1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Permissions_Controller extends Controller {
function browse($id) {
$item = ORM::factory("item", $id);
access::required("view", $item);
access::required("edit", $item);
if (!$item->is_album()) {
access::forbidden();
}
$view = new View("permissions_browse.html");
$view->htaccess_works = access::htaccess_works();
$view->item = $item;
$view->parents = $item->parents();
$view->form = $this->_get_form($item);
print $view;
}
function form($id) {
$item = ORM::factory("item", $id);
access::required("view", $item);
access::required("edit", $item);
if (!$item->is_album()) {
access::forbidden();
}
print $this->_get_form($item);
}
function change($command, $group_id, $perm_id, $item_id) {
access::verify_csrf();
$group = ORM::factory("group", $group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
if ($group->loaded && $perm->loaded && $item->loaded) {
switch($command) {
case "allow":
access::allow($group, $perm->name, $item);
break;
case "deny":
access::deny($group, $perm->name, $item);
break;
case "reset":
access::reset($group, $perm->name, $item);
break;
}
// If the active user just took away their own edit permissions, give it back.
if ($perm->name == "edit") {
if (!access::user_can(user::active(), "edit", $item)) {
access::allow($group, $perm->name, $item);
}
}
}
}
function _get_form($item) {
$view = new View("permissions_form.html");
$view->item = $item;
$view->groups = ORM::factory("group")->find_all();
$view->permissions = ORM::factory("permission")->find_all();
return $view;
}
}
|
