public/gallery3-contrib
Archived
1
0
Fork 0
Code Releases Activity

Clean up style and whitespace to conform to Gallery 3 conventions. No

Browse Source 
major structural changes.  Added some missing security.
This commit is contained in:
Bharat Mediratta 2010-12-17 13:25:40 -08:00
parent 0f6fbf7bb2
commit 2609cae190
1 changed files with 297 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

299
3.0/modules/webdav/controllers/webdav.php
View File

@ -1,160 +1,165 @@
<?php defined("SYSPATH") or die("No direct script access."); <?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2010 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
require_once(MODPATH . "webdav/libraries/Sabre/autoload.php");
set_include_path(get_include_path() . PATH_SEPARATOR . dirname(__FILE__) . '/../libraries/'); class WebDAV_Controller extends Controller {
include 'Sabre/autoload.php'; public function index() {
$root = new Gallery3_Album("");
class webdav_Controller extends Controller { $tree = new Gallery3_DAV_Tree($root);
public function gallery() {
$root = new Gallery3Album('');
$tree = new Gallery3DAVTree($root);
// Skip the lock plugin for now, we don't want Finder to get write support for the time being. // Skip the lock plugin for now, we don't want Finder to get write support for the time being.
//$lock_backend = new Sabre_DAV_Locks_Backend_FS(TMPPATH . 'sabredav'); // $lock_backend = new Sabre_DAV_Locks_Backend_FS(TMPPATH . "sabredav");
// $lock = new Sabre_DAV_Locks_Plugin($lock_backend); // $lock = new Sabre_DAV_Locks_Plugin($lock_backend);
$filter = new Sabre_DAV_TemporaryFileFilterPlugin(TMPPATH . 'sabredav'); $filter = new Sabre_DAV_TemporaryFileFilterPlugin(TMPPATH . "sabredav");
$server = new Sabre_DAV_Server($tree); $server = new Sabre_DAV_Server($tree);
#$server = new Gallery3DAV($tree); $server->setBaseUri(url::site("/"));
$server->setBaseUri(url::site('webdav/gallery'));
// $server->addPlugin($lock); // $server->addPlugin($lock);
$server->addPlugin($filter); $server->addPlugin($filter);
$this->doAuthenticate(); if ($this->_authenticate()) {
$server->exec(); $server->exec();
} }
}
private function doAuthenticate() { private function _authenticate() {
$auth = new Sabre_HTTP_BasicAuth(); $auth = new Sabre_HTTP_BasicAuth();
$auth->setRealm('Gallery3'); $auth->setRealm(item::root()->title);
$authResult = $auth->getUserPass(); $authResult = $auth->getUserPass();
list($username, $password) = $authResult; list($username, $password) = $authResult;
if ($username == '' || $password == '') { if (!$username || !$password) {
$auth->requireLogin(); $auth->requireLogin();
die; return false;
} }
$user = identity::lookup_user_by_name($username); $user = identity::lookup_user_by_name($username);
if (empty($user) || !identity::is_correct_password($user, $password)) { if (empty($user) || !identity::is_correct_password($user, $password)) {
$auth->requireLogin(); $auth->requireLogin();
die; return false;
} }
identity::set_active_user($user); identity::set_active_user($user);
return $user; return true;
} }
} }
class Gallery3DAVCache { class Gallery3_DAV_Cache {
protected static $cache; private static $cache;
private static $instance; private static $instance;
private function __construct() { private function __construct() {
$this->cache = array(); self::$cache = array();
} }
private function encodePath($path) public static function instance() {
{
$path = trim($path, '/');
$encodedArray = array();
foreach (split('/', $path) as $part)
{
$encodedArray[] = rawurlencode($part);
}
$path = join('/', $encodedArray);
return $path;
}
public function getAlbumOf($path) {
$path = substr($path, 0, strrpos($path, '/'));
return $this->getItemAt($path);
}
public function getItemAt($path)
{
$path = trim($path, '/');
$path = $this->encodePath($path);
if (isset($this->cache[$path])) {
return $this->cache[$path];
}
$item = ORM::factory("item")
->where("relative_path_cache", "=", $path)
->find();
$this->cache[$path] = $item;
return $item;
}
public static function singleton() {
if (!isset(self::$instance)) { if (!isset(self::$instance)) {
$c = __CLASS__; self::$instance = new Gallery3_DAV_Cache();
self::$instance = new $c;
} }
return self::$instance; return self::$instance;
} }
public function __clone() {} private function encode_path($path) {
$path = trim($path, "/");
$encoded_array = array();
foreach (explode("/", $path) as $part) {
$encoded_array[] = rawurlencode($part);
} }
class Gallery3DAVTree extends Sabre_DAV_Tree { return join("/", $encoded_array);
protected $rootNode;
public function __construct(Sabre_DAV_ICollection $rootNode) {
$this->cache = Gallery3DAVCache::singleton();
$this->rootNode = $rootNode;
} }
public function to_album($path) {
$path = substr($path, 0, strrpos($path, "/"));
return $this->to_item($path);
}
public function to_item($path) {
$path = trim($path, "/");
$path = $this->encode_path($path);
if (!isset(self::$cache[$path])) {
self::$cache[$path] = ORM::factory("item")
->viewable()
->where("relative_path_cache", "=", $path)
->find();
}
return self::$cache[$path];
}
public function __clone() {
}
}
class Gallery3_DAV_Tree extends Sabre_DAV_Tree {
protected $root_node;
public function __construct(Sabre_DAV_ICollection $root_node) {
$this->cache = Gallery3_DAV_Cache::instance();
$this->root_node = $root_node;
}
public function move($source, $target) { public function move($source, $target) {
$sourceItem = $this->cache->getItemAt($source); $source_item = $this->cache->to_item($source);
$targetItem = $this->cache->getAlbumOf($target); $target_item = $this->cache->to_album($target);
if (! access::can('view', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; try {
if (! access::can('edit', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; access::required("view", $sourceItem);
if (! access::can('view', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; access::required("edit", $sourceItem);
if (! access::can('edit', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; access::required("view", $targetItem);
access::required("edit", $targetItem);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
$sourceItem->parent_id = $targetItem->id; $source_item->parent_id = $targetItem->id;
$sourceItem->save(); $source_item->save();
return true; return true;
} }
public function getNodeForPath($path) { public function getNodeForPath($path) {
$path = trim($path,"/");
$item = $this->cache->to_item($path);
$path = trim($path,'/'); if (!$item->loaded()) {
throw new Sabre_DAV_Exception_FileNotFound("Could not find node at path: $path");
$currentNode = $this->rootNode;
$item = $this->cache->getItemAt($path);
if (! $item->id) {
throw new Sabre_DAV_Exception_FileNotFound('Could not find node at path: ' . $path);
} }
if ($item->type == 'album') { $currentNode = new Gallery3Album($path); } if ($item->is_album()) {
else { $currentNode = new Gallery3File($path); } return new Gallery3_Album($path);
} else {
return $currentNode; return new Gallery3_File($path);
}
} }
} }
class Gallery3Album extends Sabre_DAV_Directory { class Gallery3_Album extends Sabre_DAV_Directory {
private $item; private $item;
private $stat; private $stat;
private $path; private $path;
function __construct($path) { function __construct($path) {
$this->cache = Gallery3DAVCache::singleton(); $this->cache = Gallery3_DAV_Cache::instance();
$this->path = $path; $this->path = $path;
$this->item = $this->cache->getItemAt($path); $this->item = $this->cache->to_item($path);
} }
function getName() { function getName() {
@ -163,70 +168,76 @@ class Gallery3Album extends Sabre_DAV_Directory {
function getChildren() { function getChildren() {
$return = array(); $return = array();
foreach ($this->item->children() as $child) { foreach ($this->item->viewable()->children() as $child) {
$item = $this->getChild($child->name); $return[] = $this->getChild($child->name);
if ($item != false) {
$return[] = $item;
}
} }
return $return; return $return;
} }
function getChild($name) { function getChild($name) {
$rp = $this->path . '/' . $name; $rp = "{$this->path}/$name";
$child = $this->cache->to_item($rp);
$child = $this->cache->getItemAt($rp); if (!access::can("view", $child)) {
throw new Sabre_DAV_Exception_FileNotFound("Access denied");
if (! $child->id) {
throw new Sabre_DAV_Exception_FileNotFound('Access denied');
} }
if (! access::can('view', $child)) { if ($child->is_album()) {
return false; return new Gallery3_Album($rp);
};
if ($child->type == 'album') {
return new Gallery3Album($rp);
} else { } else {
return new Gallery3File($rp); return new Gallery3_File($rp);
} }
} }
public function createFile($name, $data=null) { public function createFile($name, $data=null) {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; try {
if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; access::required("view", $this->item);
if (substr($name, 0, 1) == '.') { return true; }; access::required("add", $this->item);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
if (substr($name, 0, 1) == ".") {
return true;
};
$tempfile = tempnam(TMPPATH, 'dav'); try {
$target = fopen($tempfile, 'wb'); $tempfile = tempnam(TMPPATH, "dav");
$target = fopen($tempfile, "wb");
stream_copy_to_stream($data, $target); stream_copy_to_stream($data, $target);
fclose($target); fclose($target);
$parent_id = $this->item->__get('id');
$item = ORM::factory("item"); $item = ORM::factory("item");
$item->name = $name; $item->name = $name;
$item->title = item::convert_filename_to_title($item->name); $item->title = item::convert_filename_to_title($item->name);
$item->description = ''; $item->description = "";
$item->parent_id = $parent_id; $item->parent_id = $this->item->id;
$item->set_data_file($tempfile); $item->set_data_file($tempfile);
$item->type = "photo"; $item->type = "photo";
$item->save(); $item->save();
} catch (Exception $e) {
unlink($tempfile);
throw $e;
}
} }
public function createDirectory($name) { public function createDirectory($name) {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; try {
if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; access::required("view", $this->item);
access::required("add", $this->item);
} catch (Kohana_404_Exception $e) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
}
$parent_id = $this->item->__get('id');
$album = ORM::factory("item"); $album = ORM::factory("item");
$album->type = "album"; $album->type = "album";
$album->parent_id = $parent_id; $album->parent_id = $this->item->id;
$album->name = $name; $album->name = $name;
$album->title = $name; $album->title = $name;
$album->description = ''; $album->description = "";
$album->save(); $album->save();
$this->item = ORM::factory("item")->where('id', '=', $parent_id); // Refresh MPTT pointers
$this->item->reload();
} }
function getLastModified() { function getLastModified() {
@ -234,28 +245,32 @@ class Gallery3Album extends Sabre_DAV_Directory {
} }
function setName($name) { function setName($name) {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->name = $name; $this->item->name = $name;
$this->item->save(); $this->item->save();
} }
public function delete() { public function delete() {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->delete(); $this->item->delete();
} }
} }
class Gallery3File extends Sabre_DAV_File { class Gallery3_File extends Sabre_DAV_File {
private $item; private $item;
private $stat; private $stat;
private $path; private $path;
function __construct($path) { function __construct($path) {
$this->cache = Gallery3DAVCache::singleton(); $this->cache = Gallery3_DAV_Cache::instance();
$this->item = $this->cache->getItemAt($path); $this->item = $this->cache->to_item($path);
if (access::can('view_full', $this->item)) { if (access::can("view_full", $this->item)) {
$this->stat = stat($this->item->file_path()); $this->stat = stat($this->item->file_path());
$this->path = $this->item->file_path(); $this->path = $this->item->file_path();
} else { } else {
@ -265,12 +280,16 @@ class Gallery3File extends Sabre_DAV_File {
} }
public function delete() { public function delete() {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->delete(); $this->item->delete();
} }
function setName($name) { function setName($name) {
if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("edit", $this->item)) {
throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
$this->item->name = $name; $this->item->name = $name;
$this->item->save(); $this->item->save();
} }
@ -280,8 +299,10 @@ class Gallery3File extends Sabre_DAV_File {
} }
function get() { function get() {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("view", $this->item)) {
return fopen($this->path,'r'); throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
return fopen($this->path, "r");
} }
function getSize() { function getSize() {
@ -293,9 +314,9 @@ class Gallery3File extends Sabre_DAV_File {
} }
function getETag() { function getETag() {
if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; if (!access::can("view", $this->item)) {
return '"' . md5($this->item->file_path()) . '"'; throw new Sabre_DAV_Exception_Forbidden("Access denied");
};
return "'" . md5($this->item->file_path()) . "'";
} }
} }
?>