cf00 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Oct 2009 07:55:31 -0700 Subject: Change the notification handler to use the Identity API to lookup subscribers for event notifications. This drove out some issues in the user::users and group::groups API backend. --- modules/notification/helpers/notification.php | 21 ++++++++----- .../user/libraries/drivers/Identity/Gallery.php | 36 ++++++++++++++-------- 2 files changed, 37 insertions(+), 20 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 88d92b16..8cf9f428 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -67,15 +67,20 @@ class notification { } static function get_subscribers($item) { - // @todo don't access the user table directly // @todo only return distinct email addresses - $users = ORM::factory("user") - ->join("subscriptions", "users.id", "subscriptions.user_id") - ->join("items", "subscriptions.item_id", "items.id") - ->where("email IS NOT", null) - ->where("items.left_ptr <=", $item->left_ptr) - ->where("items.right_ptr >", $item->right_ptr) - ->find_all(); + $subscriber_ids = array(); + foreach (ORM::factory("subscription") + ->select("user_id") + ->join("items", "subscriptions.item_id", "items.id") + ->where("items.left_ptr <=", $item->left_ptr) + ->where("items.right_ptr >", $item->right_ptr) + ->find_all() + ->as_array() as $subscriber) { + $subscriber_ids[] = $subscriber->user_id; + } + + $users = user::users(array("in" => array("id", $subscriber_ids), + "where" => array("email IS NOT" => null))); $subscribers = array(); foreach ($users as $user) { diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 774ef77c..5e201cb7 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -211,12 +211,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_users($filter=array()) { - $user = ORM::factory("user"); - foreach($filter as $method => $args) { - $user->$method($args); - } - - return $user->find_all(); + return $this->_do_search("user", $filter); } @@ -226,12 +221,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_groups($filter=array()) { - $user = ORM::factory("group"); - foreach($filter as $method => $args) { - $user->$method($args); - } - - return $user->find_all(); + return $this->_do_search("group", $filter); } /** @@ -243,4 +233,26 @@ class Identity_Gallery_Driver implements Identity_Driver { public function get_edit_rules($object_type) { return (object)ORM::factory($object_type)->rules; } + + /** + * Build the query based on the supplied filters for the specified model. + * @param string $object_type to return rules for ("user"|"group") + * @param mixed $filters options to apply to the selection. + */ + private function _do_search($object_type, $filter) { + $object = ORM::factory($object_type); + + foreach ($filter as $method => $args) { + switch ($method) { + case "in": + $object->in($args[0], $args[1]); + break; + default: + $object->$method($args); + } + } + + return $object->find_all(); + } + } // End Identity Gallery Driver \ No newline at end of file -- cgit v1.2.3 From c0683845048a0610316b5f3aaa9111793273f420 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Oct 2009 11:20:51 -0700 Subject: Encapsulate the user and group model in Gallery_User and Gallery_Group classes which extend the User_Definition and Group_Definition classes defined in the Identity API --- modules/gallery/libraries/drivers/Identity.php | 175 ++++++++++++++++++++- .../user/libraries/drivers/Identity/Gallery.php | 87 ++++++++-- modules/user/models/user.php | 21 +-- 3 files changed, 248 insertions(+), 35 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 31bcfe39..558679be 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -126,4 +126,177 @@ interface Identity_Driver { * @return stdClass containing the rules */ public function get_edit_rules($object_type); -} // End User Driver \ No newline at end of file +} // End Identity Driver Definition + +/** + * User Data wrapper + */ +abstract class User_Definition { + protected $user; + public function __get($column) { + switch ($column) { + case "id": + case "name": + case "full_name": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + return $this->user->$column; + case "hashed_password": + throw new Exception("@todo WRITE ONLY FIELD: $column"); + break; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __set($column, $value) { + switch ($column) { + case "id": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "full_name": + case "hashed_password": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + return $this->user->$column; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __isset($column) { + return isset($this->user->$column); + } + + public function __unset($column) { + switch ($column) { + case "id": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "full_name": + case "password": + case "login_count": + case "last_login": + case "email": + case "admin": + case "guest": + case "hash": + case "url": + case "locale": + unset($this->user->$column); + break; + case "hashed_password": + throw new Exception("@todo WRITE ONLY FIELD: $column"); + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + /** + * Return a url to the user's avatar image. + * @param integer $size the target size of the image (default 80px) + * @return string a url + */ + public function avatar_url($size=80, $default=null) { + return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", + md5($this->user->email), $size, $default ? "&d=" . urlencode($default) : ""); + } + + /** + * Return the best version of the user's name. Either their specified full name, or fall back + * to the user name. + * @return string + */ + public function display_name() { + return empty($this->user->full_name) ? $this->user->name : $this->user->full_name; + } + + public function uncloaked() { + return $this->user; + } + + abstract public function save(); + abstract public function delete(); +} + +/** + * Group Data wrapper + */ +abstract class Group_Definition { + protected $group; + + public function __get($column) { + switch ($column) { + case "id": + case "name": + case "special": + case "users": + return $this->group->$column; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __set($column, $value) { + switch ($column) { + case "id": + case "users": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "special": + $this->group->$column = $value; + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function __isset($column) { + return isset($this->group->$column); + } + + public function __unset($column) { + switch ($column) { + case "id": + case "users": + throw new Exception("@todo READ ONLY FIELD: $column"); + break; + case "name": + case "special": + unset($this->group->$column); + default: + throw new Exception("@todo UNSUPPORTED FIELD: $column"); + break; + } + } + + public function uncloaked() { + return $this->group; + } + + abstract public function save(); + abstract public function delete(); + abstract public function add($user); + abstract public function remove($user); +} diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 5e201cb7..f8816644 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -29,7 +29,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return User_Model */ public function guest() { - return model_cache::get("user", 1); + return new Gallery_User(model_cache::get("user", 1)); } /** @@ -51,11 +51,11 @@ class Identity_Gallery_Driver implements Identity_Driver { $user->password = $password; // Required groups - $user->add(group::everybody()); - $user->add(group::registered_users()); + $user->add($this->everybody()->uncloaked()); + $user->add($this->registered_users()->uncloaked()); $user->save(); - return $user; + return new Gallery_User($user); } /** @@ -112,7 +112,7 @@ class Identity_Gallery_Driver implements Identity_Driver { public function lookup_user($id) { $user = model_cache::get("user", $id); if ($user->loaded) { - return $user; + return new Gallery_User($user); } return null; } @@ -127,7 +127,7 @@ class Identity_Gallery_Driver implements Identity_Driver { try { $user = model_cache::get("user", $value, $field_name); if ($user->loaded) { - return $user; + return new Gallery_User($user); } } catch (Exception $e) { if (strpos($e->getMessage(), "MISSING_MODEL") === false) { @@ -152,7 +152,7 @@ class Identity_Gallery_Driver implements Identity_Driver { $group->name = $name; $group->save(); - return $group; + return new Gallery_Group($group); } /** @@ -161,7 +161,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return Group_Model */ public function everybody() { - return model_cache::get("group", 1); + return new Gallery_Group(model_cache::get("group", 1)); } /** @@ -170,7 +170,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return Group_Model */ public function registered_users() { - return model_cache::get("group", 2); + return new Gallery_Group(model_cache::get("group", 2)); } /** @@ -181,7 +181,7 @@ class Identity_Gallery_Driver implements Identity_Driver { public function lookup_group($id) { $group = model_cache::get("group", $id); if ($group->loaded) { - return $group; + return new Gallery_Group($group); } return null; } @@ -195,7 +195,7 @@ class Identity_Gallery_Driver implements Identity_Driver { try { $group = model_cache::get("group", $name, "name"); if ($group->loaded) { - return $group; + return new Gallery_Group($group); } } catch (Exception $e) { if (strpos($e->getMessage(), "MISSING_MODEL") === false) { @@ -211,7 +211,12 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_users($filter=array()) { - return $this->_do_search("user", $filter); + $results = $this->_do_search("user", $filter); + $users = array(); + foreach ($results->as_array() as $user) { + $users[] = new Gallery_User($user); + } + return $users; } @@ -221,7 +226,12 @@ class Identity_Gallery_Driver implements Identity_Driver { * @return array the group list. */ public function list_groups($filter=array()) { - return $this->_do_search("group", $filter); + $results = $this->_do_search("group", $filter); + $groups = array(); + foreach ($results->as_array() as $group) { + $groups[] = new Gallery_Group($group); + } + return $groups; } /** @@ -255,4 +265,53 @@ class Identity_Gallery_Driver implements Identity_Driver { return $object->find_all(); } -} // End Identity Gallery Driver \ No newline at end of file +} // End Identity Gallery Driver + +/** + * User Data wrapper + */ +class Gallery_User extends User_Definition { + /* + * Not for general user, allows the back-end to easily create the interface object + */ + function __construct($user) { + $this->user = $user; + } + + public function save() { + $this->user->save(); + } + + public function delete() { + $this->user->delete(); + } + +} + +/** + * Group Data wrapper + */ +class Gallery_Group extends Group_Definition { + /* + * Not for general user, allows the back-end to easily create the interface object + */ + function __construct($group) { + $this->group = $group; + } + + public function save() { + $this->group->save(); + } + + public function delete() { + $this->group->delete(); + } + + public function add($user) { + $this->group->add($user->uncloaked()); + } + + public function remove($user) { + $this->group->remove($user->uncloaked()); + } +} diff --git a/modules/user/models/user.php b/modules/user/models/user.php index 55562f34..1993bd05 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -51,16 +51,6 @@ class User_Model extends ORM { module::event("user_deleted", $old); } - /** - * Return a url to the user's avatar image. - * @param integer $size the target size of the image (default 80px) - * @return string a url - */ - public function avatar_url($size=80, $default=null) { - return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", - md5($this->email), $size, $default ? "&d=" . urlencode($default) : ""); - } - public function save() { if (!$this->loaded) { $created = 1; @@ -73,13 +63,4 @@ class User_Model extends ORM { } return $this; } - - /** - * Return the best version of the user's name. Either their specified full name, or fall back - * to the user name. - * @return string - */ - public function display_name() { - return empty($this->full_name) ? $this->name : $this->full_name; - } -} \ No newline at end of file +} -- cgit v1.2.3 From ab73a4092ff70a87ced1d7ffcfbe9bcee788f1f3 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 13 Oct 2009 12:03:55 -0700 Subject: Correct typo in method name --- modules/user/libraries/drivers/Identity/Gallery.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index b287ed4c..f631bd63 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -166,7 +166,7 @@ class Identity_Gallery_Driver implements Identity_Driver { * @param string search value * @return Group_Core the group object, or null if the name was invalid. */ - public function lookup_user_by_field($field_name, $value) { + public function lookup_group_by_field($field_name, $value) { try { $user = model_cache::get("group", $value, $field_name); if ($user->loaded) { -- cgit v1.2.3 From 5b4f3091636afc8de5f81707e95f43baa50b7b4d Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 14 Oct 2009 09:47:04 -0700 Subject: Clean up phpDoc and change the Identity driver so only one configuration can be active at a given time. --- modules/gallery/helpers/group.php | 25 +++----- modules/gallery/helpers/user.php | 40 +++--------- modules/gallery/libraries/Identity.php | 72 ++++++--------------- modules/gallery/libraries/drivers/Identity.php | 51 +++++++++------ .../user/libraries/drivers/Identity/Gallery.php | 73 ++++++---------------- 5 files changed, 87 insertions(+), 174 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php index 17dd7f70..b87ed248 100644 --- a/modules/gallery/helpers/group.php +++ b/modules/gallery/helpers/group.php @@ -58,28 +58,21 @@ class group_Core { } /** - * Create a new group. - * - * @param string $name - * @return Group_Core + * @see Identity_Driver::create. */ static function create($name) { return Identity::instance()->create_group($name); } /** - * The group of all possible visitors. This includes the guest user. - * - * @return Group_Core + * @see Identity_Driver::everbody. */ static function everybody() { return Identity::instance()->everybody(); } /** - * The group of all logged-in visitors. This does not include guest users. - * - * @return Group_Core + * @see Identity_Driver::registered_users. */ static function registered_users() { return Identity::instance()->everybody(); @@ -88,7 +81,7 @@ class group_Core { /** * Look up a group by id. * @param integer $id the user id - * @return Group_Model the group object, or null if the id was invalid. + * @return Group_Definition the group object, or null if the id was invalid. */ static function lookup($id) { return Identity::instance()->lookup_group_by_field("id", $id); @@ -97,25 +90,21 @@ class group_Core { /** * Look up a group by name. * @param integer $id the group name - * @return Group_Core the group object, or null if the name was invalid. + * @return Group_Definition the group object, or null if the name was invalid. */ static function lookup_by_name($name) { return Identity::instance()->lookup_group_by_field("name", $name); } /** - * List the groups - * @param mixed options to apply to the selection of the user (@see Database.php) - * @return array the group list. + * @see Identity_Driver::get_group_list. */ static function get_group_list($filter=array()) { return Identity::instance()->get_group_list($filter); } /** - * Return the edit rules associated with an group. - * - * @return stdClass containing the rules + * @see Identity_Driver::get_edit_rules. */ static function get_edit_rules() { return Identity::instance()->get_edit_rules("group"); diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php index 84a29efc..f09e963e 100644 --- a/modules/gallery/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -246,43 +246,28 @@ class user_Core { } /** - * Return the guest user. - * - * @todo consider caching - * - * @return User_Model + * @see Identity_Driver::guest. */ - static function guest() { +static function guest() { return Identity::instance()->guest(); } /** - * Create a new user. - * - * @param string $name - * @param string $full_name - * @param string $password - * @return User_Model + * @see Identity_Driver::create_user. */ static function create($name, $full_name, $password) { return Identity::instance()->create_user($name, $full_name, $password); } /** - * Is the password provided correct? - * - * @param user User Model - * @param string $password a plaintext password - * @return boolean true if the password is correct + * @see Identity_Driver::is_correct_password. */ static function is_correct_password($user, $password) { return Identity::instance()->is_correct_password($user, $password); } /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password + * @see Identity_Driver::hash_password. */ static function hash_password($password) { return Identity::instance()->hash_password($password); @@ -291,7 +276,7 @@ class user_Core { /** * Look up a user by id. * @param integer $id the user id - * @return User_Model the user object, or null if the id was invalid. + * @return User_Definition the user object, or null if the id was invalid. */ static function lookup($id) { return Identity::instance()->lookup_user_by_field("id", $id); @@ -300,35 +285,30 @@ class user_Core { /** * Look up a user by name. * @param integer $name the user name - * @return User_Model the user object, or null if the name was invalid. + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_name($name) { return Identity::instance()->lookup_user_by_field("name", $name); } - /** * Look up a user by hash. * @param string $name the user name - * @return User_Model the user object, or null if the name was invalid. + * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_hash($hash) { return Identity::instance()->lookup_user_by_field("hash", $hash); } /** - * List the users - * @param mixed options to apply to the selection of the user(optional) - * @return array the group list. + * @see Identity_Driver::get_user_list. */ static function get_user_list($filter=array()) { return Identity::instance()->get_user_list($filter); } /** - * Return the edit rules associated with an user. - * - * @return stdClass containing the rules + * @see Identity_Driver::get_edit_rules. */ static function get_edit_rules() { return Identity::instance()->get_edit_rules("user"); diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 488cc535..88865913 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -22,7 +22,7 @@ * Provides a driver-based interface for managing users and groups. */ class Identity_Core { - protected static $instances = array(); + protected static $instances; // Configuration protected $config; @@ -32,17 +32,18 @@ class Identity_Core { /** * Returns a singleton instance of Identity. + * There can only be one Identity driver configured at a given point * * @param string configuration * @return Identity_Core */ static function & instance($config="default") { - if (!isset(Identity::$instances[$config])) { + if (!isset(Identity::$instances)) { // Create a new instance - Identity::$instances[$config] = new Identity($config); + Identity::$instances = new Identity($config); } - return Identity::$instances[$config]; + return Identity::$instances; } /** @@ -93,10 +94,9 @@ class Identity_Core { } /** - * Determine if a feature is supported by the driver. + * Determine if if the current driver supports updates. * - * @param string $feature the name of the feature to check - * @return boolean true if supported + * @return boolean true if the driver supports updates; false if read only */ public function is_writable() { return !empty($this->config["allow_updates"]); @@ -104,118 +104,84 @@ class Identity_Core { /** - * Return the guest user. - * - * @todo consider caching - * - * @return Identity_Model + * @see Identity_Driver::guest. */ public function guest() { return $this->driver->guest(); } /** - * Create a new user. - * - * @param string $name - * @param string $full_name - * @param string $password - * @return Identity_Model + * @see Identity_Driver::create_user. */ public function create_user($name, $full_name, $password) { return $this->driver->create_user($name, $full_name, $password); } /** - * Is the password provided correct? - * - * @param user Identity Model - * @param string $password a plaintext password - * @return boolean true if the password is correct + * @see Identity_Driver::is_correct_password. */ public function is_correct_password($user, $password) { return $this->driver->is_correct_password($user, $password); } /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password + * @see Identity_Driver::hash_password. */ public function hash_password($password) { return $this->driver->hash_password($password); } /** - * Look up a user by field value. - * @param string search field - * @param string search value - * @return Identity_Model the user object, or null if the name was invalid. + * @see Identity_Driver::lookup_user_by_field. */ public function lookup_user_by_field($field_name, $value) { return $this->driver->lookup_user_by_field($field_name, $value); } /** - * Create a new group. - * - * @param string $name - * @return Group_Model + * @see Identity_Driver::create_group. */ public function create_group($name) { return $this->driver->create_group($name); } /** - * The group of all possible visitors. This includes the guest user. - * - * @return Group_Model + * @see Identity_Driver::everybody. */ public function everybody() { return $this->driver->everybody(); } /** - * The group of all logged-in visitors. This does not include guest users. - * - * @return Group_Model + * @see Identity_Driver::registered_users. */ public function registered_users() { return $this->driver->everybody(); } /** - * Look up a group by name. - * @param integer $id the group name - * @return Group_Model the group object, or null if the name was invalid. + * @see Identity_Driver::lookup_group_by_field. */ public function lookup_group_by_field($field_name, $value) { return $this->driver->lookup_group_by_field($field_name, $value); } /** - * List the users - * @param mixed options to apply to the selection of the user - * @return array the group list. + * @see Identity_Driver::get_user_list. */ public function get_user_list($filter=array()) { return $this->driver->get_user_list($filter); } /** - * List the groups - * @param mixed options to apply to the selection of the user - * @return array the group list. + * @see Identity_Driver::get_group_list. */ public function get_group_list($filter=array()) { return $this->driver->get_group_list($filter); } /** - * Return the edit rules associated with an group. - * - * @param string $object_type to return rules for ("user"|"group") - * @return stdClass containing the rules + * @see Identity_Driver::get_edit_rules. */ public function get_edit_rules($object_type) { return $this->driver->get_edit_rules($object_type); diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index ca80aad5..0b789908 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -21,9 +21,7 @@ interface Identity_Driver { /** * Return the guest user. * - * @todo consider caching - * - * @return User_Model + * @return User_Definition the user object */ public function guest(); @@ -33,14 +31,14 @@ interface Identity_Driver { * @param string $name * @param string $full_name * @param string $password - * @return User_Core + * @return User_Definition the user object */ public function create_user($name, $full_name, $password); /** * Is the password provided correct? * - * @param user User Model + * @param user User_Definition the user object * @param string $password a plaintext password * @return boolean true if the password is correct */ @@ -57,7 +55,7 @@ interface Identity_Driver { * Look up a user by by search the specified field. * @param string search field * @param string search value - * @return User_Core the user object, or null if the name was invalid. + * @return User_Definition the user object, or null if the name was invalid. */ public function lookup_user_by_field($field, $value); @@ -65,28 +63,33 @@ interface Identity_Driver { * Create a new group. * * @param string $name - * @return Group_Model + * @return Group_Definition the group object */ public function create_group($name); /** * The group of all possible visitors. This includes the guest user. * - * @return Group_Model + * @return Group_Definition the group object */ public function everybody(); /** * The group of all logged-in visitors. This does not include guest users. * - * @return Group_Model + * @return Group_Definition the group object */ public function registered_users(); /** * List the users * @param mixed options to apply to the selection of the user - * @todo Do a longer write up on format of filters (@see Database.php) + * currently supported: + * "orderby" => array(, "ASC|DESC") + * "in" => array(, array(values, ...)) + * "where" => array(, value) + * follows Kohana syntax where it could contain the first + * half of a logical expression (i.e. "field IS NOT") * @return array the group list. */ public function get_user_list($filter=array()); @@ -94,7 +97,12 @@ interface Identity_Driver { /** * List the groups * @param mixed options to apply to the selection of the group - * @todo Do a longer write up on format of filters (@see Database.php) + * currently supported: + * "orderby" => array(, "ASC|DESC") + * "in" => array(, array(values, ...)) + * "where" => array(, value) + * follows Kohana syntax where it could contain the first + * half of a logical expression (i.e. "field IS NOT") * @return array the group list. */ public function get_group_list($filter=array()); @@ -128,10 +136,8 @@ abstract class User_Definition { case "url": case "locale": case "groups": - return $this->user->$column; case "hashed_password": - throw new Exception("@todo WRITE ONLY FIELD: $column"); - break; + return $this->user->$column; default: throw new Exception("@todo UNSUPPORTED FIELD: $column"); break; @@ -185,10 +191,9 @@ abstract class User_Definition { case "hash": case "url": case "locale": + case "hashed_password": unset($this->user->$column); break; - case "hashed_password": - throw new Exception("@todo WRITE ONLY FIELD: $column"); default: throw new Exception("@todo UNSUPPORTED FIELD: $column"); break; @@ -214,7 +219,12 @@ abstract class User_Definition { return empty($this->user->full_name) ? $this->user->name : $this->user->full_name; } - public function uncloaked() { + /** + * Return the internal user object without the wrapper. + * This method is used by implementing classes to access the internal user object. + * Consider it pseudo private and only declared public as PHP as not internal or friend modifier + */ + public function _uncloaked() { return $this->user; } @@ -275,7 +285,12 @@ abstract class Group_Definition { } } - public function uncloaked() { + /** + * Return the internal group object without the wrapper. + * This method is used by implementing classes to access the internal group object. + * Consider it pseudo private and only declared public as PHP as not internal or friend modifier + */ + public function _uncloaked() { return $this->group; } diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index f631bd63..013497b6 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -22,23 +22,14 @@ */ class Identity_Gallery_Driver implements Identity_Driver { /** - * Return the guest user. - * - * @todo consider caching - * - * @return User_Model + * @see Identity_Driver::guest. */ public function guest() { return new Gallery_User(model_cache::get("user", 1)); } /** - * Create a new user. - * - * @param string $name - * @param string $full_name - * @param string $password - * @return User_Model + * @see Identity_Driver::create_user. */ public function create_user($name, $full_name, $password) { $user = ORM::factory("user")->where("name", $name)->find(); @@ -51,19 +42,15 @@ class Identity_Gallery_Driver implements Identity_Driver { $user->password = $password; // Required groups - $user->add($this->everybody()->uncloaked()); - $user->add($this->registered_users()->uncloaked()); + $user->add($this->everybody()->_uncloaked()); + $user->add($this->registered_users()->_uncloaked()); $user->save(); return new Gallery_User($user); } /** - * Is the password provided correct? - * - * @param user User Model - * @param string $password a plaintext password - * @return boolean true if the password is correct + * @see Identity_Driver::is_correct_password. */ public function is_correct_password($user, $password) { $valid = $user->password; @@ -94,9 +81,7 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password + * @see Identity_Driver::hash_password. */ public function hash_password($password) { require_once(MODPATH . "user/lib/PasswordHash.php"); @@ -105,10 +90,7 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * Look up a user by field value. - * @param string search field - * @param string search value - * @return User_Core the user object, or null if the name was invalid. + * @see Identity_Driver::lookup_user_by_field. */ public function lookup_user_by_field($field_name, $value) { try { @@ -125,10 +107,7 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * Create a new group. - * - * @param string $name - * @return Group_Model + * @see Identity_Driver::create_group. */ public function create_group($name) { $group = ORM::factory("group")->where("name", $name)->find(); @@ -143,33 +122,26 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * The group of all possible visitors. This includes the guest user. - * - * @return Group_Model + * @see Identity_Driver::everybody. */ public function everybody() { return new Gallery_Group(model_cache::get("group", 1)); } /** - * The group of all logged-in visitors. This does not include guest users. - * - * @return Group_Model + * @see Identity_Driver::registered_users. */ public function registered_users() { return new Gallery_Group(model_cache::get("group", 2)); } /** - * Look up a group by field value. - * @param string search field - * @param string search value - * @return Group_Core the group object, or null if the name was invalid. + * @see Identity_Driver::lookup_group_by_field. */ public function lookup_group_by_field($field_name, $value) { try { - $user = model_cache::get("group", $value, $field_name); - if ($user->loaded) { + $group = model_cache::get("group", $value, $field_name); + if ($group->loaded) { return new Gallery_Group($group); } } catch (Exception $e) { @@ -180,11 +152,8 @@ class Identity_Gallery_Driver implements Identity_Driver { return null; } - /** - * List the users - * @param mixed options to apply to the selection of the user - * @return array the group list. + * @see Identity_Driver::get_user_list. */ public function get_user_list($filter=array()) { $results = $this->_do_search("user", $filter); @@ -195,11 +164,8 @@ class Identity_Gallery_Driver implements Identity_Driver { return $users; } - /** - * List the groups - * @param mixed options to apply to the selection of the group - * @return array the group list. + * @see Identity_Driver::get_group_list. */ public function get_group_list($filter=array()) { $results = $this->_do_search("group", $filter); @@ -211,10 +177,7 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * Return the edit rules associated with an group. - * - * @param string $object_type to return rules for ("user"|"group") - * @return stdClass containing the rules + * @see Identity_Driver::get_edit_rules. */ public function get_edit_rules($object_type) { return (object)ORM::factory($object_type)->rules; @@ -284,10 +247,10 @@ class Gallery_Group extends Group_Definition { } public function add($user) { - $this->group->add($user->uncloaked()); + $this->group->add($user->_uncloaked()); } public function remove($user) { - $this->group->remove($user->uncloaked()); + $this->group->remove($user->_uncloaked()); } } -- cgit v1.2.3 From bc241e44c2e4d10ac19ccc32a40c90426672d963 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 16 Oct 2009 07:41:33 -0700 Subject: Cleanup merge of user/group helpers into Identity interface. Reduce redundant code in the user module and remove references to the Identity helper from the user module as the user module should be able to access things directly. Simplify the get_user_list api method to just accept an array of ids to return user objects for. --- modules/gallery/helpers/movie.php | 2 +- modules/gallery/helpers/photo.php | 2 +- modules/gallery/libraries/Identity.php | 18 +-- modules/gallery/libraries/drivers/Identity.php | 41 +------ modules/notification/helpers/notification.php | 8 +- modules/user/controllers/admin_users.php | 18 +-- modules/user/controllers/users.php | 2 +- modules/user/helpers/group.php | 34 ++++-- modules/user/helpers/user.php | 56 ++++------ .../user/libraries/drivers/Identity/Gallery.php | 124 +++++---------------- modules/user/models/user.php | 19 ++++ 11 files changed, 113 insertions(+), 211 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 32a27646..bc0efa01 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -77,7 +77,7 @@ class movie_Core { $movie->title = $title; $movie->description = $description; $movie->name = $name; - $movie->owner_id = $owner_id ? $owner_id : Identity::active(); + $movie->owner_id = $owner_id ? $owner_id : Identity::active()->id; $movie->width = $movie_info[0]; $movie->height = $movie_info[1]; $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv"; diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index cf316819..ad23e322 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -76,7 +76,7 @@ class photo_Core { $photo->title = $title; $photo->description = $description; $photo->name = $name; - $photo->owner_id = $owner_id ? $owner_id : Identity::active(); + $photo->owner_id = $owner_id ? $owner_id : Identity::active()->id; $photo->width = $image_info[0]; $photo->height = $image_info[1]; $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime']; diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 229d0da9..fb553de6 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -191,22 +191,8 @@ class Identity_Core { /** * @see Identity_Driver::get_user_list. */ - static function get_user_list($filter=array()) { - return self::instance()->driver->get_user_list($filter); - } - - /** - * @see Identity_Driver::get_group_list. - */ - static function get_group_list($filter=array()) { - return self::instance()->driver->get_group_list($filter); - } - - /** - * @see Identity_Driver::get_edit_rules. - */ - static function get_edit_rules($object_type) { - return self::instance()->driver->get_edit_rules($object_type); + static function get_user_list($ids) { + return self::instance()->driver->get_user_list($ids); } static function get_login_form($url) { diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 0b789908..a9e1a75b 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -83,37 +83,11 @@ interface Identity_Driver { /** * List the users - * @param mixed options to apply to the selection of the user - * currently supported: - * "orderby" => array(, "ASC|DESC") - * "in" => array(, array(values, ...)) - * "where" => array(, value) - * follows Kohana syntax where it could contain the first - * half of a logical expression (i.e. "field IS NOT") - * @return array the group list. + * @param array array of ids to return the user objects for + * @return array the user list. */ - public function get_user_list($filter=array()); + public function get_user_list($ids); - /** - * List the groups - * @param mixed options to apply to the selection of the group - * currently supported: - * "orderby" => array(, "ASC|DESC") - * "in" => array(, array(values, ...)) - * "where" => array(, value) - * follows Kohana syntax where it could contain the first - * half of a logical expression (i.e. "field IS NOT") - * @return array the group list. - */ - public function get_group_list($filter=array()); - - /** - * Return the edit rules associated with an group. - * - * @param string $object_type to return rules for ("user"|"group") - * @return stdClass containing the rules - */ - public function get_edit_rules($object_type); } // End Identity Driver Definition /** @@ -205,19 +179,14 @@ abstract class User_Definition { * @param integer $size the target size of the image (default 80px) * @return string a url */ - public function avatar_url($size=80, $default=null) { - return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", - md5($this->user->email), $size, $default ? "&d=" . urlencode($default) : ""); - } + abstract public function avatar_url($size=80, $default=null); /** * Return the best version of the user's name. Either their specified full name, or fall back * to the user name. * @return string */ - public function display_name() { - return empty($this->user->full_name) ? $this->user->name : $this->user->full_name; - } + abstract public function display_name(); /** * Return the internal user object without the wrapper. diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 4c58bc29..2e22eeae 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -67,8 +67,7 @@ class notification { } static function get_subscribers($item) { - // @todo only return distinct email addresses - $subscriber_ids = array(); + $subscriber_ids = array(); foreach (ORM::factory("subscription") ->select("user_id") ->join("items", "subscriptions.item_id", "items.id") @@ -79,12 +78,11 @@ class notification { $subscriber_ids[] = $subscriber->user_id; } - $users = Identity::get_user_list(array("in" => array("id", $subscriber_ids), - "where" => array("email IS NOT" => null))); + $users = Identity::get_user_list($subscriber_ids); $subscribers = array(); foreach ($users as $user) { - if (access::user_can($user, "view", $item)) { + if (access::user_can($user, "view", $item) && !empty($user->email)) { $subscribers[$user->email] = 1; } } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 3465c4b1..fed872a5 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,8 +21,12 @@ class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); - $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC"))); - $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC"))); + $view->content->users = ORM::factory("user") + ->orderby("name", "ASC") + ->find_all(); + $view->content->groups = ORM::factory("group") + ->orderby("name", "ASC") + ->find_all(); print $view; } @@ -303,7 +307,7 @@ class Admin_Users_Controller extends Admin_Controller { $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from(user::get_edit_rules()); + $form->add_rules_from($user); $form->edit_user->password->rules("-required"); module::event("user_edit_form_admin", $user, $form); @@ -325,8 +329,7 @@ class Admin_Users_Controller extends Admin_Controller { $group->input("url")->label(t("URL"))->id("g-url"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("g-admin"); - $user = ORM::factory("user"); - $form->add_rules_from(user::get_edit_rules()); + $form->add_rules_from(ORM::factory("user")); module::event("user_add_form_admin", $user, $form); $group->submit("")->value(t("Add User")); @@ -366,7 +369,7 @@ class Admin_Users_Controller extends Admin_Controller { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Save")); - $form->add_rules_from(group::get_edit_rules()); + $form->add_rules_from($group); return $form; } @@ -378,8 +381,7 @@ class Admin_Users_Controller extends Admin_Controller { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Add Group")); - $group = ORM::factory("group"); - $form->add_rules_from(group::get_edit_rules()); + $form->add_rules_from(ORM::factory("group")); return $form; } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 6e666ba3..ebce1d8d 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -77,7 +77,7 @@ class Users_Controller extends Controller { ->matches($group->password); $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); - $form->add_rules_from(user::get_edit_rules()); + $form->add_rules_from($user); module::event("user_edit_form", $user, $form); $group->submit("")->value(t("Save")); diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 295e5f50..cf5c050f 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -28,7 +28,14 @@ class group_Core { * @see Identity_Driver::create. */ static function create($name) { - return Identity::instance()->create_group($name); + $group = ORM::factory("group")->where("name", $name)->find(); + if ($group->loaded) { + throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); + } + + $group->name = $name; + $group->save(); + return $group; } /** @@ -51,7 +58,7 @@ class group_Core { * @return Group_Definition the group object, or null if the id was invalid. */ static function lookup($id) { - return Identity::instance()->lookup_group_by_field("id", $id); + return self::lookup_by_field("id", $id); } /** @@ -60,20 +67,23 @@ class group_Core { * @return Group_Definition the group object, or null if the name was invalid. */ static function lookup_by_name($name) { - return Identity::instance()->lookup_group_by_field("name", $name); + return self::lookup_by_field("name", $name); } /** * @see Identity_Driver::get_group_list. */ - static function get_group_list($filter=array()) { - return Identity::instance()->get_group_list($filter); - } - - /** - * @see Identity_Driver::get_edit_rules. - */ - static function get_edit_rules() { - return Identity::instance()->get_edit_rules("group"); + static function lookup_by_field($field_name, $value) { + try { + $user = model_cache::get("group", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; } } diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 394f8185..fa7b320f 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -28,28 +28,37 @@ class user_Core { * @see Identity_Driver::guest. */ static function guest() { - return Identity::guest(); + return model_cache::get("user", 1); } /** * @see Identity_Driver::create_user. */ static function create($name, $full_name, $password) { - return Identity::create_user($name, $full_name, $password); - } + $user = ORM::factory("user")->where("name", $name)->find(); + if ($user->loaded) { + throw new Exception("@todo USER_ALREADY_EXISTS $name"); + } - /** - * @see Identity_Driver::is_correct_password. - */ - static function is_correct_password($user, $password) { - return Identity::is_correct_password($user, $password); + $user->name = $name; + $user->full_name = $full_name; + $user->password = $password; + + // Required groups + $user->add(group::everybody()); + $user->add(group::registered_users()); + + $user->save(); + return $user; } /** * @see Identity_Driver::hash_password. */ static function hash_password($password) { - return Identity::hash_password($password); + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->HashPassword($password); } /** @@ -58,7 +67,7 @@ class user_Core { * @return User_Definition the user object, or null if the id was invalid. */ static function lookup($id) { - return self::_lookup_user_by_field("id", $id); + return self::lookup_by_field("id", $id); } /** @@ -67,33 +76,10 @@ class user_Core { * @return User_Definition the user object, or null if the name was invalid. */ static function lookup_by_name($name) { - return self::_lookup_user_by_field("name", $name); - } - - /** - * Look up a user by hash. - * @param string $name the user name - * @return User_Definition the user object, or null if the name was invalid. - */ - static function lookup_by_hash($hash) { - return self::_lookup_user_by_field("hash", $hash); - } - - /** - * @see Identity_Driver::get_user_list. - */ - static function get_user_list($filter=array()) { - return Identity::get_user_list($filter); - } - - /** - * @see Identity_Driver::get_edit_rules. - */ - static function get_edit_rules() { - return Identity::get_edit_rules("user"); + return self::lookup_by_field("name", $name); } - private static function _lookup_user_by_field($field_name, $value) { + static function lookup_by_field($field_name, $value) { try { $user = model_cache::get("user", $value, $field_name); if ($user->loaded) { diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 013497b6..77db11a3 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -25,28 +25,14 @@ class Identity_Gallery_Driver implements Identity_Driver { * @see Identity_Driver::guest. */ public function guest() { - return new Gallery_User(model_cache::get("user", 1)); + return new Gallery_User(user::guest()); } /** * @see Identity_Driver::create_user. */ public function create_user($name, $full_name, $password) { - $user = ORM::factory("user")->where("name", $name)->find(); - if ($user->loaded) { - throw new Exception("@todo USER_ALREADY_EXISTS $name"); - } - - $user->name = $name; - $user->full_name = $full_name; - $user->password = $password; - - // Required groups - $user->add($this->everybody()->_uncloaked()); - $user->add($this->registered_users()->_uncloaked()); - - $user->save(); - return new Gallery_User($user); + return new Gallery_User(user::create($name, $full_name, $password)); } /** @@ -84,126 +70,58 @@ class Identity_Gallery_Driver implements Identity_Driver { * @see Identity_Driver::hash_password. */ public function hash_password($password) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->HashPassword($password); + return user::hash_password($password); } /** * @see Identity_Driver::lookup_user_by_field. */ public function lookup_user_by_field($field_name, $value) { - try { - $user = model_cache::get("user", $value, $field_name); - if ($user->loaded) { - return new Gallery_User($user); - } - } catch (Exception $e) { - if (strpos($e->getMessage(), "MISSING_MODEL") === false) { - throw $e; - } - } - return null; + return new Gallery_User(user::lookup_by_field($field_name, $value)); } /** * @see Identity_Driver::create_group. */ public function create_group($name) { - $group = ORM::factory("group")->where("name", $name)->find(); - if ($group->loaded) { - throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); - } - - $group->name = $name; - $group->save(); - - return new Gallery_Group($group); + return new Gallery_Group(group::create($name)); } /** * @see Identity_Driver::everybody. */ public function everybody() { - return new Gallery_Group(model_cache::get("group", 1)); + return new Gallery_Group(group::everybody()); } /** * @see Identity_Driver::registered_users. */ public function registered_users() { - return new Gallery_Group(model_cache::get("group", 2)); + return new Gallery_Group(group::registered_users()); } /** * @see Identity_Driver::lookup_group_by_field. */ public function lookup_group_by_field($field_name, $value) { - try { - $group = model_cache::get("group", $value, $field_name); - if ($group->loaded) { - return new Gallery_Group($group); - } - } catch (Exception $e) { - if (strpos($e->getMessage(), "MISSING_MODEL") === false) { - throw $e; - } - } - return null; + return new Gallery_Group(group::lookup_by_field($field_name, $value)); } /** * @see Identity_Driver::get_user_list. */ - public function get_user_list($filter=array()) { - $results = $this->_do_search("user", $filter); + public function get_user_list($ids) { + $results = ORM::factory("user") + ->in("id", ids) + ->find_all() + ->as_array();; $users = array(); - foreach ($results->as_array() as $user) { + foreach ($results as $user) { $users[] = new Gallery_User($user); } return $users; } - - /** - * @see Identity_Driver::get_group_list. - */ - public function get_group_list($filter=array()) { - $results = $this->_do_search("group", $filter); - $groups = array(); - foreach ($results->as_array() as $group) { - $groups[] = new Gallery_Group($group); - } - return $groups; - } - - /** - * @see Identity_Driver::get_edit_rules. - */ - public function get_edit_rules($object_type) { - return (object)ORM::factory($object_type)->rules; - } - - /** - * Build the query based on the supplied filters for the specified model. - * @param string $object_type to return rules for ("user"|"group") - * @param mixed $filters options to apply to the selection. - */ - private function _do_search($object_type, $filter) { - $object = ORM::factory($object_type); - - foreach ($filter as $method => $args) { - switch ($method) { - case "in": - $object->in($args[0], $args[1]); - break; - default: - $object->$method($args); - } - } - - return $object->find_all(); - } - } // End Identity Gallery Driver /** @@ -217,6 +135,20 @@ class Gallery_User extends User_Definition { $this->user = $user; } + /** + * @see User_Definition::avatar_url + */ + public function avatar_url($size=80, $default=null) { + return $this->user->avatar_url($size, $default); + } + + /** + * @see User_Definition::display_name + */ + public function display_name() { + return $this->user->display_name(); + } + public function save() { $this->user->save(); } diff --git a/modules/user/models/user.php b/modules/user/models/user.php index 1993bd05..d99603b2 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -51,6 +51,16 @@ class User_Model extends ORM { module::event("user_deleted", $old); } + /** + * Return a url to the user's avatar image. + * @param integer $size the target size of the image (default 80px) + * @return string a url + */ + public function avatar_url($size=80, $default=null) { + return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", + md5($this->email), $size, $default ? "&d=" . urlencode($default) : ""); + } + public function save() { if (!$this->loaded) { $created = 1; @@ -63,4 +73,13 @@ class User_Model extends ORM { } return $this; } + + /** + * Return the best version of the user's name. Either their specified full name, or fall back + * to the user name. + * @return string + */ + public function display_name() { + return empty($this->full_name) ? $this->name : $this->full_name; + } } -- cgit v1.2.3 From 098b57bf18112d0a3173dbe28b5ed76782431ff7 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 19 Oct 2009 12:53:44 -0700 Subject: Simplify the user interface by moving the password reset functionality into the user module Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names. Make sure all the unit tests work. --- modules/gallery/controllers/password.php | 133 -------------- modules/gallery/helpers/access.php | 4 +- modules/gallery/libraries/Identity.php | 34 +--- modules/gallery/libraries/drivers/Identity.php | 196 ++------------------- modules/gallery/tests/Albums_Controller_Test.php | 1 + modules/gallery/tests/Photos_Controller_Test.php | 2 +- modules/gallery/views/admin_identity.html.php | 6 +- modules/gallery/views/reset_password.html.php | 17 -- modules/user/controllers/password.php | 133 ++++++++++++++ modules/user/helpers/group.php | 4 +- modules/user/helpers/user.php | 15 +- .../user/libraries/drivers/Identity/Gallery.php | 99 ++--------- modules/user/models/group.php | 2 +- modules/user/models/user.php | 2 +- modules/user/views/admin_users.html.php | 2 +- modules/user/views/reset_password.html.php | 17 ++ 16 files changed, 206 insertions(+), 461 deletions(-) delete mode 100644 modules/gallery/controllers/password.php delete mode 100644 modules/gallery/views/reset_password.html.php create mode 100644 modules/user/controllers/password.php create mode 100644 modules/user/views/reset_password.html.php (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php deleted file mode 100644 index ce6d67b1..00000000 --- a/modules/gallery/controllers/password.php +++ /dev/null @@ -1,133 +0,0 @@ -_send_reset(); - } else { - print $this->_reset_form(); - } - } - - public function do_reset() { - if (request::method() == "post") { - $this->_change_password(); - } else { - $user = Identity::lookup_user_by_hash(Input::instance()->get("key")); - if (!empty($user)) { - print $this->_new_password_form($user->hash); - } else { - throw new Exception("@todo FORBIDDEN", 503); - } - } - } - - private function _send_reset() { - $form = $this->_reset_form(); - - $valid = $form->validate(); - if ($valid) { - $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value); - if (!$user->loaded || empty($user->email)) { - $form->reset->inputs["name"]->add_error("no_email", 1); - $valid = false; - } - } - - if ($valid) { - $user->hash = md5(rand()); - $user->save(); - $message = new View("reset_password.html"); - $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); - $message->user = $user; - - Sendmail::factory() - ->to($user->email) - ->subject(t("Password Reset Request")) - ->header("Mime-Version", "1.0") - ->header("Content-type", "text/html; charset=iso-8859-1") - ->message($message->render()) - ->send(); - - log::success( - "user", - t("Password reset email sent for user %name", array("name" => $user->name))); - } else { - // Don't include the username here until you're sure that it's XSS safe - log::warning( - "user", "Password reset email requested for bogus user"); - } - - message::success(t("Password reset email sent")); - print json_encode( - array("result" => "success")); - } - - private function _reset_form() { - $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form")); - $group = $form->group("reset")->label(t("Reset Password")); - $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required"); - $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password")); - $group->submit("")->value(t("Reset")); - - return $form; - } - - private function _new_password_form($hash=null) { - $template = new Theme_View("page.html", "reset"); - - $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form")); - $group = $form->group("reset")->label(t("Change Password")); - $hidden = $group->hidden("hash"); - if (!empty($hash)) { - $hidden->value($hash); - } - $group->password("password")->label(t("Password"))->id("g-password") - ->rules("required|length[1,40]"); - $group->password("password2")->label(t("Confirm Password"))->id("g-password2") - ->matches($group->password); - $group->inputs["password2"]->error_messages( - "mistyped", t("The password and the confirm password must match")); - $group->submit("")->value(t("Update")); - - $template->content = $form; - return $template; - } - - private function _change_password() { - $view = $this->_new_password_form(); - if ($view->content->validate()) { - $user = Identity::lookup_user_by_hash(Input::instance()->get("key")); - if (empty($user)) { - throw new Exception("@todo FORBIDDEN", 503); - } - - $user->password = $view->content->reset->password->value; - $user->hash = null; - $user->save(); - message::success(t("Password reset successfully")); - url::redirect(item::root()->abs_url()); - } else { - print $view; - } - } -} \ No newline at end of file diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 21f4de81..fba161e3 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -197,8 +197,8 @@ class access_Core { * @param Item_Model $item * @param boolean $value */ - private static function _set(Group_Model $group, $perm_name, $album, $value) { - if (get_class($group) != "Group_Model") { + private static function _set(Group_Definition $group, $perm_name, $album, $value) { + if (!($group instanceof Group_Definition)) { throw new Exception("@todo PERMISSIONS_ONLY_WORK_ON_GROUPS"); } if (!$album->loaded) { diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 9e5f0bb5..e77fd2d2 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -133,37 +133,17 @@ class Identity_Core { } /** - * @see Identity_Driver::hash_password. - */ - static function hash_password($password) { - return self::instance()->driver->hash_password($password); - } - - /** - * Look up a user by id. - * @param integer $id the user id - * @return User_Definition the user object, or null if the id was invalid. + * @see Identity_Driver::lookup_user. */ static function lookup_user($id) { - return self::instance()->driver->lookup_user_by_field("id", $id); + return self::instance()->driver->lookup_user($id); } /** - * Look up a user by name. - * @param integer $name the user name - * @return User_Definition the user object, or null if the name was invalid. + * @see Identity_Driver::lookup_user_by_name. */ static function lookup_user_by_name($name) { - return self::instance()->driver->lookup_user_by_field("name", $name); - } - - /** - * Look up a user by hash. - * @param string $name the user name - * @return User_Definition the user object, or null if the name was invalid. - */ - static function lookup_user_by_hash($hash) { - return self::instance()->driver->lookup_user_by_field("hash", $hash); + return self::instance()->driver->lookup_user_by_name($name); } /** @@ -188,12 +168,10 @@ class Identity_Core { } /** - * Look up a group by name. - * @param integer $id the group name - * @return Group_Definition the group object, or null if the name was invalid. + * @see Identity_Driver::lookup_group_by_name. */ static function lookup_group_by_name($name) { - return self::instance()->driver->lookup_group_by_field("name", $name); + return self::instance()->driver->lookup_group_by_name($name); } /** diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index a9e1a75b..6ab001cb 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -45,19 +45,18 @@ interface Identity_Driver { public function is_correct_password($user, $password); /** - * Create the hashed passwords. - * @param string $password a plaintext password - * @return string hashed password + * Look up a user by id. + * @param integer id + * @return User_Definition the user object, or null if the name was invalid. */ - public function hash_password($password); + public function lookup_user($id); /** - * Look up a user by by search the specified field. - * @param string search field - * @param string search value - * @return User_Definition the user object, or null if the name was invalid. + * Look up a user by name. + * @param string name + * @return User_Definition the user object, or null if the name was invalid. */ - public function lookup_user_by_field($field, $value); + public function lookup_user_by_name($name); /** * Create a new group. @@ -90,181 +89,6 @@ interface Identity_Driver { } // End Identity Driver Definition -/** - * User Data wrapper - */ -abstract class User_Definition { - protected $user; - public function __get($column) { - switch ($column) { - case "id": - case "name": - case "full_name": - case "password": - case "login_count": - case "last_login": - case "email": - case "admin": - case "guest": - case "hash": - case "url": - case "locale": - case "groups": - case "hashed_password": - return $this->user->$column; - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - public function __set($column, $value) { - switch ($column) { - case "id": - case "groups": - throw new Exception("@todo READ ONLY FIELD: $column"); - break; - case "name": - case "full_name": - case "hashed_password": - case "password": - case "login_count": - case "last_login": - case "email": - case "admin": - case "guest": - case "hash": - case "url": - case "locale": - $this->user->$column = $value; - break; - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - public function __isset($column) { - return isset($this->user->$column); - } - - public function __unset($column) { - switch ($column) { - case "id": - case "groups": - throw new Exception("@todo READ ONLY FIELD: $column"); - break; - case "name": - case "full_name": - case "password": - case "login_count": - case "last_login": - case "email": - case "admin": - case "guest": - case "hash": - case "url": - case "locale": - case "hashed_password": - unset($this->user->$column); - break; - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - /** - * Return a url to the user's avatar image. - * @param integer $size the target size of the image (default 80px) - * @return string a url - */ - abstract public function avatar_url($size=80, $default=null); - - /** - * Return the best version of the user's name. Either their specified full name, or fall back - * to the user name. - * @return string - */ - abstract public function display_name(); - - /** - * Return the internal user object without the wrapper. - * This method is used by implementing classes to access the internal user object. - * Consider it pseudo private and only declared public as PHP as not internal or friend modifier - */ - public function _uncloaked() { - return $this->user; - } - - abstract public function save(); - abstract public function delete(); -} - -/** - * Group Data wrapper - */ -abstract class Group_Definition { - protected $group; - - public function __get($column) { - switch ($column) { - case "id": - case "name": - case "special": - case "users": - return $this->group->$column; - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - public function __set($column, $value) { - switch ($column) { - case "id": - case "users": - throw new Exception("@todo READ ONLY FIELD: $column"); - break; - case "name": - case "special": - $this->group->$column = $value; - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - public function __isset($column) { - return isset($this->group->$column); - } - - public function __unset($column) { - switch ($column) { - case "id": - case "users": - throw new Exception("@todo READ ONLY FIELD: $column"); - break; - case "name": - case "special": - unset($this->group->$column); - default: - throw new Exception("@todo UNSUPPORTED FIELD: $column"); - break; - } - } - - /** - * Return the internal group object without the wrapper. - * This method is used by implementing classes to access the internal group object. - * Consider it pseudo private and only declared public as PHP as not internal or friend modifier - */ - public function _uncloaked() { - return $this->group; - } +interface Group_Definition {} - abstract public function save(); - abstract public function delete(); - abstract public function add($user); - abstract public function remove($user); -} +interface User_Definition {} diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index 046cb5ad..fa46d924 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -43,6 +43,7 @@ class Albums_Controller_Test extends Unit_Test_Case { $_POST["column"] = "weight"; $_POST["direction"] = "ASC"; $_POST["csrf"] = access::csrf_token(); + $_POST["slug"] = "new_name"; $_POST["_method"] = "put"; access::allow(Identity::everybody(), "edit", $root); diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php index cdb4ae4f..59c3f78a 100644 --- a/modules/gallery/tests/Photos_Controller_Test.php +++ b/modules/gallery/tests/Photos_Controller_Test.php @@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $photo = photo::create( $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", - "test", "test", Session::active_user(), "slug"); + "test", "test", Session::active_user()->id, "slug"); $orig_name = $photo->name; $_POST["filename"] = "test.jpeg"; diff --git a/modules/gallery/views/admin_identity.html.php b/modules/gallery/views/admin_identity.html.php index dcf1dbc1..1405cacb 100644 --- a/modules/gallery/views/admin_identity.html.php +++ b/modules/gallery/views/admin_identity.html.php @@ -15,11 +15,11 @@ height:165, modal: true, overlay: { - backgroundColor: '#000', - opacity: 0.5 + backgroundColor: '#000', + opacity: 0.5 }, buttons: { - "Continue": function() { + "Continue": function() { $("##g-dialog form").submit(); }, Cancel: function() { diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php deleted file mode 100644 index 92ca4917..00000000 --- a/modules/gallery/views/reset_password.html.php +++ /dev/null @@ -1,17 +0,0 @@ - - - - <?= t("Password Reset Request") ?> - - -

-

- $user->full_name ? $user->full_name : $user->name)) ?> -

-

- %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => html::mark_clean(url::base(false, "http")), - "confirm_url" => $confirm_url)) ?> -

- - diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php new file mode 100644 index 00000000..a8f1c5ca --- /dev/null +++ b/modules/user/controllers/password.php @@ -0,0 +1,133 @@ +_send_reset(); + } else { + print $this->_reset_form(); + } + } + + public function do_reset() { + if (request::method() == "post") { + $this->_change_password(); + } else { + $user = user::lookup_user_by_field("hash", Input::instance()->get("key")); + if (!empty($user)) { + print $this->_new_password_form($user->hash); + } else { + throw new Exception("@todo FORBIDDEN", 503); + } + } + } + + private function _send_reset() { + $form = $this->_reset_form(); + + $valid = $form->validate(); + if ($valid) { + $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value); + if (!$user->loaded || empty($user->email)) { + $form->reset->inputs["name"]->add_error("no_email", 1); + $valid = false; + } + } + + if ($valid) { + $user->hash = md5(rand()); + $user->save(); + $message = new View("reset_password.html"); + $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); + $message->user = $user; + + Sendmail::factory() + ->to($user->email) + ->subject(t("Password Reset Request")) + ->header("Mime-Version", "1.0") + ->header("Content-type", "text/html; charset=iso-8859-1") + ->message($message->render()) + ->send(); + + log::success( + "user", + t("Password reset email sent for user %name", array("name" => $user->name))); + } else { + // Don't include the username here until you're sure that it's XSS safe + log::warning( + "user", "Password reset email requested for bogus user"); + } + + message::success(t("Password reset email sent")); + print json_encode( + array("result" => "success")); + } + + private function _reset_form() { + $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form")); + $group = $form->group("reset")->label(t("Reset Password")); + $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required"); + $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password")); + $group->submit("")->value(t("Reset")); + + return $form; + } + + private function _new_password_form($hash=null) { + $template = new Theme_View("page.html", "reset"); + + $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form")); + $group = $form->group("reset")->label(t("Change Password")); + $hidden = $group->hidden("hash"); + if (!empty($hash)) { + $hidden->value($hash); + } + $group->password("password")->label(t("Password"))->id("g-password") + ->rules("required|length[1,40]"); + $group->password("password2")->label(t("Confirm Password"))->id("g-password2") + ->matches($group->password); + $group->inputs["password2"]->error_messages( + "mistyped", t("The password and the confirm password must match")); + $group->submit("")->value(t("Update")); + + $template->content = $form; + return $template; + } + + private function _change_password() { + $view = $this->_new_password_form(); + if ($view->content->validate()) { + $user = user::lookup_user_by_field("hash", Input::instance()->get("key")); + if (empty($user)) { + throw new Exception("@todo FORBIDDEN", 503); + } + + $user->password = $view->content->reset->password->value; + $user->hash = null; + $user->save(); + message::success(t("Password reset successfully")); + url::redirect(item::root()->abs_url()); + } else { + print $view; + } + } +} \ No newline at end of file diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index cf5c050f..8ad52564 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -42,14 +42,14 @@ class group_Core { * @see Identity_Driver::everbody. */ static function everybody() { - return Identity::instance()->everybody(); + return model_cache::get("group", 1); } /** * @see Identity_Driver::registered_users. */ static function registered_users() { - return Identity::instance()->everybody(); + return model_cache::get("group", 2); } /** diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index fa7b320f..5ef2b726 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -25,14 +25,21 @@ */ class user_Core { /** - * @see Identity_Driver::guest. + * Return the guest user. + * + * @return User_Model the user object */ static function guest() { return model_cache::get("user", 1); } /** - * @see Identity_Driver::create_user. + * Create a new user. + * + * @param string $name + * @param string $full_name + * @param string $password + * @return User_Definition the user object */ static function create($name, $full_name, $password) { $user = ORM::factory("user")->where("name", $name)->find(); @@ -53,7 +60,9 @@ class user_Core { } /** - * @see Identity_Driver::hash_password. + * Hash the password to the internal value + * @param string $password the user password + * @param string The hashed equivalent */ static function hash_password($password) { require_once(MODPATH . "user/lib/PasswordHash.php"); diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 77db11a3..f405b710 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -25,14 +25,14 @@ class Identity_Gallery_Driver implements Identity_Driver { * @see Identity_Driver::guest. */ public function guest() { - return new Gallery_User(user::guest()); + return user::guest(); } /** * @see Identity_Driver::create_user. */ public function create_user($name, $full_name, $password) { - return new Gallery_User(user::create($name, $full_name, $password)); + return user::create($name, $full_name, $password); } /** @@ -67,122 +67,55 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * @see Identity_Driver::hash_password. + * @see Identity_Driver::lookup_user. */ - public function hash_password($password) { - return user::hash_password($password); + public function lookup_user($id) { + return user::lookup_by_field("id", $id); } /** - * @see Identity_Driver::lookup_user_by_field. + * @see Identity_Driver::lookup_user_by_name. */ - public function lookup_user_by_field($field_name, $value) { - return new Gallery_User(user::lookup_by_field($field_name, $value)); + public function lookup_user_by_name($name) { + return user::lookup_by_field("name", $name); } /** * @see Identity_Driver::create_group. */ public function create_group($name) { - return new Gallery_Group(group::create($name)); + return group::create($name); } /** * @see Identity_Driver::everybody. */ public function everybody() { - return new Gallery_Group(group::everybody()); + return group::everybody(); } /** * @see Identity_Driver::registered_users. */ public function registered_users() { - return new Gallery_Group(group::registered_users()); + return group::registered_users(); } /** - * @see Identity_Driver::lookup_group_by_field. + * @see Identity_Driver::lookup_group_by_name. */ - public function lookup_group_by_field($field_name, $value) { - return new Gallery_Group(group::lookup_by_field($field_name, $value)); + static function lookup_group_by_name($name) { + return group::lookup_by_field("name", $name); } /** * @see Identity_Driver::get_user_list. */ public function get_user_list($ids) { - $results = ORM::factory("user") + return ORM::factory("user") ->in("id", ids) ->find_all() - ->as_array();; - $users = array(); - foreach ($results as $user) { - $users[] = new Gallery_User($user); - } - return $users; + ->as_array(); } } // End Identity Gallery Driver -/** - * User Data wrapper - */ -class Gallery_User extends User_Definition { - /* - * Not for general user, allows the back-end to easily create the interface object - */ - function __construct($user) { - $this->user = $user; - } - - /** - * @see User_Definition::avatar_url - */ - public function avatar_url($size=80, $default=null) { - return $this->user->avatar_url($size, $default); - } - - /** - * @see User_Definition::display_name - */ - public function display_name() { - return $this->user->display_name(); - } - - public function save() { - $this->user->save(); - } - - public function delete() { - $this->user->delete(); - } - -} - -/** - * Group Data wrapper - */ -class Gallery_Group extends Group_Definition { - /* - * Not for general user, allows the back-end to easily create the interface object - */ - function __construct($group) { - $this->group = $group; - } - - public function save() { - $this->group->save(); - } - - public function delete() { - $this->group->delete(); - } - - public function add($user) { - $this->group->add($user->_uncloaked()); - } - - public function remove($user) { - $this->group->remove($user->_uncloaked()); - } -} diff --git a/modules/user/models/group.php b/modules/user/models/group.php index 8af78012..4432fc69 100644 --- a/modules/user/models/group.php +++ b/modules/user/models/group.php @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class Group_Model extends ORM { +class Group_Model extends ORM implements Group_Definition { protected $has_and_belongs_to_many = array("users"); var $rules = array( diff --git a/modules/user/models/user.php b/modules/user/models/user.php index d99603b2..c51fc720 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class User_Model extends ORM { +class User_Model extends ORM implements User_Definition { protected $has_and_belongs_to_many = array("groups"); var $rules = array( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 7c54d93d..ee8d413c 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -91,7 +91,7 @@ open_text="" class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left"> - id != $user->id && !$user->guest): ?> + id != $user->id && !$user->guest): ?> id") ?>" class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php new file mode 100644 index 00000000..92ca4917 --- /dev/null +++ b/modules/user/views/reset_password.html.php @@ -0,0 +1,17 @@ + + + + <?= t("Password Reset Request") ?> + + +

+

+ $user->full_name ? $user->full_name : $user->name)) ?> +

+

+ %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", + array("site_url" => html::mark_clean(url::base(false, "http")), + "confirm_url" => $confirm_url)) ?> +

+ + -- cgit v1.2.3 From 7f9441c33da07b215efcb51668434b3957559fd3 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 20 Oct 2009 16:32:22 -0700 Subject: Changes to Identity interface to allow for multiple Identity providers. What I've tested to this point, is you can install a new provider, switch to it, login as administrator, uninstall the default user module, reinstall the user module, switch back to the user module and login. --- modules/gallery/controllers/admin_identity.php | 24 +++++- modules/gallery/helpers/gallery_event.php | 2 +- modules/gallery/libraries/Identity.php | 37 ++++++++-- modules/gallery/libraries/drivers/Identity.php | 10 +++ modules/user/helpers/user.php | 85 ++++++++++++++++++++++ modules/user/helpers/user_installer.php | 74 +------------------ .../user/libraries/drivers/Identity/Gallery.php | 14 ++++ 7 files changed, 164 insertions(+), 82 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php index dd1cfb4b..9d756a5c 100644 --- a/modules/gallery/controllers/admin_identity.php +++ b/modules/gallery/controllers/admin_identity.php @@ -21,7 +21,7 @@ class Admin_Identity_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_identity.html"); - $view->content->available = Identity::active(); + $view->content->available = Identity::providers(); $view->content->active = module::get_var("gallery", "identity_provider", "user"); print $view; } @@ -39,18 +39,36 @@ class Admin_Identity_Controller extends Admin_Controller { access::verify_csrf(); $active_provider = module::get_var("gallery", "identity_provider", "user"); - $providers = Identity::active(); + $providers = Identity::providers(); $new_provider = $this->input->post("provider"); if ($new_provider != $active_provider) { - module::event("identity_change", $new_provider); + + module::event("pre_identity_change", $active_provider, $new_provider); + + Identity::deactivate(); + + // Switch authentication + module::set_var("gallery", "identity_provider", $new_provider); + Identity::reset(); + + Identity::activate(); // @todo this type of collation is questionable from an i18n perspective message::success(t("Changed to %description", array("description" => $providers->$new_provider))); + + try { + Session::instance()->destroy(); + } catch (Exception $e) { + // We don't care if there was a problem destroying the session. + } + url::redirect(item::root()->abs_url()); } + message::info(t("The selected provider \"%description\" is already active.", + array("description" => $providers->$new_provider))); url::redirect("admin/identity"); } } diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 84b84f7d..95be4813 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -191,7 +191,7 @@ class gallery_event_Core { ->id("sidebar") ->label(t("Manage Sidebar")) ->url(url::site("admin/sidebar")))); - if (count(Identity::active()) > 1) { + if (count(Identity::providers()) > 1) { $menu ->append(Menu::factory("submenu") ->id("identity_menu") diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index e77fd2d2..3fcb6756 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -39,13 +39,24 @@ class Identity_Core { * @param string configuration * @return Identity_Core */ - static function & instance($config="default") { - if (!isset(Identity::$instance)) { + static function & instance() { + if (!isset(self::$instance)) { // Create a new instance - Identity::$instance = new Identity($config); + self::$instance = new Identity(); } - return Identity::$instance; + return self::$instance; + } + + /** + * Returns a singleton instance of Identity. + * There can only be one Identity driver configured at a given point + * + * @param string configuration + * @return Identity_Core + */ + static function reset() { + self::$instance = new Identity(); } /** @@ -83,11 +94,11 @@ class Identity_Core { } /** - * Return a list of installed and activated Identity Drivers. + * Return a list of installed Identity Drivers. * * @return boolean true if the driver supports updates; false if read only */ - static function active() { + static function providers() { if (empty(self::$active)) { $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS); foreach (module::active() as $module) { @@ -102,6 +113,20 @@ class Identity_Core { return self::$active; } + /** + * @see Identity_Driver::activate. + */ + static function activate() { + self::instance()->driver->activate(); + } + + /** + * @see Identity_Driver::deactivate. + */ + static function deactivate() { + self::instance()->driver->deactivate(); + } + /** * Determine if if the current driver supports updates. * diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 6ab001cb..2fc4d349 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -18,6 +18,16 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ interface Identity_Driver { + /** + * Initialize the provider so it is ready to use + */ + public function activate(); + + /** + * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver + */ + public function deactivate(); + /** * Return the guest user. * diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 5ef2b726..446b602d 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -24,6 +24,91 @@ * Note: by design, this class does not do any permission checking. */ class user_Core { + /** + * Initialize the provider so it is ready to use + */ + public function activate() { + $db = Database::instance(); + $db->query("CREATE TABLE IF NOT EXISTS {users} ( + `id` int(9) NOT NULL auto_increment, + `name` varchar(32) NOT NULL, + `full_name` varchar(255) NOT NULL, + `password` varchar(64) NOT NULL, + `login_count` int(10) unsigned NOT NULL DEFAULT 0, + `last_login` int(10) unsigned NOT NULL DEFAULT 0, + `email` varchar(64) default NULL, + `admin` BOOLEAN default 0, + `guest` BOOLEAN default 0, + `hash` char(32) default NULL, + `url` varchar(255) default NULL, + `locale` char(10) default NULL, + PRIMARY KEY (`id`), + UNIQUE KEY(`hash`), + UNIQUE KEY(`name`)) + DEFAULT CHARSET=utf8;"); + + $db->query("CREATE TABLE IF NOT EXISTS {groups} ( + `id` int(9) NOT NULL auto_increment, + `name` char(64) default NULL, + `special` BOOLEAN default 0, + PRIMARY KEY (`id`), + UNIQUE KEY(`name`)) + DEFAULT CHARSET=utf8;"); + + $db->query("CREATE TABLE IF NOT EXISTS {groups_users} ( + `group_id` int(9) NOT NULL, + `user_id` int(9) NOT NULL, + PRIMARY KEY (`group_id`, `user_id`), + UNIQUE KEY(`user_id`, `group_id`)) + DEFAULT CHARSET=utf8;"); + + $everybody = group::create("Everybody"); + $everybody->special = true; + $everybody->save(); + + $registered = group::create("Registered Users"); + $registered->special = true; + $registered->save(); + + $guest = user::create("guest", "Guest User", ""); + $guest->guest = true; + $guest->remove($registered); + $guest->save(); + + $admin = user::create("admin", "Gallery Administrator", "admin"); + $admin->admin = true; + $admin->save(); + + // Let the admin own everything + $db->update("items", array("owner_id" => $admin->id), array("owner_id" => "IS NULL")); + + $root = ORM::factory("item", 1); + access::allow($everybody, "view", $root); + access::allow($everybody, "view_full", $root); + + access::allow($registered, "view", $root); + access::allow($registered, "view_full", $root); + } + + /** + * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver + */ + public function deactivate() { + // Delete all users and groups so that we give other modules an opportunity to clean up + foreach (ORM::factory("user")->find_all() as $user) { + $user->delete(); + } + + foreach (ORM::factory("group")->find_all() as $group) { + $group->delete(); + } + + $db = Database::instance(); + $db->query("DROP TABLE IF EXISTS {users};"); + $db->query("DROP TABLE IF EXISTS {groups};"); + $db->query("DROP TABLE IF EXISTS {groups_users};"); + } + /** * Return the guest user. * diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index 8ef4f13d..d7ad1e89 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -19,87 +19,17 @@ */ class user_installer { static function install() { - $db = Database::instance(); - $db->query("CREATE TABLE IF NOT EXISTS {users} ( - `id` int(9) NOT NULL auto_increment, - `name` varchar(32) NOT NULL, - `full_name` varchar(255) NOT NULL, - `password` varchar(64) NOT NULL, - `login_count` int(10) unsigned NOT NULL DEFAULT 0, - `last_login` int(10) unsigned NOT NULL DEFAULT 0, - `email` varchar(64) default NULL, - `admin` BOOLEAN default 0, - `guest` BOOLEAN default 0, - `hash` char(32) default NULL, - `url` varchar(255) default NULL, - `locale` char(10) default NULL, - PRIMARY KEY (`id`), - UNIQUE KEY(`hash`), - UNIQUE KEY(`name`)) - DEFAULT CHARSET=utf8;"); - - $db->query("CREATE TABLE IF NOT EXISTS {groups} ( - `id` int(9) NOT NULL auto_increment, - `name` char(64) default NULL, - `special` BOOLEAN default 0, - PRIMARY KEY (`id`), - UNIQUE KEY(`name`)) - DEFAULT CHARSET=utf8;"); - - $db->query("CREATE TABLE IF NOT EXISTS {groups_users} ( - `group_id` int(9) NOT NULL, - `user_id` int(9) NOT NULL, - PRIMARY KEY (`group_id`, `user_id`), - UNIQUE KEY(`user_id`, `group_id`)) - DEFAULT CHARSET=utf8;"); - - $everybody = group::create("Everybody"); - $everybody->special = true; - $everybody->save(); - - $registered = group::create("Registered Users"); - $registered->special = true; - $registered->save(); - - $guest = user::create("guest", "Guest User", ""); - $guest->guest = true; - $guest->remove($registered); - $guest->save(); - - $admin = user::create("admin", "Gallery Administrator", "admin"); - $admin->admin = true; - $admin->save(); - - // Let the admin own everything - $db->update("items", array("owner_id" => $admin->id), array("owner_id" => "IS NULL")); + user::activate(); module::set_version("user", 1); - - $root = ORM::factory("item", 1); - access::allow($everybody, "view", $root); - access::allow($everybody, "view_full", $root); - - access::allow($registered, "view", $root); - access::allow($registered, "view_full", $root); } static function uninstall() { - // Delete all users and groups so that we give other modules an opportunity to clean up - foreach (ORM::factory("user")->find_all() as $user) { - $user->delete(); - } - - foreach (ORM::factory("group")->find_all() as $group) { - $group->delete(); - } + user::deactivate(); try { Session::instance()->destroy(); } catch (Exception $e) { // We don't care if there was a problem destroying the session. } - $db = Database::instance(); - $db->query("DROP TABLE IF EXISTS {users};"); - $db->query("DROP TABLE IF EXISTS {groups};"); - $db->query("DROP TABLE IF EXISTS {groups_users};"); } } \ No newline at end of file diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index f405b710..f4b4d8a7 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -21,6 +21,20 @@ * Based on the Cache_Sqlite_Driver developed by the Kohana Team */ class Identity_Gallery_Driver implements Identity_Driver { + /** + * @see Identity_Driver::activate. + */ + public function activate() { + user::activate(); + } + + /** + * @see Identity_Driver::deactivate. + */ + public function deactivate() { + user::deactivate(); + } + /** * @see Identity_Driver::guest. */ -- cgit v1.2.3 From 3ece1a01f25270939b3c12f754d555d6ac54d375 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 20 Oct 2009 17:01:19 -0700 Subject: Add a groups api method on the Identity provider and change access_Core::_get_all_groups() to use this to get the defined groups. --- modules/gallery/helpers/access.php | 7 ++++--- modules/gallery/libraries/Identity.php | 11 +++++++++-- modules/gallery/libraries/drivers/Identity.php | 5 +++++ modules/user/libraries/drivers/Identity/Gallery.php | 8 ++++++++ 4 files changed, 26 insertions(+), 5 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index fba161e3..4e7491e3 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -419,10 +419,11 @@ class access_Core { * @return ORM_Iterator */ private static function _get_all_groups() { - // When we build the gallery package, it's possible that the user module is not installed yet. + // When we build the gallery package, it's possible that there is no identity provider installed yet. // This is ok at packaging time, so work around it. - if (module::is_active("user")) { - return ORM::factory("group")->find_all(); + $config = module::get_var("gallery", "identity_provider"); + if (!empty($config)) { + return Identity::groups(); } else { return array(); } diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 3fcb6756..3ef13a6d 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -65,11 +65,11 @@ class Identity_Core { * @return void */ public function __construct() { - $name = $config = module::get_var("gallery", "identity_provider", "user"); + $config = module::get_var("gallery", "identity_provider", "user"); // Test the config group name if (($this->config = Kohana::config("identity.".$config)) === NULL) { - throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $name"); + throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config"); } // Set driver name @@ -205,4 +205,11 @@ class Identity_Core { static function get_user_list($ids) { return self::instance()->driver->get_user_list($ids); } + + /** + * @see Identity_Driver::groups. + */ + static function groups() { + return self::instance()->driver->groups(); + } } // End Identity diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 2fc4d349..b77eb6be 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -97,6 +97,11 @@ interface Identity_Driver { */ public function get_user_list($ids); + /** + * List the groups defined in the Identity Provider + */ + static function groups(); + } // End Identity Driver Definition interface Group_Definition {} diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index f4b4d8a7..8e6e204d 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -131,5 +131,13 @@ class Identity_Gallery_Driver implements Identity_Driver { ->find_all() ->as_array(); } + + /** + * @see Identity_Driver::groups. + */ + static function groups() { + return ORM::factory("group")->find_all(); + } + } // End Identity Gallery Driver -- cgit v1.2.3 From b28c758d4a98c9e877fb81f7b88f9c8597de74b6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 20 Oct 2009 17:21:33 -0700 Subject: Add lookup_group Identity provider API and change the permissions controller to use it to get the group it is modifying --- modules/gallery/controllers/permissions.php | 6 +++--- modules/gallery/libraries/Identity.php | 7 +++++++ modules/gallery/libraries/drivers/Identity.php | 7 +++++++ modules/user/libraries/drivers/Identity/Gallery.php | 6 +++--- 4 files changed, 20 insertions(+), 6 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 7a06c3d3..58c5b816 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -51,13 +51,13 @@ class Permissions_Controller extends Controller { function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); - $group = ORM::factory("group", $group_id); + $group = Identity::lookup_group($group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); - if ($group->loaded && $perm->loaded && $item->loaded) { + if (!empty($group) && $perm->loaded && $item->loaded) { switch($command) { case "allow": access::allow($group, $perm->name, $item); @@ -84,7 +84,7 @@ class Permissions_Controller extends Controller { private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; - $view->groups = ORM::factory("group")->find_all(); + $view->groups = Identity::groups(); $view->permissions = ORM::factory("permission")->find_all(); return $view; } diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index 3ef13a6d..1dd5d23b 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -192,6 +192,13 @@ class Identity_Core { return self::instance()->driver->everybody(); } + /** + * @see Identity_Driver::lookup_group. + */ + static function lookup_group($id) { + return self::instance()->driver->lookup_group($id); + } + /** * @see Identity_Driver::lookup_group_by_name. */ diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index b77eb6be..5b35d49b 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -97,6 +97,13 @@ interface Identity_Driver { */ public function get_user_list($ids); + /** + * Look up a group by id. + * @param integer id + * @return Group_Definition the user object, or null if the name was invalid. + */ + static function lookup_group($id); + /** * List the groups defined in the Identity Provider */ diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 8e6e204d..17327c17 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -116,10 +116,10 @@ class Identity_Gallery_Driver implements Identity_Driver { } /** - * @see Identity_Driver::lookup_group_by_name. + * @see Identity_Driver::lookup_group. */ - static function lookup_group_by_name($name) { - return group::lookup_by_field("name", $name); + static function lookup_group($id) { + return group::lookup_by_field("id", $id); } /** -- cgit v1.2.3 From f04177f138df71e6317073b12b754a1c32d0c523 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 21 Oct 2009 11:49:42 -0700 Subject: re-add the lookup_group_by_name API Method. --- modules/gallery/libraries/Identity.php | 7 +++++++ modules/gallery/libraries/drivers/Identity.php | 11 +++++++++-- modules/user/libraries/drivers/Identity/Gallery.php | 13 ++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php index bfc523f4..1dd5d23b 100644 --- a/modules/gallery/libraries/Identity.php +++ b/modules/gallery/libraries/Identity.php @@ -199,6 +199,13 @@ class Identity_Core { return self::instance()->driver->lookup_group($id); } + /** + * @see Identity_Driver::lookup_group_by_name. + */ + static function lookup_group_by_name($name) { + return self::instance()->driver->lookup_group_by_name($name); + } + /** * @see Identity_Driver::get_user_list. */ diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php index 5b35d49b..39b2a9c7 100644 --- a/modules/gallery/libraries/drivers/Identity.php +++ b/modules/gallery/libraries/drivers/Identity.php @@ -102,12 +102,19 @@ interface Identity_Driver { * @param integer id * @return Group_Definition the user object, or null if the name was invalid. */ - static function lookup_group($id); + public function lookup_group($id); + + /** + * Look up the group by name. + * @param string $name the name of the group to locate + * @return Group_Definition + */ + public function lookup_group_by_name($name); /** * List the groups defined in the Identity Provider */ - static function groups(); + public function groups(); } // End Identity Driver Definition diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php index 17327c17..36f37543 100644 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ b/modules/user/libraries/drivers/Identity/Gallery.php @@ -118,16 +118,23 @@ class Identity_Gallery_Driver implements Identity_Driver { /** * @see Identity_Driver::lookup_group. */ - static function lookup_group($id) { + public function lookup_group($id) { return group::lookup_by_field("id", $id); } + /** + * @see Identity_Driver::lookup_group_by_name. + */ + public function lookup_group_by_name($name) { + return group::lookup_by_field("name", $name); + } + /** * @see Identity_Driver::get_user_list. */ public function get_user_list($ids) { return ORM::factory("user") - ->in("id", ids) + ->in("id", $ids) ->find_all() ->as_array(); } @@ -135,7 +142,7 @@ class Identity_Gallery_Driver implements Identity_Driver { /** * @see Identity_Driver::groups. */ - static function groups() { + public function groups() { return ORM::factory("group")->find_all(); } -- cgit v1.2.3 From 3c936d661a088fb43b47eb5b208958180e8f65eb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 22 Oct 2009 13:09:20 -0700 Subject: Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class --- modules/akismet/tests/Akismet_Helper_Test.php | 2 +- modules/comment/controllers/comments.php | 8 +- modules/comment/helpers/comment.php | 2 +- modules/comment/models/comment.php | 2 +- modules/comment/tests/Comment_Event_Test.php | 2 +- modules/comment/tests/Comment_Helper_Test.php | 4 +- modules/comment/tests/Comment_Model_Test.php | 8 +- modules/digibug/controllers/digibug.php | 2 +- modules/digibug/tests/Digibug_Controller_Test.php | 4 +- modules/g2_import/helpers/g2_import.php | 16 +- modules/gallery/controllers/admin.php | 2 +- modules/gallery/controllers/admin_identity.php | 10 +- modules/gallery/controllers/albums.php | 4 +- modules/gallery/controllers/l10n_client.php | 4 +- modules/gallery/controllers/login.php | 8 +- modules/gallery/controllers/logout.php | 2 +- modules/gallery/controllers/permissions.php | 6 +- modules/gallery/controllers/upgrader.php | 4 +- modules/gallery/controllers/welcome_message.php | 4 +- modules/gallery/helpers/access.php | 4 +- modules/gallery/helpers/gallery.php | 2 +- modules/gallery/helpers/gallery_event.php | 10 +- modules/gallery/helpers/gallery_installer.php | 2 +- modules/gallery/helpers/gallery_theme.php | 2 +- modules/gallery/helpers/identity.php | 225 +++++++++++++++++++++ modules/gallery/helpers/item.php | 4 +- modules/gallery/helpers/locales.php | 2 +- modules/gallery/helpers/log.php | 2 +- modules/gallery/helpers/movie.php | 2 +- modules/gallery/helpers/photo.php | 2 +- modules/gallery/helpers/site_status.php | 2 +- modules/gallery/helpers/task.php | 2 +- modules/gallery/libraries/Admin_View.php | 4 +- modules/gallery/libraries/Identity.php | 222 -------------------- modules/gallery/libraries/IdentityProvider.php | 200 ++++++++++++++++++ modules/gallery/libraries/MY_Session.php | 93 --------- modules/gallery/libraries/Theme_View.php | 6 +- modules/gallery/libraries/drivers/Identity.php | 123 ----------- .../gallery/libraries/drivers/IdentityProvider.php | 123 +++++++++++ modules/gallery/models/item.php | 2 +- modules/gallery/models/log.php | 2 +- modules/gallery/models/task.php | 2 +- modules/gallery/tests/Access_Helper_Test.php | 144 ++++++------- modules/gallery/tests/Albums_Controller_Test.php | 4 +- modules/gallery/tests/Item_Helper_Test.php | 6 +- modules/gallery/tests/Photos_Controller_Test.php | 6 +- modules/gallery/views/kohana_error_page.php | 2 +- modules/gallery/views/login.html.php | 2 +- modules/gallery/views/login_ajax.html.php | 2 +- modules/notification/helpers/notification.php | 10 +- .../notification/helpers/notification_event.php | 2 +- modules/search/helpers/search.php | 4 +- modules/server_add/controllers/server_add.php | 4 +- modules/server_add/helpers/server_add_event.php | 2 +- modules/server_add/helpers/server_add_theme.php | 2 +- modules/user/controllers/admin_users.php | 6 +- modules/user/controllers/password.php | 2 +- modules/user/controllers/users.php | 4 +- modules/user/helpers/group.php | 18 +- .../user/libraries/drivers/Identity/Gallery.php | 150 -------------- .../libraries/drivers/IdentityProvider/Gallery.php | 150 ++++++++++++++ modules/user/views/admin_users.html.php | 2 +- 62 files changed, 885 insertions(+), 769 deletions(-) create mode 100644 modules/gallery/helpers/identity.php delete mode 100644 modules/gallery/libraries/Identity.php create mode 100644 modules/gallery/libraries/IdentityProvider.php delete mode 100644 modules/gallery/libraries/MY_Session.php delete mode 100644 modules/gallery/libraries/drivers/Identity.php create mode 100644 modules/gallery/libraries/drivers/IdentityProvider.php delete mode 100644 modules/user/libraries/drivers/Identity/Gallery.php create mode 100644 modules/user/libraries/drivers/IdentityProvider/Gallery.php (limited to 'modules/user/libraries/drivers') diff --git a/modules/akismet/tests/Akismet_Helper_Test.php b/modules/akismet/tests/Akismet_Helper_Test.php index 6788e7a3..745b455c 100644 --- a/modules/akismet/tests/Akismet_Helper_Test.php +++ b/modules/akismet/tests/Akismet_Helper_Test.php @@ -26,7 +26,7 @@ class Akismet_Helper_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $this->_comment = comment::create( - $root, Identity::guest(), "This is a comment", + $root, identity::guest(), "This is a comment", "John Doe", "john@gallery2.org", "http://gallery2.org"); foreach ($this->_comment->list_fields("comments") as $name => $field) { if (strpos($name, "server_") === 0) { diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index c0658cc1..09b9c607 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -65,7 +65,7 @@ class Comments_Controller extends REST_Controller { $form = comment::get_add_form($item); $valid = $form->validate(); if ($valid) { - if (Session::active_user()->guest && !$form->add_comment->inputs["name"]->value) { + if (identity::active_user()->guest && !$form->add_comment->inputs["name"]->value) { $form->add_comment->inputs["name"]->add_error("missing", 1); $valid = false; } @@ -78,13 +78,13 @@ class Comments_Controller extends REST_Controller { if ($valid) { $comment = comment::create( - $item, Session::active_user(), + $item, identity::active_user(), $form->add_comment->text->value, $form->add_comment->inputs["name"]->value, $form->add_comment->email->value, $form->add_comment->url->value); - $active = Session::active_user(); + $active = identity::active_user(); if ($active->guest) { $form->add_comment->inputs["name"]->value(""); $form->add_comment->email->value(""); @@ -192,7 +192,7 @@ class Comments_Controller extends REST_Controller { * @see REST_Controller::form_edit($resource) */ public function _form_edit($comment) { - if (!Session::active_user()->admin) { + if (!identity::active_user()->admin) { access::forbidden(); } print comment::get_edit_form($comment); diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index e741266d..53d58afa 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -75,7 +75,7 @@ class comment_Core { module::event("comment_add_form", $form); $group->submit("")->value(t("Add")); - $active = Session::active_user(); + $active = identity::active_user(); if (!$active->guest) { $group->inputs["name"]->value($active->full_name)->disabled("disabled"); $group->email->value($active->email)->disabled("disabled"); diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 5e29e778..bb9b8833 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -23,7 +23,7 @@ class Comment_Model extends ORM { } function author() { - return Identity::lookup_user($this->author_id); + return identity::lookup_user($this->author_id); } function author_name() { diff --git a/modules/comment/tests/Comment_Event_Test.php b/modules/comment/tests/Comment_Event_Test.php index eb301893..f650cabf 100644 --- a/modules/comment/tests/Comment_Event_Test.php +++ b/modules/comment/tests/Comment_Event_Test.php @@ -22,7 +22,7 @@ class Comment_Event_Test extends Unit_Test_Case { $rand = rand(); $album = album::create(ORM::factory("item", 1), "test_$rand", "test_$rand"); $comment = comment::create( - $album, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand"); + $album, identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand"); $album->delete(); diff --git a/modules/comment/tests/Comment_Helper_Test.php b/modules/comment/tests/Comment_Helper_Test.php index e8ab7c79..c635c3b7 100644 --- a/modules/comment/tests/Comment_Helper_Test.php +++ b/modules/comment/tests/Comment_Helper_Test.php @@ -48,7 +48,7 @@ class Comment_Helper_Test extends Unit_Test_Case { $rand = rand(); $root = ORM::factory("item", 1); $comment = comment::create( - $root, Identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand"); + $root, identity::guest(), "text_$rand", "name_$rand", "email_$rand", "url_$rand"); $this->assert_equal("name_$rand", $comment->author_name()); $this->assert_equal("email_$rand", $comment->author_email()); @@ -77,7 +77,7 @@ class Comment_Helper_Test extends Unit_Test_Case { public function create_comment_for_user_test() { $rand = rand(); $root = ORM::factory("item", 1); - $admin = Identity::lookup_user(2); + $admin = identity::lookup_user(2); $comment = comment::create( $root, $admin, "text_$rand", "name_$rand", "email_$rand", "url_$rand"); diff --git a/modules/comment/tests/Comment_Model_Test.php b/modules/comment/tests/Comment_Model_Test.php index 84532a96..de19648d 100644 --- a/modules/comment/tests/Comment_Model_Test.php +++ b/modules/comment/tests/Comment_Model_Test.php @@ -22,17 +22,17 @@ class Comment_Model_Test extends Unit_Test_Case { public function cant_view_comments_for_unviewable_items_test() { $root = ORM::factory("item", 1); $album = album::create($root, rand(), rand(), rand()); - $comment = comment::create($album, Identity::guest(), "text", "name", "email", "url"); - Session::set_active_user(Identity::guest()); + $comment = comment::create($album, identity::guest(), "text", "name", "email", "url"); + identity::set_active_user(identity::guest()); // We can see the comment when permissions are granted on the album - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $this->assert_equal( 1, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); // We can't see the comment when permissions are denied on the album - access::deny(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $album); $this->assert_equal( 0, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all()); diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 8ea83601..1bb2691b 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -23,7 +23,7 @@ class Digibug_Controller extends Controller { $item = ORM::factory("item", $id); access::required("view", $item); - if (access::group_can(Identity::everybody(), "view_full", $item)) { + if (access::group_can(identity::everybody(), "view_full", $item)) { $full_url = $item->file_url(true); $thumb_url = $item->thumb_url(true); } else { diff --git a/modules/digibug/tests/Digibug_Controller_Test.php b/modules/digibug/tests/Digibug_Controller_Test.php index 19f57972..a56d58bb 100644 --- a/modules/digibug/tests/Digibug_Controller_Test.php +++ b/modules/digibug/tests/Digibug_Controller_Test.php @@ -35,8 +35,8 @@ class Digibug_Controller_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $this->_album = album::create($root, rand(), "test album"); - access::deny(Identity::everybody(), "view_full", $this->_album); - access::deny(Identity::registered_users(), "view_full", $this->_album); + access::deny(identity::everybody(), "view_full", $this->_album); + access::deny(identity::registered_users(), "view_full", $this->_album); $rand = rand(); $this->_item = photo::create($this->_album, MODPATH . "gallery/tests/test.jpg", "$rand.jpg", diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index d24aab93..f55e7f32 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -230,16 +230,16 @@ class g2_import_Core { switch ($g2_group->getGroupType()) { case GROUP_NORMAL: try { - $group = Identity::create_group($g2_group->getGroupName()); + $group = identity::create_group($g2_group->getGroupName()); } catch (Exception $e) { // @todo For now we assume this is a "duplicate group" exception - $group = Identity::lookup_user_by_name($g2_group->getGroupname()); + $group = identity::lookup_user_by_name($g2_group->getGroupname()); } $message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname())); break; case GROUP_ALL_USERS: - $group = Identity::registered_users(); + $group = identity::registered_users(); $message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name)); break; @@ -248,7 +248,7 @@ class g2_import_Core { break; // This is not a group in G3 case GROUP_EVERYBODY: - $group = Identity::everybody(); + $group = identity::everybody(); $message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name)); break; } @@ -270,7 +270,7 @@ class g2_import_Core { } if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) { - self::set_map($g2_user_id, Identity::guest()->id); + self::set_map($g2_user_id, identity::guest()->id); return t("Skipping Anonymous User"); } @@ -285,11 +285,11 @@ class g2_import_Core { $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId())); try { - $user = Identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), ""); + $user = identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), ""); $message = t("Created user: '%name'.", array("name" => $user->name)); } catch (Exception $e) { // @todo For now we assume this is a "duplicate user" exception - $user = Identity::lookup_user_by_name($g2_user->getUsername()); + $user = identity::lookup_user_by_name($g2_user->getUsername()); $message = t("Loaded existing user: '%name'.", array("name" => $user->name)); } @@ -301,7 +301,7 @@ class g2_import_Core { $user->admin = true; $message .= t("\n\tAdded 'admin' flag to user"); } else { - $group = Identity::lookup_group(self::map($g2_group_id)); + $group = identity::lookup_group(self::map($g2_group_id)); $user->add($group); $message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name)); } diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 24eebe7d..98cac557 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -21,7 +21,7 @@ class Admin_Controller extends Controller { private $theme; public function __construct($theme=null) { - if (!(Session::active_user()->admin)) { + if (!(identity::active_user()->admin)) { access::forbidden(); } diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php index 9d756a5c..d06132ff 100644 --- a/modules/gallery/controllers/admin_identity.php +++ b/modules/gallery/controllers/admin_identity.php @@ -21,7 +21,7 @@ class Admin_Identity_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_identity.html"); - $view->content->available = Identity::providers(); + $view->content->available = identity::providers(); $view->content->active = module::get_var("gallery", "identity_provider", "user"); print $view; } @@ -39,7 +39,7 @@ class Admin_Identity_Controller extends Admin_Controller { access::verify_csrf(); $active_provider = module::get_var("gallery", "identity_provider", "user"); - $providers = Identity::providers(); + $providers = identity::providers(); $new_provider = $this->input->post("provider"); @@ -47,13 +47,13 @@ class Admin_Identity_Controller extends Admin_Controller { module::event("pre_identity_change", $active_provider, $new_provider); - Identity::deactivate(); + identity::deactivate(); // Switch authentication module::set_var("gallery", "identity_provider", $new_provider); - Identity::reset(); + identity::reset(); - Identity::activate(); + identity::activate(); // @todo this type of collation is questionable from an i18n perspective message::success(t("Changed to %description", diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index fabf67ce..24ceb0c9 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -111,7 +111,7 @@ class Albums_Controller extends Items_Controller { $this->input->post("name"), $this->input->post("title", $this->input->post("name")), $this->input->post("description"), - Session::active_user()->id, + identity::active_user()->id, $this->input->post("slug")); log::success("content", "Created an album", @@ -146,7 +146,7 @@ class Albums_Controller extends Items_Controller { $_FILES["file"]["name"], $this->input->post("title", $this->input->post("name")), $this->input->post("description"), - Session::active_user()->id); + identity::active_user()->id); log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); message::success(t("Added photo %photo_title", diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php index 2ab73102..6db67d3b 100644 --- a/modules/gallery/controllers/l10n_client.php +++ b/modules/gallery/controllers/l10n_client.php @@ -20,7 +20,7 @@ class L10n_Client_Controller extends Controller { public function save() { access::verify_csrf(); - if (!Session::active_user()->admin) { + if (!identity::active_user()->admin) { access::forbidden(); } @@ -85,7 +85,7 @@ class L10n_Client_Controller extends Controller { public function toggle_l10n_mode() { access::verify_csrf(); - if (!Session::active_user()->admin) { + if (!identity::active_user()->admin) { access::forbidden(); } diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 4c83d647..86e2b0a4 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -58,8 +58,8 @@ class Login_Controller extends Controller { $form = login::get_login_form($url); $valid = $form->validate(); if ($valid) { - $user = Identity::lookup_user_by_name($form->login->inputs["name"]->value); - if (empty($user) || !Identity::is_correct_password($user, $form->login->password->value)) { + $user = identity::lookup_user_by_name($form->login->inputs["name"]->value); + if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) { log::warning( "user", t("Failed login for %name", @@ -70,12 +70,12 @@ class Login_Controller extends Controller { } if ($valid) { - if (Identity::is_writable()) { + if (identity::is_writable()) { $user->login_count += 1; $user->last_login = time(); $user->save(); } - Session::set_active_user($user); + identity::set_active_user($user); log::info("user", t("User %name logged in", array("name" => $user->name))); } diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 058860fa..1b0364fd 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -19,7 +19,7 @@ */ class Logout_Controller extends Controller { public function index() { - $user = Session::active_user(); + $user = identity::active_user(); if (!$user->guest) { try { Session::instance()->destroy(); diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 58c5b816..99943fbb 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -51,7 +51,7 @@ class Permissions_Controller extends Controller { function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); - $group = Identity::lookup_group($group_id); + $group = identity::lookup_group($group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("view", $item); @@ -74,7 +74,7 @@ class Permissions_Controller extends Controller { // If the active user just took away their own edit permissions, give it back. if ($perm->name == "edit") { - if (!access::user_can(Session::active_user(), "edit", $item)) { + if (!access::user_can(identity::active_user(), "edit", $item)) { access::allow($group, $perm->name, $item); } } @@ -84,7 +84,7 @@ class Permissions_Controller extends Controller { private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; - $view->groups = Identity::groups(); + $view->groups = identity::groups(); $view->permissions = ORM::factory("permission")->find_all(); return $view; } diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index e0c5d340..1aa607ef 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -40,7 +40,7 @@ class Upgrader_Controller extends Controller { } $view = new View("upgrader.html"); - $view->can_upgrade = Session::active_user()->admin || $session->get("can_upgrade"); + $view->can_upgrade = identity::active_user()->admin || $session->get("can_upgrade"); $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->done = ($available_upgrades == 0); @@ -52,7 +52,7 @@ class Upgrader_Controller extends Controller { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!Session::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { + } else if (!identity::active_user()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } diff --git a/modules/gallery/controllers/welcome_message.php b/modules/gallery/controllers/welcome_message.php index cfdc3976..af0d6997 100644 --- a/modules/gallery/controllers/welcome_message.php +++ b/modules/gallery/controllers/welcome_message.php @@ -19,12 +19,12 @@ */ class Welcome_Message_Controller extends Controller { public function index() { - if (!Session::active_user()->admin) { + if (!identity::active_user()->admin) { url::redirect(item::root()->abs_url()); } $v = new View("welcome_message.html"); - $v->user = Session::active_user(); + $v->user = identity::active_user(); print $v; } } diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 4e7491e3..a3abbe2e 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -79,7 +79,7 @@ class access_Core { * @return boolean */ static function can($perm_name, $item) { - return self::user_can(Session::active_user(), $perm_name, $item); + return self::user_can(identity::active_user(), $perm_name, $item); } /** @@ -423,7 +423,7 @@ class access_Core { // This is ok at packaging time, so work around it. $config = module::get_var("gallery", "identity_provider"); if (!empty($config)) { - return Identity::groups(); + return identity::groups(); } else { return array(); } diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 18bb2609..84f8a7fb 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -27,7 +27,7 @@ class gallery_Core { static function maintenance_mode() { $maintenance_mode = Kohana::config("core.maintenance_mode", false, false); - if (Router::$controller != "login" && !empty($maintenance_mode) && !Session::active_user()->admin) { + if (Router::$controller != "login" && !empty($maintenance_mode) && !identity::active_user()->admin) { Router::$controller = "maintenance"; Router::$controller_path = MODPATH . "gallery/controllers/maintenance.php"; Router::$method = "index"; diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 95be4813..b6afa2c8 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -23,11 +23,7 @@ class gallery_event_Core { * Initialization. */ static function gallery_ready() { - // Call Identity::instance() now to force the load of the user interface classes. - // Session::load_user will attempt to load the active user from the session and needs - // the user definition class, which can't be reached by Kohana's heiracrchical lookup. - Identity::instance(); - Session::load_user(); + identity::load_user(); locales::set_request_locale(); } @@ -139,7 +135,7 @@ class gallery_event_Core { } } - if (Session::active_user()->admin) { + if (identity::active_user()->admin) { $menu->append($admin_menu = Menu::factory("submenu") ->id("admin_menu") ->label(t("Admin"))); @@ -191,7 +187,7 @@ class gallery_event_Core { ->id("sidebar") ->label(t("Manage Sidebar")) ->url(url::site("admin/sidebar")))); - if (count(Identity::providers()) > 1) { + if (count(identity::providers()) > 1) { $menu ->append(Menu::factory("submenu") ->id("identity_menu") diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 10e796fd..9c19eaed 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -317,7 +317,7 @@ class gallery_installer { } if ($version == 7) { - $groups = Identity::groups(); + $groups = identity::groups(); $permissions = ORM::factory("permission")->find_all(); foreach($groups as $group) { foreach($permissions as $permission) { diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index d21cb124..5f3eb2a9 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -54,7 +54,7 @@ class gallery_theme_Core { static function header_top($theme) { if ($theme->page_type != "login") { $view = new View("login.html"); - $view->user = Session::active_user(); + $view->user = identity::active_user(); return $view->render(); } } diff --git a/modules/gallery/helpers/identity.php b/modules/gallery/helpers/identity.php new file mode 100644 index 00000000..cf84c8a9 --- /dev/null +++ b/modules/gallery/helpers/identity.php @@ -0,0 +1,225 @@ + $module) { + if (file_exists(MODPATH . "{$module_name}/config/identity.php")) { + $drivers->$module_name = $module->description; + } + } + self::$available = $drivers; + } + return self::$available; + } + + /** + * Make sure that we have a session and group_ids cached in the session. + */ + static function load_user() { + //try { + // Call IdentityProvider::instance() now to force the load of the user interface classes. + // We are about to load the active user from the session and which needs the user definition + // class, which can't be reached by Kohana's heiracrchical lookup. + IdentityProvider::instance(); + + $session = Session::instance(); + if (!($user = $session->get("user"))) { + self::set_active_user($user = self::guest()); + } + + // The installer cannot set a user into the session, so it just sets an id which we should + // upconvert into a user. + // @todo set the user name into the session instead of 2 and then use it to get the user object + if ($user === 2) { + $user = IdentityProvider::instance()->lookup_user_by_name("admin"); + self::set_active_user($user); + $session->set("user", $user); + } + + if (!$session->get("group_ids")) { + $ids = array(); + foreach ($user->groups as $group) { + $ids[] = $group->id; + } + $session->set("group_ids", $ids); + } + //} catch (Exception $e) { + //try { + //Session::instance()->destroy(); + //} catch (Exception $e) { + // We don't care if there was a problem destroying the session. + //} + //url::redirect(item::root()->abs_url()); + //} + } + + /** + * Return the array of group ids this user belongs to + * + * @return array + */ + static function group_ids_for_active_user() { + return Session::instance()->get("group_ids", array(1)); + } + + /** + * Return the active user. If there's no active user, return the guest user. + * + * @return User_Definition + */ + static function active_user() { + // @todo (maybe) cache this object so we're not always doing session lookups. + $user = Session::instance()->get("user", null); + if (!isset($user)) { + // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary + // work. + $user = identity::guest(); + } + return $user; + } + + /** + * Change the active user. + * @param User_Definition $user + */ + static function set_active_user($user) { + $session = Session::instance(); + $session->set("user", $user); + $session->delete("group_ids"); + self::load_user(); + } + + /** + * Determine if if the current driver supports updates. + * + * @return boolean true if the driver supports updates; false if read only + */ + static function is_writable() { + return IdentityProvider::instance()->is_writable(); + } + + /** + * @see IdentityProvider_Driver::activate. + */ + static function activate() { + IdentityProvider::instance()->activate(); + } + + /** + * @see IdentityProvider_Driver::deactivate. + */ + static function deactivate() { + IdentityProvider::instance()->deactivate(); + } + + /** + * @see IdentityProvider_Driver::guest. + */ + static function guest() { + return IdentityProvider::instance()->guest(); + } + + /** + * @see IdentityProvider_Driver::create_user. + */ + static function create_user($name, $full_name, $password) { + return IdentityProvider::instance()->create_user($name, $full_name, $password); + } + + /** + * @see IdentityProvider_Driver::is_correct_password. + */ + static function is_correct_password($user, $password) { + return IdentityProvider::instance()->is_correct_password($user, $password); + } + + /** + * @see IdentityProvider_Driver::lookup_user. + */ + static function lookup_user($id) { + return IdentityProvider::instance()->lookup_user($id); + } + + /** + * @see IdentityProvider_Driver::lookup_user_by_name. + */ + static function lookup_user_by_name($name) { + return IdentityProvider::instance()->lookup_user_by_name($name); + } + + /** + * @see IdentityProvider_Driver::create_group. + */ + static function create_group($name) { + return IdentityProvider::instance()->create_group($name); + } + + /** + * @see IdentityProvider_Driver::everybody. + */ + static function everybody() { + return IdentityProvider::instance()->everybody(); + } + + /** + * @see IdentityProvider_Driver::registered_users. + */ + static function registered_users() { + return IdentityProvider::instance()->everybody(); + } + + /** + * @see IdentityProvider_Driver::lookup_group. + */ + static function lookup_group($id) { + return IdentityProvider::instance()->lookup_group($id); + } + + /** + * @see IdentityProvider_Driver::lookup_group_by_name. + */ + static function lookup_group_by_name($name) { + return IdentityProvider::instance()->lookup_group_by_name($name); + } + + /** + * @see IdentityProvider_Driver::get_user_list. + */ + static function get_user_list($ids) { + return IdentityProvider::instance()->get_user_list($ids); + } + + /** + * @see IdentityProvider_Driver::groups. + */ + static function groups() { + return IdentityProvider::instance()->groups(); + } +} \ No newline at end of file diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 3d36a324..b3b6d0bb 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -158,8 +158,8 @@ class item_Core { */ static function viewable($model) { $view_restrictions = array(); - if (!Session::active_user()->admin) { - foreach (Session::group_ids_for_active_user() as $id) { + if (!identity::active_user()->admin) { + foreach (identity::group_ids_for_active_user() as $id) { // Separate the first restriction from the rest to make it easier for us to formulate // our where clause below if (empty($view_restrictions)) { diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index f80fce03..c2a606cd 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -141,7 +141,7 @@ class locales_Core { $locale = self::cookie_locale(); // 2. Check the user's preference if (!$locale) { - $locale = Session::active_user()->locale; + $locale = identity::active_user()->locale; } // 3. Check the browser's / OS' preference if (!$locale) { diff --git a/modules/gallery/helpers/log.php b/modules/gallery/helpers/log.php index d1b34e3a..184b0b97 100644 --- a/modules/gallery/helpers/log.php +++ b/modules/gallery/helpers/log.php @@ -80,7 +80,7 @@ class log_Core { $log->url = substr(url::abs_current(true), 0, 255); $log->referer = request::referrer(null); $log->timestamp = time(); - $log->user_id = Session::active_user()->id; + $log->user_id = identity::active_user()->id; $log->save(); } diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 9541f20e..6dac0803 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -77,7 +77,7 @@ class movie_Core { $movie->title = $title; $movie->description = $description; $movie->name = $name; - $movie->owner_id = $owner_id ? $owner_id : Session::active_user()->id; + $movie->owner_id = $owner_id ? $owner_id : identity::active_user()->id; $movie->width = $movie_info[0]; $movie->height = $movie_info[1]; $movie->mime_type = strtolower($pi["extension"]) == "mp4" ? "video/mp4" : "video/x-flv"; diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 193293e8..01cf5278 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -76,7 +76,7 @@ class photo_Core { $photo->title = $title; $photo->description = $description; $photo->name = $name; - $photo->owner_id = $owner_id ? $owner_id : Session::active_user()->id; + $photo->owner_id = $owner_id ? $owner_id : identity::active_user()->id; $photo->width = $image_info[0]; $photo->height = $image_info[1]; $photo->mime_type = empty($image_info['mime']) ? "application/unknown" : $image_info['mime']; diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php index 06b29fda..2b090776 100644 --- a/modules/gallery/helpers/site_status.php +++ b/modules/gallery/helpers/site_status.php @@ -95,7 +95,7 @@ class site_status_Core { * @return html text */ static function get() { - if (!Session::active_user()->admin) { + if (!identity::active_user()->admin) { return; } $buf = array(); diff --git a/modules/gallery/helpers/task.php b/modules/gallery/helpers/task.php index f84fd10e..dac5f9d3 100644 --- a/modules/gallery/helpers/task.php +++ b/modules/gallery/helpers/task.php @@ -42,7 +42,7 @@ class task_Core { $task->percent_complete = 0; $task->status = ""; $task->state = "started"; - $task->owner_id = Session::active_user()->id; + $task->owner_id = identity::active_user()->id; $task->context = serialize($context); $task->save(); diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 74a08c77..6eedec0d 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -36,12 +36,12 @@ class Admin_View_Core extends Gallery_View { parent::__construct($name); $this->theme_name = module::get_var("gallery", "active_admin_theme"); - if (Session::active_user()->admin) { + if (identity::active_user()->admin) { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->sidebar = ""; $this->set_global("theme", $this); - $this->set_global("user", Session::active_user()); + $this->set_global("user", identity::active_user()); } public function admin_menu() { diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php deleted file mode 100644 index 1dd5d23b..00000000 --- a/modules/gallery/libraries/Identity.php +++ /dev/null @@ -1,222 +0,0 @@ -config = Kohana::config("identity.".$config)) === NULL) { - throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config"); - } - - // Set driver name - $driver = "Identity_".ucfirst($this->config["driver"])."_Driver"; - - // Load the driver - if ( ! Kohana::auto_load($driver)) { - throw new Kohana_Exception("core.driver_not_found", $this->config["driver"], - get_class($this)); - } - - // Initialize the driver - $this->driver = new $driver($this->config["params"]); - - // Validate the driver - if ( !($this->driver instanceof Identity_Driver)) { - throw new Kohana_Exception("core.driver_implements", $this->config["driver"], - get_class($this), "Identity_Driver"); - } - - Kohana::log("debug", "Identity Library initialized"); - } - - /** - * Return a list of installed Identity Drivers. - * - * @return boolean true if the driver supports updates; false if read only - */ - static function providers() { - if (empty(self::$active)) { - $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS); - foreach (module::active() as $module) { - $module_name = $module->name; - if (file_exists(MODPATH . "{$module->name}/config/identity.php") && - ($info = module::info($module_name))) { - $drivers->$module_name = $info->description; - } - } - self::$active = $drivers; - } - return self::$active; - } - - /** - * @see Identity_Driver::activate. - */ - static function activate() { - self::instance()->driver->activate(); - } - - /** - * @see Identity_Driver::deactivate. - */ - static function deactivate() { - self::instance()->driver->deactivate(); - } - - /** - * Determine if if the current driver supports updates. - * - * @return boolean true if the driver supports updates; false if read only - */ - static function is_writable() { - return !empty(self::instance()->config["allow_updates"]); - } - - /** - * @see Identity_Driver::guest. - */ - static function guest() { - return self::instance()->driver->guest(); - } - - /** - * @see Identity_Driver::create_user. - */ - static function create_user($name, $full_name, $password) { - return self::instance()->driver->create_user($name, $full_name, $password); - } - - /** - * @see Identity_Driver::is_correct_password. - */ - static function is_correct_password($user, $password) { - return self::instance()->driver->is_correct_password($user, $password); - } - - /** - * @see Identity_Driver::lookup_user. - */ - static function lookup_user($id) { - return self::instance()->driver->lookup_user($id); - } - - /** - * @see Identity_Driver::lookup_user_by_name. - */ - static function lookup_user_by_name($name) { - return self::instance()->driver->lookup_user_by_name($name); - } - - /** - * @see Identity_Driver::create_group. - */ - static function create_group($name) { - return self::instance()->driver->create_group($name); - } - - /** - * @see Identity_Driver::everybody. - */ - static function everybody() { - return self::instance()->driver->everybody(); - } - - /** - * @see Identity_Driver::registered_users. - */ - static function registered_users() { - return self::instance()->driver->everybody(); - } - - /** - * @see Identity_Driver::lookup_group. - */ - static function lookup_group($id) { - return self::instance()->driver->lookup_group($id); - } - - /** - * @see Identity_Driver::lookup_group_by_name. - */ - static function lookup_group_by_name($name) { - return self::instance()->driver->lookup_group_by_name($name); - } - - /** - * @see Identity_Driver::get_user_list. - */ - static function get_user_list($ids) { - return self::instance()->driver->get_user_list($ids); - } - - /** - * @see Identity_Driver::groups. - */ - static function groups() { - return self::instance()->driver->groups(); - } -} // End Identity diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php new file mode 100644 index 00000000..512f28eb --- /dev/null +++ b/modules/gallery/libraries/IdentityProvider.php @@ -0,0 +1,200 @@ +config = Kohana::config("identity.".$config)) === NULL) { + throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config"); + } + + // Set driver name + $driver = "IdentityProvider_".ucfirst($this->config["driver"])."_Driver"; + + // Load the driver + if ( ! Kohana::auto_load($driver)) { + throw new Kohana_Exception("core.driver_not_found", $this->config["driver"], + get_class($this)); + } + + // Initialize the driver + $this->driver = new $driver($this->config["params"]); + + // Validate the driver + if ( !($this->driver instanceof IdentityProvider_Driver)) { + throw new Kohana_Exception("core.driver_implements", $this->config["driver"], + get_class($this), "IdentityProvider_Driver"); + } + + Kohana::log("debug", "Identity Library initialized"); + } + + /** + * Determine if if the current driver supports updates. + * + * @return boolean true if the driver supports updates; false if read only + */ + public function is_writable() { + return !empty($this->config["allow_updates"]); + } + + /** + * @see IdentityProvider_Driver::activate. + */ + public function activate() { + $this->driver->activate(); + } + + /** + * @see IdentityProvider_Driver::deactivate. + */ + public function deactivate() { + $this->driver->deactivate(); + } + + /** + * @see IdentityProvider_Driver::guest. + */ + public function guest() { + return $this->driver->guest(); + } + + /** + * @see IdentityProvider_Driver::create_user. + */ + public function create_user($name, $full_name, $password) { + return $this->driver->create_user($name, $full_name, $password); + } + + /** + * @see IdentityProvider_Driver::is_correct_password. + */ + public function is_correct_password($user, $password) { + return $this->driver->is_correct_password($user, $password); + } + + /** + * @see IdentityProvider_Driver::lookup_user. + */ + public function lookup_user($id) { + return $this->driver->lookup_user($id); + } + + /** + * @see IdentityProvider_Driver::lookup_user_by_name. + */ + public function lookup_user_by_name($name) { + return $this->driver->lookup_user_by_name($name); + } + + /** + * @see IdentityProvider_Driver::create_group. + */ + public function create_group($name) { + return $this->driver->create_group($name); + } + + /** + * @see IdentityProvider_Driver::everybody. + */ + public function everybody() { + return $this->driver->everybody(); + } + + /** + * @see IdentityProvider_Driver::registered_users. + */ + public function registered_users() { + return $this->driver->everybody(); + } + + /** + * @see IdentityProvider_Driver::lookup_group. + */ + public function lookup_group($id) { + return $this->driver->lookup_group($id); + } + + /** + * @see IdentityProvider_Driver::lookup_group_by_name. + */ + public function lookup_group_by_name($name) { + return $this->driver->lookup_group_by_name($name); + } + + /** + * @see IdentityProvider_Driver::get_user_list. + */ + public function get_user_list($ids) { + return $this->driver->get_user_list($ids); + } + + /** + * @see IdentityProvider_Driver::groups. + */ + public function groups() { + return $this->driver->groups(); + } +} // End Identity diff --git a/modules/gallery/libraries/MY_Session.php b/modules/gallery/libraries/MY_Session.php deleted file mode 100644 index 1a3ae801..00000000 --- a/modules/gallery/libraries/MY_Session.php +++ /dev/null @@ -1,93 +0,0 @@ -get("user"))) { - $session->set("user", $user = Identity::guest()); - } - - // The installer cannot set a user into the session, so it just sets an id which we should - // upconvert into a user. - // @todo set the user name into the session instead of 2 and then use it to get the user object - if ($user === 2) { - $user = Instance::lookup_user_by_name("admin"); - self::set_active_user($user); - $session->set("user", $user); - } - - if (!$session->get("group_ids")) { - $ids = array(); - foreach ($user->groups as $group) { - $ids[] = $group->id; - } - $session->set("group_ids", $ids); - } - } catch (Exception $e) { - try { - Session::instance()->destroy(); - } catch (Exception $e) { - // We don't care if there was a problem destroying the session. - } - url::redirect(item::root()->abs_url()); - } - } - - /** - * Return the array of group ids this user belongs to - * - * @return array - */ - static function group_ids_for_active_user() { - return self::instance()->get("group_ids", array(1)); - } - - /** - * Return the active user. If there's no active user, return the guest user. - * - * @return User_Definition - */ - static function active_user() { - // @todo (maybe) cache this object so we're not always doing session lookups. - $user = self::instance()->get("user", null); - if (!isset($user)) { - // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary - // work. - $user = Identity::guest(); - } - return $user; - } - - /** - * Change the active user. - * @param User_Definition $user - */ - static function set_active_user($user) { - $session = Session::instance(); - $session->set("user", $user); - $session->delete("group_ids"); - self::load_user(); - } -} \ No newline at end of file diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 2fdc7531..68ec325f 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -37,13 +37,13 @@ class Theme_View_Core extends Gallery_View { parent::__construct($name); $this->theme_name = module::get_var("gallery", "active_site_theme"); - if (Session::active_user()->admin) { + if (identity::active_user()->admin) { $this->theme_name = Input::instance()->get("theme", $this->theme_name); } $this->item = null; $this->tag = null; $this->set_global("theme", $this); - $this->set_global("user", Session::active_user()); + $this->set_global("user", identity::active_user()); $this->set_global("page_type", $page_type); $this->set_global("page_title", null); if ($page_type == "album") { @@ -158,7 +158,7 @@ class Theme_View_Core extends Gallery_View { */ public function sidebar_blocks() { $sidebar = block_manager::get_html("site.sidebar", $this); - if (empty($sidebar) && Session::active_user()->admin) { + if (empty($sidebar) && identity::active_user()->admin) { $sidebar = new View("no_sidebar.html"); } return $sidebar; diff --git a/modules/gallery/libraries/drivers/Identity.php b/modules/gallery/libraries/drivers/Identity.php deleted file mode 100644 index 39b2a9c7..00000000 --- a/modules/gallery/libraries/drivers/Identity.php +++ /dev/null @@ -1,123 +0,0 @@ -owner_id); + return identity::lookup_user($this->owner_id); } catch (Exception $e) { return null; } diff --git a/modules/gallery/models/log.php b/modules/gallery/models/log.php index 1d639857..4f6b8c4b 100644 --- a/modules/gallery/models/log.php +++ b/modules/gallery/models/log.php @@ -26,7 +26,7 @@ class Log_Model extends ORM { // This relationship depends on an outside module, which may not be present so handle // failures gracefully. try { - return Identity::lookup_user($this->user_id); + return identity::lookup_user($this->user_id); } catch (Exception $e) { return null; } diff --git a/modules/gallery/models/task.php b/modules/gallery/models/task.php index 548e5f9c..f40be492 100644 --- a/modules/gallery/models/task.php +++ b/modules/gallery/models/task.php @@ -46,7 +46,7 @@ class Task_Model extends ORM { } public function owner() { - return Identity::lookup_user($this->owner_id); + return identity::lookup_user($this->owner_id); } /** diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index dac431a7..e9e5cb26 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -22,7 +22,7 @@ class Access_Helper_Test extends Unit_Test_Case { public function teardown() { try { - $group = Identity::lookup_group_by_name("access_test"); + $group = identity::lookup_group_by_name("access_test"); if (!empty($group)) { $group->delete(); } @@ -33,7 +33,7 @@ class Access_Helper_Test extends Unit_Test_Case { } catch (Exception $e) { } try { - $user = Identity::lookup_user_by_name("access_test"); + $user = identity::lookup_user_by_name("access_test"); if (!empty($user)) { $user->delete(); } @@ -41,16 +41,16 @@ class Access_Helper_Test extends Unit_Test_Case { // Reset some permissions that we mangle below $root = ORM::factory("item", 1); - access::allow(Identity::everybody(), "view", $root); + access::allow(identity::everybody(), "view", $root); } public function setup() { - Session::set_active_user(Identity::guest()); + identity::set_active_user(identity::guest()); } public function groups_and_permissions_are_bound_to_columns_test() { access::register_permission("access_test", "Access Test"); - $group = Identity::create_group("access_test"); + $group = identity::create_group("access_test"); // We have a new column for this perm / group combo $fields = Database::instance()->list_fields("access_caches"); @@ -65,17 +65,17 @@ class Access_Helper_Test extends Unit_Test_Case { } public function user_can_access_test() { - $access_test = Identity::create_group("access_test"); + $access_test = identity::create_group("access_test"); $root = ORM::factory("item", 1); access::allow($access_test, "view", $root); $item = album::create($root, rand(), "test album"); - access::deny(Identity::everybody(), "view", $item); - access::deny(Identity::registered_users(), "view", $item); + access::deny(identity::everybody(), "view", $item); + access::deny(identity::registered_users(), "view", $item); - $user = Identity::create_user("access_test", "Access Test", ""); + $user = identity::create_user("access_test", "Access Test", ""); foreach ($user->groups as $group) { $user->remove($group); } @@ -89,10 +89,10 @@ class Access_Helper_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); - access::deny(Identity::everybody(), "view", $item); - access::deny(Identity::registered_users(), "view", $item); + access::deny(identity::everybody(), "view", $item); + access::deny(identity::registered_users(), "view", $item); - $user = Identity::create_user("access_test", "Access Test", ""); + $user = identity::create_user("access_test", "Access Test", ""); foreach ($user->groups as $group) { $user->remove($group); } @@ -121,11 +121,11 @@ class Access_Helper_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $album = album::create($root, rand(), "test album"); - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $photo = photo::create($album, MODPATH . "gallery/images/gallery.png", "", ""); - $this->assert_true($photo->__get("view_" . Identity::everybody()->id)); + $this->assert_true($photo->__get("view_" . identity::everybody()->id)); } public function can_allow_deny_and_reset_intent_test() { @@ -134,23 +134,23 @@ class Access_Helper_Test extends Unit_Test_Case { $intent = ORM::factory("access_intent")->where("item_id", $album)->find(); // Allow - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $this->assert_same(access::ALLOW, $intent->reload()->view_1); // Deny - access::deny(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $album); $this->assert_same( access::DENY, ORM::factory("access_intent")->where("item_id", $album)->find()->view_1); // Allow again. If the initial value was allow, then the first Allow clause above may not // have actually changed any values. - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $this->assert_same( access::ALLOW, ORM::factory("access_intent")->where("item_id", $album)->find()->view_1); - access::reset(Identity::everybody(), "view", $album); + access::reset(identity::everybody(), "view", $album); $this->assert_same( null, ORM::factory("access_intent")->where("item_id", $album)->find()->view_1); @@ -158,7 +158,7 @@ class Access_Helper_Test extends Unit_Test_Case { public function cant_reset_root_item_test() { try { - access::reset(Identity::everybody(), "view", ORM::factory("item", 1)); + access::reset(identity::everybody(), "view", ORM::factory("item", 1)); } catch (Exception $e) { return; } @@ -167,17 +167,17 @@ class Access_Helper_Test extends Unit_Test_Case { public function can_view_item_test() { $root = ORM::factory("item", 1); - access::allow(Identity::everybody(), "view", $root); - $this->assert_true(access::group_can(Identity::everybody(), "view", $root)); + access::allow(identity::everybody(), "view", $root); + $this->assert_true(access::group_can(identity::everybody(), "view", $root)); } public function can_always_fails_on_unloaded_items_test() { $root = ORM::factory("item", 1); - access::allow(Identity::everybody(), "view", $root); - $this->assert_true(access::group_can(Identity::everybody(), "view", $root)); + access::allow(identity::everybody(), "view", $root); + $this->assert_true(access::group_can(identity::everybody(), "view", $root)); $bogus = ORM::factory("item", -1); - $this->assert_false(access::group_can(Identity::everybody(), "view", $bogus)); + $this->assert_false(access::group_can(identity::everybody(), "view", $bogus)); } public function cant_view_child_of_hidden_parent_test() { @@ -185,21 +185,21 @@ class Access_Helper_Test extends Unit_Test_Case { $album = album::create($root, rand(), "test album"); $root->reload(); - access::deny(Identity::everybody(), "view", $root); - access::reset(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $root); + access::reset(identity::everybody(), "view", $album); $album->reload(); - $this->assert_false(access::group_can(Identity::everybody(), "view", $album)); + $this->assert_false(access::group_can(identity::everybody(), "view", $album)); } public function view_permissions_propagate_down_test() { $root = ORM::factory("item", 1); $album = album::create($root, rand(), "test album"); - access::allow(Identity::everybody(), "view", $root); - access::reset(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $root); + access::reset(identity::everybody(), "view", $album); $album->reload(); - $this->assert_true(access::group_can(Identity::everybody(), "view", $album)); + $this->assert_true(access::group_can(identity::everybody(), "view", $album)); } public function can_toggle_view_permissions_propagate_down_test() { @@ -214,18 +214,18 @@ class Access_Helper_Test extends Unit_Test_Case { $album3->reload(); $album4->reload(); - access::allow(Identity::everybody(), "view", $root); - access::deny(Identity::everybody(), "view", $album1); - access::reset(Identity::everybody(), "view", $album2); - access::reset(Identity::everybody(), "view", $album3); - access::reset(Identity::everybody(), "view", $album4); + access::allow(identity::everybody(), "view", $root); + access::deny(identity::everybody(), "view", $album1); + access::reset(identity::everybody(), "view", $album2); + access::reset(identity::everybody(), "view", $album3); + access::reset(identity::everybody(), "view", $album4); $album4->reload(); - $this->assert_false(access::group_can(Identity::everybody(), "view", $album4)); + $this->assert_false(access::group_can(identity::everybody(), "view", $album4)); - access::allow(Identity::everybody(), "view", $album1); + access::allow(identity::everybody(), "view", $album1); $album4->reload(); - $this->assert_true(access::group_can(Identity::everybody(), "view", $album4)); + $this->assert_true(access::group_can(identity::everybody(), "view", $album4)); } public function revoked_view_permissions_cant_be_allowed_lower_down_test() { @@ -234,29 +234,29 @@ class Access_Helper_Test extends Unit_Test_Case { $album2 = album::create($album1, rand(), "test album"); $root->reload(); - access::deny(Identity::everybody(), "view", $root); - access::allow(Identity::everybody(), "view", $album2); + access::deny(identity::everybody(), "view", $root); + access::allow(identity::everybody(), "view", $album2); $album1->reload(); - $this->assert_false(access::group_can(Identity::everybody(), "view", $album1)); + $this->assert_false(access::group_can(identity::everybody(), "view", $album1)); $album2->reload(); - $this->assert_false(access::group_can(Identity::everybody(), "view", $album2)); + $this->assert_false(access::group_can(identity::everybody(), "view", $album2)); } public function can_edit_item_test() { $root = ORM::factory("item", 1); - access::allow(Identity::everybody(), "edit", $root); - $this->assert_true(access::group_can(Identity::everybody(), "edit", $root)); + access::allow(identity::everybody(), "edit", $root); + $this->assert_true(access::group_can(identity::everybody(), "edit", $root)); } public function non_view_permissions_propagate_down_test() { $root = ORM::factory("item", 1); $album = album::create($root, rand(), "test album"); - access::allow(Identity::everybody(), "edit", $root); - access::reset(Identity::everybody(), "edit", $album); - $this->assert_true(access::group_can(Identity::everybody(), "edit", $album)); + access::allow(identity::everybody(), "edit", $root); + access::reset(identity::everybody(), "edit", $album); + $this->assert_true(access::group_can(identity::everybody(), "edit", $album)); } public function non_view_permissions_can_be_revoked_lower_down_test() { @@ -276,36 +276,36 @@ class Access_Helper_Test extends Unit_Test_Case { $outer->reload(); $inner->reload(); - access::allow(Identity::everybody(), "edit", $root); - access::deny(Identity::everybody(), "edit", $outer); - access::allow(Identity::everybody(), "edit", $inner); + access::allow(identity::everybody(), "edit", $root); + access::deny(identity::everybody(), "edit", $outer); + access::allow(identity::everybody(), "edit", $inner); // Outer album is not editable, inner one is. - $this->assert_false(access::group_can(Identity::everybody(), "edit", $outer_photo)); - $this->assert_true(access::group_can(Identity::everybody(), "edit", $inner_photo)); + $this->assert_false(access::group_can(identity::everybody(), "edit", $outer_photo)); + $this->assert_true(access::group_can(identity::everybody(), "edit", $inner_photo)); } public function i_can_edit_test() { // Create a new user that belongs to no groups - $user = Identity::create_user("access_test", "Access Test", ""); + $user = identity::create_user("access_test", "Access Test", ""); foreach ($user->groups as $group) { $user->remove($group); } $user->save(); - Session::set_active_user($user); + identity::set_active_user($user); // This user can't edit anything $root = ORM::factory("item", 1); $this->assert_false(access::can("edit", $root)); // Now add them to a group that has edit permission - $group = Identity::create_group("access_test"); + $group = identity::create_group("access_test"); $group->add($user); $group->save(); access::allow($group, "edit", $root); - $user = Identity::lookup_user($user->id); // reload() does not flush related columns - Session::set_active_user($user); + $user = identity::lookup_user($user->id); // reload() does not flush related columns + identity::set_active_user($user); // And verify that the user can edit. $this->assert_true(access::can("edit", $root)); @@ -317,16 +317,16 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(file_exists($album->file_path() . "/.htaccess")); - access::deny(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $album); $this->assert_true(file_exists($album->file_path() . "/.htaccess")); - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $this->assert_false(file_exists($album->file_path() . "/.htaccess")); - access::deny(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $album); $this->assert_true(file_exists($album->file_path() . "/.htaccess")); - access::reset(Identity::everybody(), "view", $album); + access::reset(identity::everybody(), "view", $album); $this->assert_false(file_exists($album->file_path() . "/.htaccess")); } @@ -338,44 +338,44 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); - access::deny(Identity::everybody(), "view_full", $album); + access::deny(identity::everybody(), "view_full", $album); $this->assert_true(file_exists($album->file_path() . "/.htaccess")); $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); - access::allow(Identity::everybody(), "view_full", $album); + access::allow(identity::everybody(), "view_full", $album); $this->assert_false(file_exists($album->file_path() . "/.htaccess")); $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); - access::deny(Identity::everybody(), "view_full", $album); + access::deny(identity::everybody(), "view_full", $album); $this->assert_true(file_exists($album->file_path() . "/.htaccess")); $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); - access::reset(Identity::everybody(), "view_full", $album); + access::reset(identity::everybody(), "view_full", $album); $this->assert_false(file_exists($album->file_path() . "/.htaccess")); $this->assert_false(file_exists($album->resize_path() . "/.htaccess")); $this->assert_false(file_exists($album->thumb_path() . "/.htaccess")); } public function moved_items_inherit_new_permissions_test() { - Session::set_active_user(Identity::lookup_user_by_name("admin")); + identity::set_active_user(identity::lookup_user_by_name("admin")); $root = ORM::factory("item", 1); $public_album = album::create($root, rand(), "public album"); $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", ""); - access::allow(Identity::everybody(), "view", $public_album); + access::allow(identity::everybody(), "view", $public_album); $root->reload(); // Account for MPTT changes $private_album = album::create($root, rand(), "private album"); - access::deny(Identity::everybody(), "view", $private_album); + access::deny(identity::everybody(), "view", $private_album); $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", ""); // Make sure that we now have a public photo and private photo. - $this->assert_true(access::group_can(Identity::everybody(), "view", $public_photo)); - $this->assert_false(access::group_can(Identity::everybody(), "view", $private_photo)); + $this->assert_true(access::group_can(identity::everybody(), "view", $public_photo)); + $this->assert_false(access::group_can(identity::everybody(), "view", $private_photo)); // Swap the photos item::move($public_photo, $private_album); @@ -391,7 +391,7 @@ class Access_Helper_Test extends Unit_Test_Case { $public_photo->reload(); // Make sure that the public_photo is now private, and the private_photo is now public. - $this->assert_false(access::group_can(Identity::everybody(), "view", $public_photo)); - $this->assert_true(access::group_can(Identity::everybody(), "view", $private_photo)); + $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo)); + $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo)); } } diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index fa46d924..b85b5258 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -45,7 +45,7 @@ class Albums_Controller_Test extends Unit_Test_Case { $_POST["csrf"] = access::csrf_token(); $_POST["slug"] = "new_name"; $_POST["_method"] = "put"; - access::allow(Identity::everybody(), "edit", $root); + access::allow(identity::everybody(), "edit", $root); ob_start(); $controller->_update($this->_album); @@ -69,7 +69,7 @@ class Albums_Controller_Test extends Unit_Test_Case { $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; - access::allow(Identity::everybody(), "edit", $root); + access::allow(identity::everybody(), "edit", $root); try { $controller->_update($this->_album); diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index fc01db91..a364423a 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -23,16 +23,16 @@ class Item_Helper_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $album = album::create($root, rand(), rand(), rand()); $item = self::_create_random_item($album); - Session::set_active_user(Identity::guest()); + identity::set_active_user(identity::guest()); // We can see the item when permissions are granted - access::allow(Identity::everybody(), "view", $album); + access::allow(identity::everybody(), "view", $album); $this->assert_equal( 1, ORM::factory("item")->viewable()->where("id", $item->id)->count_all()); // We can't see the item when permissions are denied - access::deny(Identity::everybody(), "view", $album); + access::deny(identity::everybody(), "view", $album); $this->assert_equal( 0, ORM::factory("item")->viewable()->where("id", $item->id)->count_all()); diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php index 59c3f78a..2e5d7fe3 100644 --- a/modules/gallery/tests/Photos_Controller_Test.php +++ b/modules/gallery/tests/Photos_Controller_Test.php @@ -31,7 +31,7 @@ class Photos_Controller_Test extends Unit_Test_Case { $root = ORM::factory("item", 1); $photo = photo::create( $root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", - "test", "test", Session::active_user()->id, "slug"); + "test", "test", identity::active_user()->id, "slug"); $orig_name = $photo->name; $_POST["filename"] = "test.jpeg"; @@ -40,7 +40,7 @@ class Photos_Controller_Test extends Unit_Test_Case { $_POST["description"] = "new description"; $_POST["slug"] = "new-slug"; $_POST["csrf"] = access::csrf_token(); - access::allow(Identity::everybody(), "edit", $root); + access::allow(identity::everybody(), "edit", $root); ob_start(); $controller->_update($photo); @@ -64,7 +64,7 @@ class Photos_Controller_Test extends Unit_Test_Case { $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; - access::allow(Identity::everybody(), "edit", $root); + access::allow(identity::everybody(), "edit", $root); try { $controller->_update($photo); diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php index 0256fabb..0d8801e5 100644 --- a/modules/gallery/views/kohana_error_page.php +++ b/modules/gallery/views/kohana_error_page.php @@ -57,7 +57,7 @@ <?= t("Something went wrong!") ?> - + admin ?>

diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php index 6695d564..961f44fa 100644 --- a/modules/gallery/views/login.html.php +++ b/modules/gallery/views/login.html.php @@ -8,7 +8,7 @@
  • - + html::mark_clean( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php index 6ed40571..a9a9ef11 100644 --- a/modules/gallery/views/login_ajax.html.php +++ b/modules/gallery/views/login_ajax.html.php @@ -36,7 +36,7 @@
    • - +
    • diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 080f154b..9a40b0b9 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -20,7 +20,7 @@ class notification { static function get_subscription($item_id, $user=null) { if (empty($user)) { - $user = Session::active_user(); + $user = identity::active_user(); } return ORM::factory("subscription") @@ -31,7 +31,7 @@ class notification { static function is_watching($item, $user=null) { if (empty($user)) { - $user = Session::active_user(); + $user = identity::active_user(); } return ORM::factory("subscription") @@ -44,7 +44,7 @@ class notification { static function add_watch($item, $user=null) { if ($item->is_album()) { if (empty($user)) { - $user = Session::active_user(); + $user = identity::active_user(); } $subscription = ORM::factory("subscription"); $subscription->item_id = $item->id; @@ -56,7 +56,7 @@ class notification { static function remove_watch($item, $user=null) { if ($item->is_album()) { if (empty($user)) { - $user = Session::active_user(); + $user = identity::active_user(); } $subscription = ORM::factory("subscription") @@ -81,7 +81,7 @@ class notification { if (empty($subscriber_ids)) { return array(); } - $users = Identity::get_user_list($subscriber_ids); + $users = identity::get_user_list($subscriber_ids); $subscribers = array(); foreach ($users as $user) { diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php index f0530cd9..3a369155 100644 --- a/modules/notification/helpers/notification_event.php +++ b/modules/notification/helpers/notification_event.php @@ -95,7 +95,7 @@ class notification_event_Core { } static function site_menu($menu, $theme) { - if (!Session::active_user()->guest) { + if (!identity::active_user()->guest) { $item = $theme->item(); if ($item && $item->is_album() && access::can("view", $item)) { diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 8b14cfa9..f9da9a16 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -22,8 +22,8 @@ class search_Core { $db = Database::instance(); $q = $db->escape_str($q); - if (!Session::active_user()->admin) { - foreach (Session::group_ids_for_active_user() as $id) { + if (!identity::active_user()->admin) { + foreach (identity::group_ids_for_active_user() as $id) { $fields[] = "`view_$id` = TRUE"; // access::ALLOW } $access_sql = "AND (" . join(" AND ", $fields) . ")"; diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 428065f6..53a3d091 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -103,7 +103,7 @@ class Server_Add_Controller extends Admin_Controller { access::verify_csrf(); $task = ORM::factory("task", $task_id); - if (!$task->loaded || $task->owner_id != Session::active_user()->id) { + if (!$task->loaded || $task->owner_id != identity::active_user()->id) { access::forbidden(); } @@ -207,7 +207,7 @@ class Server_Add_Controller extends Admin_Controller { $task->set("mode", "done"); } - $owner_id = Session::active_user()->id; + $owner_id = identity::active_user()->id; foreach ($entries as $entry) { if (microtime(true) - $start > 0.5) { break; diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php index 8f8b0016..1d883a71 100644 --- a/modules/server_add/helpers/server_add_event.php +++ b/modules/server_add/helpers/server_add_event.php @@ -30,7 +30,7 @@ class server_add_event_Core { $item = $theme->item(); $paths = unserialize(module::get_var("server_add", "authorized_paths")); - if ($item && Session::active_user()->admin && $item->is_album() && !empty($paths) && + if ($item && identity::active_user()->admin && $item->is_album() && !empty($paths) && is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) { $menu->get("add_menu") ->append(Menu::factory("dialog") diff --git a/modules/server_add/helpers/server_add_theme.php b/modules/server_add/helpers/server_add_theme.php index 44681d36..9da8969a 100644 --- a/modules/server_add/helpers/server_add_theme.php +++ b/modules/server_add/helpers/server_add_theme.php @@ -19,7 +19,7 @@ */ class server_add_theme_Core { static function head($theme) { - if (Session::active_user()->admin) { + if (identity::active_user()->admin) { $theme->script("server_add.js"); } } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 258de843..8b96ebd2 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -69,7 +69,7 @@ class Admin_Users_Controller extends Admin_Controller { public function delete_user($id) { access::verify_csrf(); - if ($id == Session::active_user()->id || $id == user::guest()->id) { + if ($id == identity::active_user()->id || $id == user::guest()->id) { access::forbidden(); } @@ -136,7 +136,7 @@ class Admin_Users_Controller extends Admin_Controller { } // An admin can change the admin status for any user but themselves - if ($user->id != Session::active_user()->id) { + if ($user->id != identity::active_user()->id) { $user->admin = $form->edit_user->admin->checked; } $user->save(); @@ -158,7 +158,7 @@ class Admin_Users_Controller extends Admin_Controller { $form = $this->_get_user_edit_form_admin($user); // Don't allow the user to control their own admin bit, else you can lock yourself out - if ($user->id == Session::active_user()->id) { + if ($user->id == identity::active_user()->id) { $form->edit_user->admin->disabled(1); } print $form; diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index a8f1c5ca..6bef1a17 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -46,7 +46,7 @@ class Password_Controller extends Controller { $valid = $form->validate(); if ($valid) { - $user = Identity::lookup_user_by_name($form->reset->inputs["name"]->value); + $user = identity::lookup_user_by_name($form->reset->inputs["name"]->value); if (!$user->loaded || empty($user->email)) { $form->reset->inputs["name"]->add_error("no_email", 1); $valid = false; diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 0ccf3e2a..dee54f63 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -21,7 +21,7 @@ class Users_Controller extends Controller { public function update($id) { $user = user::lookup($id); - if ($user->guest || $user->id != Session::active_user()->id) { + if ($user->guest || $user->id != identity::active_user()->id) { access::forbidden(); } @@ -59,7 +59,7 @@ class Users_Controller extends Controller { public function form_edit($id) { $user = user::lookup($id); - if ($user->guest || $user->id != Session::active_user()->id) { + if ($user->guest || $user->id != identity::active_user()->id) { access::forbidden(); } diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 8ad52564..567b2ee4 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -25,7 +25,10 @@ */ class group_Core { /** - * @see Identity_Driver::create. + * Create a new group. + * + * @param string $name + * @return Group_Definition the group object */ static function create($name) { $group = ORM::factory("group")->where("name", $name)->find(); @@ -39,14 +42,18 @@ class group_Core { } /** - * @see Identity_Driver::everbody. + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Definition the group object */ static function everybody() { return model_cache::get("group", 1); } /** - * @see Identity_Driver::registered_users. + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Definition the group object */ static function registered_users() { return model_cache::get("group", 2); @@ -71,7 +78,10 @@ class group_Core { } /** - * @see Identity_Driver::get_group_list. + * Search the groups by the field and value. + * @param string $field_name column to look up the user by + * @param string $value value to match + * @return Group_Definition the group object, or null if the name was invalid. */ static function lookup_by_field($field_name, $value) { try { diff --git a/modules/user/libraries/drivers/Identity/Gallery.php b/modules/user/libraries/drivers/Identity/Gallery.php deleted file mode 100644 index 36f37543..00000000 --- a/modules/user/libraries/drivers/Identity/Gallery.php +++ /dev/null @@ -1,150 +0,0 @@ -password; - - // Try phpass first, since that's what we generate. - if (strlen($valid) == 34) { - require_once(MODPATH . "user/lib/PasswordHash.php"); - $hashGenerator = new PasswordHash(10, true); - return $hashGenerator->CheckPassword($password, $valid); - } - - $salt = substr($valid, 0, 4); - // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: - $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); - if (!strcmp($guess, $valid)) { - return true; - } - - // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities - $sanitizedPassword = html::specialchars($password, false); - $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) - : ($salt . md5($salt . $sanitizedPassword)); - if (!strcmp($guess, $valid)) { - return true; - } - - return false; - } - - /** - * @see Identity_Driver::lookup_user. - */ - public function lookup_user($id) { - return user::lookup_by_field("id", $id); - } - - /** - * @see Identity_Driver::lookup_user_by_name. - */ - public function lookup_user_by_name($name) { - return user::lookup_by_field("name", $name); - } - - /** - * @see Identity_Driver::create_group. - */ - public function create_group($name) { - return group::create($name); - } - - /** - * @see Identity_Driver::everybody. - */ - public function everybody() { - return group::everybody(); - } - - /** - * @see Identity_Driver::registered_users. - */ - public function registered_users() { - return group::registered_users(); - } - - /** - * @see Identity_Driver::lookup_group. - */ - public function lookup_group($id) { - return group::lookup_by_field("id", $id); - } - - /** - * @see Identity_Driver::lookup_group_by_name. - */ - public function lookup_group_by_name($name) { - return group::lookup_by_field("name", $name); - } - - /** - * @see Identity_Driver::get_user_list. - */ - public function get_user_list($ids) { - return ORM::factory("user") - ->in("id", $ids) - ->find_all() - ->as_array(); - } - - /** - * @see Identity_Driver::groups. - */ - public function groups() { - return ORM::factory("group")->find_all(); - } - -} // End Identity Gallery Driver - diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php new file mode 100644 index 00000000..5941abb7 --- /dev/null +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -0,0 +1,150 @@ +password; + + // Try phpass first, since that's what we generate. + if (strlen($valid) == 34) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->CheckPassword($password, $valid); + } + + $salt = substr($valid, 0, 4); + // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: + $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); + if (!strcmp($guess, $valid)) { + return true; + } + + // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities + $sanitizedPassword = html::specialchars($password, false); + $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) + : ($salt . md5($salt . $sanitizedPassword)); + if (!strcmp($guess, $valid)) { + return true; + } + + return false; + } + + /** + * @see IdentityProvider_Driver::lookup_user. + */ + public function lookup_user($id) { + return user::lookup_by_field("id", $id); + } + + /** + * @see IdentityProvider_Driver::lookup_user_by_name. + */ + public function lookup_user_by_name($name) { + return user::lookup_by_field("name", $name); + } + + /** + * @see IdentityProvider_Driver::create_group. + */ + public function create_group($name) { + return group::create($name); + } + + /** + * @see IdentityProvider_Driver::everybody. + */ + public function everybody() { + return group::everybody(); + } + + /** + * @see IdentityProvider_Driver::registered_users. + */ + public function registered_users() { + return group::registered_users(); + } + + /** + * @see IdentityProvider_Driver::lookup_group. + */ + public function lookup_group($id) { + return group::lookup_by_field("id", $id); + } + + /** + * @see IdentityProvider_Driver::lookup_group_by_name. + */ + public function lookup_group_by_name($name) { + return group::lookup_by_field("name", $name); + } + + /** + * @see IdentityProvider_Driver::get_user_list. + */ + public function get_user_list($ids) { + return ORM::factory("user") + ->in("id", $ids) + ->find_all() + ->as_array(); + } + + /** + * @see IdentityProvider_Driver::groups. + */ + public function groups() { + return ORM::factory("group")->find_all(); + } + +} // End Identity Gallery Driver + diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index ee8d413c..fed92c5e 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -91,7 +91,7 @@ open_text="" class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left"> - id != $user->id && !$user->guest): ?> + id != $user->id && !$user->guest): ?> id") ?>" class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> -- cgit v1.2.3 From b74b131e25ca0ddb42d2545a5d0ea2d796452f1d Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 22 Oct 2009 22:29:56 -0700 Subject: Change Identity adminstration to use the uninstall/install methods when changing providers. --- modules/gallery/controllers/admin_identity.php | 19 +++-- modules/gallery/helpers/identity.php | 34 ++++----- modules/gallery/helpers/module.php | 4 +- modules/gallery/libraries/IdentityProvider.php | 26 ++----- .../gallery/libraries/drivers/IdentityProvider.php | 10 --- modules/gallery/views/admin_identity.html.php | 4 +- .../gallery/views/admin_identity_confirm.html.php | 2 +- modules/user/helpers/user.php | 85 ---------------------- modules/user/helpers/user_installer.php | 76 +++++++++++++++++-- .../libraries/drivers/IdentityProvider/Gallery.php | 16 +--- 10 files changed, 110 insertions(+), 166 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/controllers/admin_identity.php b/modules/gallery/controllers/admin_identity.php index d06132ff..0521a0f8 100644 --- a/modules/gallery/controllers/admin_identity.php +++ b/modules/gallery/controllers/admin_identity.php @@ -47,23 +47,26 @@ class Admin_Identity_Controller extends Admin_Controller { module::event("pre_identity_change", $active_provider, $new_provider); - identity::deactivate(); + module::deactivate($active_provider); + module::uninstall($active_provider); + + try { + Session::instance()->destroy(); + } catch (Exception $e) { + // We don't care if there was a problem destroying the session. + } // Switch authentication - module::set_var("gallery", "identity_provider", $new_provider); identity::reset(); + module::set_var("gallery", "identity_provider", $new_provider); - identity::activate(); + module::install($new_provider); + module::activate($new_provider); // @todo this type of collation is questionable from an i18n perspective message::success(t("Changed to %description", array("description" => $providers->$new_provider))); - try { - Session::instance()->destroy(); - } catch (Exception $e) { - // We don't care if there was a problem destroying the session. - } url::redirect(item::root()->abs_url()); } diff --git a/modules/gallery/helpers/identity.php b/modules/gallery/helpers/identity.php index cf84c8a9..d0cba8e7 100644 --- a/modules/gallery/helpers/identity.php +++ b/modules/gallery/helpers/identity.php @@ -39,6 +39,16 @@ class identity_Core { return self::$available; } + /** + * Frees the current instance of the identity provider so the next call to instance will reload + * + * @param string configuration + * @return Identity_Core + */ + static function reset() { + IdentityProvider::reset(); + } + /** * Make sure that we have a session and group_ids cached in the session. */ @@ -71,12 +81,12 @@ class identity_Core { $session->set("group_ids", $ids); } //} catch (Exception $e) { - //try { - //Session::instance()->destroy(); - //} catch (Exception $e) { + // try { + // Session::instance()->destroy(); + // } catch (Exception $e) { // We don't care if there was a problem destroying the session. - //} - //url::redirect(item::root()->abs_url()); + // } + // url::redirect(item::root()->abs_url()); //} } @@ -125,20 +135,6 @@ class identity_Core { return IdentityProvider::instance()->is_writable(); } - /** - * @see IdentityProvider_Driver::activate. - */ - static function activate() { - IdentityProvider::instance()->activate(); - } - - /** - * @see IdentityProvider_Driver::deactivate. - */ - static function deactivate() { - IdentityProvider::instance()->deactivate(); - } - /** * @see IdentityProvider_Driver::guest. */ diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 1d77e63d..9d41cd51 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -130,6 +130,8 @@ class module_Core { array_unshift($kohana_modules, MODPATH . $module_name); Kohana::config_set("core.modules", $kohana_modules); + // Rebuild the include path so the module installer can benefit from auto loading + Kohana::include_paths(true); $installer_class = "{$module_name}_installer"; if (method_exists($installer_class, "install")) { call_user_func_array(array($installer_class, "install"), array()); @@ -154,7 +156,7 @@ class module_Core { */ static function upgrade($module_name) { $kohana_modules = Kohana::config("core.modules"); - array_unshift($kohana_modules, MODPATH . $module_name); + $kohana_modules = array_unshift($kohana_modules, MODPATH . $module_name); Kohana::config_set("core.modules", $kohana_modules); $version_before = module::get_version($module_name); diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php index 512f28eb..38718d4b 100644 --- a/modules/gallery/libraries/IdentityProvider.php +++ b/modules/gallery/libraries/IdentityProvider.php @@ -38,7 +38,7 @@ class IdentityProvider_Core { * @return Identity_Core */ static function & instance() { - if (!isset(self::$instance)) { + if (empty(self::$instance)) { // Create a new instance self::$instance = new IdentityProvider(); } @@ -47,14 +47,14 @@ class IdentityProvider_Core { } /** - * Returns a singleton instance of Identity. - * There can only be one Identity driver configured at a given point + * Frees the current instance of the identity provider so the next call to instance will reload * * @param string configuration * @return Identity_Core */ static function reset() { - self::$instance = new IdentityProvider(); + self::$instance = null; + Kohana::config_clear("identity"); } /** @@ -66,12 +66,12 @@ class IdentityProvider_Core { $config = module::get_var("gallery", "identity_provider", "user"); // Test the config group name - if (($this->config = Kohana::config("identity.".$config)) === NULL) { + if (($this->config = Kohana::config("identity." . $config)) === NULL) { throw new Exception("@todo NO USER LIBRARY CONFIGURATION FOR: $config"); } // Set driver name - $driver = "IdentityProvider_".ucfirst($this->config["driver"])."_Driver"; + $driver = "IdentityProvider_" . ucfirst($this->config["driver"]) ."_Driver"; // Load the driver if ( ! Kohana::auto_load($driver)) { @@ -100,20 +100,6 @@ class IdentityProvider_Core { return !empty($this->config["allow_updates"]); } - /** - * @see IdentityProvider_Driver::activate. - */ - public function activate() { - $this->driver->activate(); - } - - /** - * @see IdentityProvider_Driver::deactivate. - */ - public function deactivate() { - $this->driver->deactivate(); - } - /** * @see IdentityProvider_Driver::guest. */ diff --git a/modules/gallery/libraries/drivers/IdentityProvider.php b/modules/gallery/libraries/drivers/IdentityProvider.php index 8a578d1b..5bb41dcc 100644 --- a/modules/gallery/libraries/drivers/IdentityProvider.php +++ b/modules/gallery/libraries/drivers/IdentityProvider.php @@ -18,16 +18,6 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ interface IdentityProvider_Driver { - /** - * Initialize the provider so it is ready to use - */ - public function activate(); - - /** - * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver - */ - public function deactivate(); - /** * Return the guest user. * diff --git a/modules/gallery/views/admin_identity.html.php b/modules/gallery/views/admin_identity.html.php index 1405cacb..358860cf 100644 --- a/modules/gallery/views/admin_identity.html.php +++ b/modules/gallery/views/admin_identity.html.php @@ -10,7 +10,7 @@ $("#g-dialog").html(data); $("#g-dialog").dialog({ bgiframe: true, - title: "", + title: for_js() ?>, resizable: false, height:165, modal: true, @@ -34,7 +34,7 @@
    -

    +

    diff --git a/modules/gallery/views/admin_identity_confirm.html.php b/modules/gallery/views/admin_identity_confirm.html.php index e14525b5..54aae9c8 100644 --- a/modules/gallery/views/admin_identity_confirm.html.php +++ b/modules/gallery/views/admin_identity_confirm.html.php @@ -4,7 +4,7 @@

    - +

    diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 5f154313..5ef2b726 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -24,91 +24,6 @@ * Note: by design, this class does not do any permission checking. */ class user_Core { - /** - * Initialize the provider so it is ready to use - */ - static function activate() { - $db = Database::instance(); - $db->query("CREATE TABLE IF NOT EXISTS {users} ( - `id` int(9) NOT NULL auto_increment, - `name` varchar(32) NOT NULL, - `full_name` varchar(255) NOT NULL, - `password` varchar(64) NOT NULL, - `login_count` int(10) unsigned NOT NULL DEFAULT 0, - `last_login` int(10) unsigned NOT NULL DEFAULT 0, - `email` varchar(64) default NULL, - `admin` BOOLEAN default 0, - `guest` BOOLEAN default 0, - `hash` char(32) default NULL, - `url` varchar(255) default NULL, - `locale` char(10) default NULL, - PRIMARY KEY (`id`), - UNIQUE KEY(`hash`), - UNIQUE KEY(`name`)) - DEFAULT CHARSET=utf8;"); - - $db->query("CREATE TABLE IF NOT EXISTS {groups} ( - `id` int(9) NOT NULL auto_increment, - `name` char(64) default NULL, - `special` BOOLEAN default 0, - PRIMARY KEY (`id`), - UNIQUE KEY(`name`)) - DEFAULT CHARSET=utf8;"); - - $db->query("CREATE TABLE IF NOT EXISTS {groups_users} ( - `group_id` int(9) NOT NULL, - `user_id` int(9) NOT NULL, - PRIMARY KEY (`group_id`, `user_id`), - UNIQUE KEY(`user_id`, `group_id`)) - DEFAULT CHARSET=utf8;"); - - $everybody = group::create("Everybody"); - $everybody->special = true; - $everybody->save(); - - $registered = group::create("Registered Users"); - $registered->special = true; - $registered->save(); - - $guest = user::create("guest", "Guest User", ""); - $guest->guest = true; - $guest->remove($registered); - $guest->save(); - - $admin = user::create("admin", "Gallery Administrator", "admin"); - $admin->admin = true; - $admin->save(); - - // Let the admin own everything - $db->query("update {items} set owner_id = {$admin->id}"); - - $root = ORM::factory("item", 1); - access::allow($everybody, "view", $root); - access::allow($everybody, "view_full", $root); - - access::allow($registered, "view", $root); - access::allow($registered, "view_full", $root); - } - - /** - * Cleanup up this provider so it is unavailable for use and won't conflict with the current driver - */ - static function deactivate() { - // Delete all users and groups so that we give other modules an opportunity to clean up - foreach (ORM::factory("user")->find_all() as $user) { - $user->delete(); - } - - foreach (ORM::factory("group")->find_all() as $group) { - $group->delete(); - } - - $db = Database::instance(); - $db->query("DROP TABLE IF EXISTS {users};"); - $db->query("DROP TABLE IF EXISTS {groups};"); - $db->query("DROP TABLE IF EXISTS {groups_users};"); - } - /** * Return the guest user. * diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index 1410f1ef..36c617a8 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -19,18 +19,84 @@ */ class user_installer { static function install() { + $db = Database::instance(); + $db->query("CREATE TABLE IF NOT EXISTS {users} ( + `id` int(9) NOT NULL auto_increment, + `name` varchar(32) NOT NULL, + `full_name` varchar(255) NOT NULL, + `password` varchar(64) NOT NULL, + `login_count` int(10) unsigned NOT NULL DEFAULT 0, + `last_login` int(10) unsigned NOT NULL DEFAULT 0, + `email` varchar(64) default NULL, + `admin` BOOLEAN default 0, + `guest` BOOLEAN default 0, + `hash` char(32) default NULL, + `url` varchar(255) default NULL, + `locale` char(10) default NULL, + PRIMARY KEY (`id`), + UNIQUE KEY(`hash`), + UNIQUE KEY(`name`)) + DEFAULT CHARSET=utf8;"); + + $db->query("CREATE TABLE IF NOT EXISTS {groups} ( + `id` int(9) NOT NULL auto_increment, + `name` char(64) default NULL, + `special` BOOLEAN default 0, + PRIMARY KEY (`id`), + UNIQUE KEY(`name`)) + DEFAULT CHARSET=utf8;"); + + $db->query("CREATE TABLE IF NOT EXISTS {groups_users} ( + `group_id` int(9) NOT NULL, + `user_id` int(9) NOT NULL, + PRIMARY KEY (`group_id`, `user_id`), + UNIQUE KEY(`user_id`, `group_id`)) + DEFAULT CHARSET=utf8;"); + + $everybody = group::create("Everybody"); + $everybody->special = true; + $everybody->save(); + + $registered = group::create("Registered Users"); + $registered->special = true; + $registered->save(); + + $guest = user::create("guest", "Guest User", ""); + $guest->guest = true; + $guest->remove($registered); + $guest->save(); + + $admin = user::create("admin", "Gallery Administrator", "admin"); + $admin->admin = true; + $admin->save(); + + // Let the admin own everything + $db->query("update {items} set owner_id = {$admin->id}"); + + $root = ORM::factory("item", 1); + access::allow($everybody, "view", $root); + access::allow($everybody, "view_full", $root); + + access::allow($registered, "view", $root); + access::allow($registered, "view_full", $root); user::activate(); module::set_var("gallery", "identity_provider", "user"); module::set_version("user", 1); } static function uninstall() { - user::deactivate(); + // Delete all users and groups so that we give other modules an opportunity to clean up + foreach (ORM::factory("user")->find_all() as $user) { + $user->delete(); + } - try { - Session::instance()->destroy(); - } catch (Exception $e) { - // We don't care if there was a problem destroying the session. + foreach (ORM::factory("group")->find_all() as $group) { + $group->delete(); } + + $db = Database::instance(); + $db->query("DROP TABLE IF EXISTS {users};"); + $db->query("DROP TABLE IF EXISTS {groups};"); + $db->query("DROP TABLE IF EXISTS {groups_users};"); } } \ No newline at end of file diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index 5941abb7..026f04e9 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -20,21 +20,7 @@ /* * Based on the Cache_Sqlite_Driver developed by the Kohana Team */ -class Identity_Gallery_Driver implements IdentityProvider_Driver { - /** - * @see IdentityProvider_Driver::activate. - */ - public function activate() { - user::activate(); - } - - /** - * @see IdentityProvider_Driver::deactivate. - */ - public function deactivate() { - user::deactivate(); - } - +class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { /** * @see IdentityProvider_Driver::guest. */ -- cgit v1.2.3 From c24d01bb9cb8c5bcccfe8a8bf944038dc15cf433 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 23 Oct 2009 10:52:42 -0700 Subject: Standardize the use of the lookup methods --- modules/user/helpers/group.php | 6 +++--- modules/user/libraries/drivers/IdentityProvider/Gallery.php | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/user/libraries/drivers') diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 567b2ee4..e65b6c96 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -65,7 +65,7 @@ class group_Core { * @return Group_Definition the group object, or null if the id was invalid. */ static function lookup($id) { - return self::lookup_by_field("id", $id); + return self::_lookup_by_field("id", $id); } /** @@ -74,7 +74,7 @@ class group_Core { * @return Group_Definition the group object, or null if the name was invalid. */ static function lookup_by_name($name) { - return self::lookup_by_field("name", $name); + return self::_lookup_by_field("name", $name); } /** @@ -83,7 +83,7 @@ class group_Core { * @param string $value value to match * @return Group_Definition the group object, or null if the name was invalid. */ - static function lookup_by_field($field_name, $value) { + private function _lookup_by_field($field_name, $value) { try { $user = model_cache::get("group", $value, $field_name); if ($user->loaded) { diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index 026f04e9..c789e8ea 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -70,14 +70,14 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { * @see IdentityProvider_Driver::lookup_user. */ public function lookup_user($id) { - return user::lookup_by_field("id", $id); + return user::lookup($id); } /** * @see IdentityProvider_Driver::lookup_user_by_name. */ public function lookup_user_by_name($name) { - return user::lookup_by_field("name", $name); + return user::lookup_by_name($name); } /** @@ -105,14 +105,14 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { * @see IdentityProvider_Driver::lookup_group. */ public function lookup_group($id) { - return group::lookup_by_field("id", $id); + return group::lookup($id); } /** * @see IdentityProvider_Driver::lookup_group_by_name. */ public function lookup_group_by_name($name) { - return group::lookup_by_field("name", $name); + return group::lookup_by_name($name); } /** -- cgit v1.2.3 From 0bb2b7659f8cb0c117d01958c7fec95a80e83a02 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 29 Oct 2009 11:12:55 -0700 Subject: Add the admin_user api function to the identity helper and the IdentityProvider interface. --- modules/gallery/helpers/identity.php | 7 +++++++ modules/gallery/libraries/IdentityProvider.php | 7 +++++++ modules/gallery/libraries/drivers/IdentityProvider.php | 7 +++++++ modules/user/libraries/drivers/IdentityProvider/Gallery.php | 7 +++++++ 4 files changed, 28 insertions(+) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/identity.php b/modules/gallery/helpers/identity.php index 4ebc6de8..3030bd3d 100644 --- a/modules/gallery/helpers/identity.php +++ b/modules/gallery/helpers/identity.php @@ -144,6 +144,13 @@ class identity_Core { return IdentityProvider::instance()->guest(); } + /** + * @see IdentityProvider_Driver::admin_user. + */ + static function admin_user() { + return IdentityProvider::instance()->admin_user(); + } + /** * @see IdentityProvider_Driver::create_user. */ diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php index 24c849c1..8521702d 100644 --- a/modules/gallery/libraries/IdentityProvider.php +++ b/modules/gallery/libraries/IdentityProvider.php @@ -107,6 +107,13 @@ class IdentityProvider_Core { return $this->driver->guest(); } + /** + * @see IdentityProvider_Driver::admin_user. + */ + public function admin_user() { + return $this->driver->admin_user(); + } + /** * @see IdentityProvider_Driver::create_user. */ diff --git a/modules/gallery/libraries/drivers/IdentityProvider.php b/modules/gallery/libraries/drivers/IdentityProvider.php index c951293d..739c7f6a 100644 --- a/modules/gallery/libraries/drivers/IdentityProvider.php +++ b/modules/gallery/libraries/drivers/IdentityProvider.php @@ -25,6 +25,13 @@ interface IdentityProvider_Driver { */ public function guest(); + /** + * Return the admins user. + * + * @return User_Definition the user object + */ + public function admin_user(); + /** * Create a new user. * diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index c789e8ea..f133a32a 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -28,6 +28,13 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { return user::guest(); } + /** + * @see IdentityProvider_Driver::guest. + */ + public function admin_user() { + return self::lookup_user(2); + } + /** * @see IdentityProvider_Driver::create_user. */ -- cgit v1.2.3 From c6fbd34f28f9d02f38a6c6cacbcd72fa34eee591 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 29 Oct 2009 19:16:08 -0700 Subject: Add the add_user_to_group and remove_user_from_group api method calls. If the identity provider isn't writable, the method implementations should throw an Invalid Operation exception. --- modules/gallery/helpers/identity.php | 14 ++++++++++++++ modules/gallery/libraries/IdentityProvider.php | 14 ++++++++++++++ modules/gallery/libraries/drivers/IdentityProvider.php | 13 +++++++++++++ .../libraries/drivers/IdentityProvider/Gallery.php | 18 ++++++++++++++++++ 4 files changed, 59 insertions(+) (limited to 'modules/user/libraries/drivers') diff --git a/modules/gallery/helpers/identity.php b/modules/gallery/helpers/identity.php index 0111cb1a..72e3312d 100644 --- a/modules/gallery/helpers/identity.php +++ b/modules/gallery/helpers/identity.php @@ -227,4 +227,18 @@ class identity_Core { static function groups() { return IdentityProvider::instance()->groups(); } + + /** + * @see IdentityProvider_Driver::add_user_to_group. + */ + static function add_user_to_group($user, $group_id) { + return IdentityProvider::instance()->add_user_to_group($user, $group_id); + } + + /** + * @see IdentityProvider_Driver::remove_user_to_group. + */ + static function remove_user_from_group($user, $group_id) { + return IdentityProvider::instance()->remove_user_from_group($user, $group_id); + } } \ No newline at end of file diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php index 3bb4fcf5..aa519bd3 100644 --- a/modules/gallery/libraries/IdentityProvider.php +++ b/modules/gallery/libraries/IdentityProvider.php @@ -190,4 +190,18 @@ class IdentityProvider_Core { public function groups() { return $this->driver->groups(); } + + /** + * @see IdentityProvider_Driver::add_user_to_group. + */ + public function add_user_to_group($user, $group_id) { + return $this->driver->add_user_to_group($user, $group_id); + } + + /** + * @see IdentityProvider_Driver::remove_user_to_group. + */ + public function remove_user_from_group($user, $group_id) { + return $this->driver->remove_user_from_group($user, $group_id); + } } // End Identity diff --git a/modules/gallery/libraries/drivers/IdentityProvider.php b/modules/gallery/libraries/drivers/IdentityProvider.php index 739c7f6a..a808c7e8 100644 --- a/modules/gallery/libraries/drivers/IdentityProvider.php +++ b/modules/gallery/libraries/drivers/IdentityProvider.php @@ -113,6 +113,19 @@ interface IdentityProvider_Driver { */ public function groups(); + /** + * Add the user to the specified group + * @param User_Definition the user to add to the group + * @param int the group_id + */ + static function add_user_to_group($user, $group_id); + + /** + * Remove the user to the specified group + * @param User_Definition the user to add to the group + * @param int the group id + */ + static function remove_user_from_group($user, $group_id); } // End Identity Driver Definition interface Group_Definition {} diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index f133a32a..f02c53a2 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -139,5 +139,23 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { return ORM::factory("group")->find_all(); } + /** + * @see IdentityProvider_Driver::add_user_to_group. + */ + static function add_user_to_group($user, $group_id) { + $group = self::lookup_group($group_id); + + $group->add($user); + $group->save(); + } + + /** + * @see IdentityProvider_Driver::remove_user_to_group. + */ + static function remove_user_from_group($user, $group_id) { + $group = self::lookup_group_by_name($group_id); + $group->remove($user); + $group->save(); + } } // End Identity Gallery Driver -- cgit v1.2.3