is_album()) { access::forbidden(); } $view = new View("permissions_browse.html"); $view->item = $item; $view->parents = $item->parents(); $view->form = $this->_get_form($item); print $view; } function form($id) { $item = ORM::factory("item", $id); access::required("edit", $item); if (!$item->is_album()) { access::forbidden(); } print $this->_get_form($item); } function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); $group = ORM::factory("group", $group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("edit", $item); if ($group->loaded && $perm->loaded && $item->loaded) { switch($command) { case "allow": access::allow($group, $perm->name, $item); break; case "deny": access::deny($group, $perm->name, $item); break; case "reset": access::reset($group, $perm->name, $item); break; } } } function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; $view->groups = ORM::factory("group")->find_all(); $view->permissions = ORM::factory("permission")->find_all(); return $view; } }