now actually querying the access system for permissions
This commit is contained in:
parent
b1f6b3b21e
commit
3e59a5f933
@ -18,18 +18,13 @@
|
||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
class Gallery_Remote_Controller extends Controller {
|
||||
private static $thumb_size = 0;
|
||||
private static $resize_size = 0;
|
||||
|
||||
//XXX access::required("view", $item);
|
||||
|
||||
public function index() {
|
||||
|
||||
$input = Input::instance();
|
||||
$reply = GalleryRemoteReply::factory(gallery_remote::GR_STAT_SUCCESS);
|
||||
|
||||
if($this->_check_protocol($input, $reply)) {
|
||||
$reply->set('debug_gallery_version', '3.0+'); //XXX
|
||||
$reply->set('debug_gallery_version', gallery::version_string());
|
||||
$reply->set('debug_user', identity::active_user()->name);
|
||||
$reply->set('debug_user_type', 'Gallery_User');
|
||||
$reply->set('debug_user_already_logged_in', identity::active_user()->id != identity::guest()->id ? '1':'');
|
||||
@ -144,10 +139,15 @@ class Gallery_Remote_Controller extends Controller {
|
||||
|
||||
private function _fetch_albums_prune(&$input, &$reply) {
|
||||
$root = item::root();
|
||||
$perms = trim($input->post('no_perms'));
|
||||
$use_permissions = ($perms != 'no');
|
||||
|
||||
$thumb_size = module::get_var('gallery', 'thumb_size');
|
||||
$resize_size = module::get_var('gallery', 'resize_size');
|
||||
$count = 0;
|
||||
foreach( $root->descendants(null, null, array(array("type", "=", "album"))) as $item )
|
||||
{
|
||||
if(!$use_permissions || access::can('view', $item))
|
||||
{
|
||||
$count++;
|
||||
|
||||
@ -158,15 +158,20 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$reply->set('album.resize_size.'.$count, $resize_size);
|
||||
$reply->set('album.max_size.'.$count, '0');
|
||||
$reply->set('album.thumb_size.'.$count, $thumb_size);
|
||||
$reply->set('album.perms.add.'.$count, 'true'); //XXX
|
||||
$reply->set('album.perms.write.'.$count, 'true'); //XXX
|
||||
$reply->set('album.perms.del_item.'.$count, 'true'); //XXX
|
||||
$reply->set('album.perms.del_alb.'.$count, 'true'); //XXX
|
||||
$reply->set('album.perms.create_sub.'.$count, 'true'); //XXX
|
||||
if($use_permissions) {
|
||||
$reply->set('album.perms.add.'.$count, access::can('add', $item) ? 'true':'false');
|
||||
$reply->set('album.perms.write.'.$count, access::can('add', $item) ? 'true':'false');
|
||||
$reply->set('album.perms.del_item.'.$count, access::can('edit', $item) ? 'true':'false');
|
||||
$reply->set('album.perms.del_alb.'.$count, access::can('edit', $item) ? 'true':'false');
|
||||
$reply->set('album.perms.create_sub.'.$count, access::can('add', $item) ? 'true':'false');
|
||||
}
|
||||
$reply->set('album.info.extrafields.'.$count, '');
|
||||
}
|
||||
}
|
||||
$reply->set('album_count', $count);
|
||||
$reply->set('can_create_root', 'yes'); //XXX
|
||||
if($use_permissions) {
|
||||
$reply->set('can_create_root', access::can('add', $root) ? 'yes':'no');
|
||||
}
|
||||
$reply->set('status_text', 'Fetch albums successful.');
|
||||
$reply->send();
|
||||
}
|
||||
@ -186,13 +191,11 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$album->parent_id = $parent->id;
|
||||
|
||||
$album->name = $name;
|
||||
$album->slug = $name; // <= verification fails if this property has not been set!!!
|
||||
$album->slug = item::convert_filename_to_slug($name); // <= verification fails if this property has not been set!!!
|
||||
$album->title = $title;
|
||||
$album->title or $album->title = $album->name;
|
||||
$album->description = $desc;
|
||||
//$album->owner_id =
|
||||
$album->view_count = 0;
|
||||
//$album->created = $fields['clicks_date'];
|
||||
$album->sort_column = 'weight';
|
||||
$album->sort_order = 'ASC';
|
||||
|
||||
@ -230,9 +233,9 @@ class Gallery_Remote_Controller extends Controller {
|
||||
else $parent = ORM::factory("item")->where("slug", "=", $album)->find();
|
||||
|
||||
if(isset($parent) && $parent->loaded() && $parent->id!='') {
|
||||
$reply->set('auto_resize', $resize_size); //XXX
|
||||
$reply->set('max_size', '0'); //XXX
|
||||
$reply->set('add_to_beginning', 'no'); //XXX
|
||||
$reply->set('auto_resize', $resize_size); //resize size is the same for all g3 albums
|
||||
$reply->set('max_size', '0'); //not supported by g3
|
||||
$reply->set('add_to_beginning', 'no'); //g3 will add images to the end
|
||||
$reply->set('extrafields', '');
|
||||
$reply->set('title', $parent->title);
|
||||
$reply->set('status_text', 'Album properties queried successfuly.');
|
||||
@ -250,14 +253,12 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$title = trim($input->post('caption'));
|
||||
$forcefilename = trim($input->post('force_filename'));
|
||||
$autorotate = trim($input->post('auto_rotate'));
|
||||
//print_r($_FILES['userfile']); exit;
|
||||
|
||||
if($album=='0') $parent = item::root();
|
||||
else $parent = ORM::factory("item")->where("slug", "=", $album)->find();
|
||||
|
||||
if(isset($parent) && $parent->loaded() && $parent->id!='') {
|
||||
|
||||
//*
|
||||
if(function_exists('mime_content_type'))
|
||||
$type = mime_content_type($_FILES['userfile']['tmp_name']);
|
||||
else
|
||||
@ -284,12 +285,11 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$item->parent_id = $parent->id;
|
||||
$item->set_data_file($_FILES['userfile']['tmp_name']);
|
||||
$item->name = $filename;
|
||||
$item->slug = $slug;
|
||||
$item->slug = item::convert_filename_to_slug($slug);
|
||||
$item->mime_type = $type;
|
||||
$item->title = $title;
|
||||
$item->title or $item->title = ' '; //don't use $item->name as this clutters up the UI
|
||||
//$item->description =
|
||||
//$item->owner_id =
|
||||
$item->view_count = 0;
|
||||
|
||||
try {
|
||||
@ -304,25 +304,25 @@ class Gallery_Remote_Controller extends Controller {
|
||||
|
||||
} catch (Exception $e) {
|
||||
$reply->set('status_text', t('Failed to add item %item.', array('item' => $filename)));
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //XXX gallery remote doesn't accept this :(
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //FIXME gallery remote ignores this return value and continues to wait
|
||||
}
|
||||
|
||||
} catch (ORM_Validation_Exception $e) {
|
||||
$validation = $e->validation;
|
||||
//print_r($validation->errors()); exit;
|
||||
$reply->set('status_text', t('Failed to validate item %item: %errors', array('item' => $filename, 'errors' => print_r($validation->errors(),true)) ));
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //XXX gallery remote doesn't accept this :(
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //FIXME gallery remote ignores this return value and continues to wait
|
||||
}
|
||||
|
||||
} catch (Exception $e) {
|
||||
$reply->set('status_text', t("Corrupt image '%path'", array('path' => $_FILES['userfile']['tmp_name'])));
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //XXX gallery remote doesn't accept this :(
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //FIXME gallery remote ignores this return value and continues to wait
|
||||
}
|
||||
|
||||
}
|
||||
else {
|
||||
$reply->set('status_text', t('Failed to load album with name %name.', array('name' => $album)));
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //XXX gallery remote doesn't accept this :(
|
||||
$reply->send(gallery_remote::UPLOAD_PHOTO_FAIL); //FIXME gallery remote ignores this return value and continues to wait
|
||||
}
|
||||
}
|
||||
|
||||
@ -409,8 +409,9 @@ class Gallery_Remote_Controller extends Controller {
|
||||
else $item = ORM::factory("item")->where("slug", "=", $name)->find();
|
||||
|
||||
if(isset($item) && $item->loaded() && $item->id!='') {
|
||||
$reply->set('status_text', 'Item properties queried successfuly.');
|
||||
$info = pathinfo($item->file_path());
|
||||
|
||||
$reply->set('status_text', 'Item properties queried successfuly.');
|
||||
$reply->set('image.name', $item->slug);
|
||||
$reply->set('image.raw_width', $item->width);
|
||||
$reply->set('image.raw_height', $item->height);
|
||||
@ -423,8 +424,8 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$reply->set('image.thumb_height', $item->thumb_height);
|
||||
$reply->set('image.caption', $item->title);
|
||||
$reply->set('image.title', $item->title);
|
||||
//XXX $reply->set('image.forceExtension', '');
|
||||
$reply->set('image.hidden', 'no'); //XXX
|
||||
$reply->set('image.forceExtension', $info['extension']);
|
||||
$reply->set('image.hidden', access::user_can(identity::guest(), 'view', $item) ? 'no' : 'yes');
|
||||
$reply->send();
|
||||
}
|
||||
else {
|
||||
@ -444,7 +445,7 @@ class Gallery_Remote_Controller extends Controller {
|
||||
if($name=='0') $album = item::root();
|
||||
$album = ORM::factory("item")->where("slug", "=", $name)->find();
|
||||
|
||||
if(isset($album) && $album->loaded() && $album->id!='') {
|
||||
if(isset($album) && $album->loaded() && $album->id!='' && access::can('view', $album)) {
|
||||
|
||||
if($albums!='no') $iterator = ORM::factory("item")->where("parent_id", "=", $album->id)->find_all();
|
||||
else $iterator = ORM::factory("item")->where("parent_id", "=", $album->id)->where("type", "<>", "album")->find_all();
|
||||
@ -462,42 +463,46 @@ class Gallery_Remote_Controller extends Controller {
|
||||
$count = 0;
|
||||
foreach($iterator as $item) {
|
||||
|
||||
if(access::can('view', $item)) {
|
||||
|
||||
$count++;
|
||||
if($item->type != "album") {
|
||||
$info = pathinfo($item->file_path());
|
||||
|
||||
$reply->set('image.name.'.$count, $item->name);
|
||||
//$reply->set('image', print_r($item, true));
|
||||
$reply->set('image.raw_width.'.$count, $item->width);
|
||||
$reply->set('image.raw_height.'.$count, $item->height);
|
||||
$reply->set('image.raw_filesize.'.$count, filesize($item->file_path()));
|
||||
$reply->set('image.resizedName.'.$count, $item->name); //g3 stores resizes and thumbs different than g1
|
||||
$reply->set('image.resized_width.'.$count, $item->resize_width);
|
||||
$reply->set('image.resized_height.'.$count, $item->resize_height);
|
||||
//$reply->set('image.resizedNum.'.$count, 'the number of resized versions for this image [since 2.14]');
|
||||
//$reply->set('image.resized.resized-num.name.'.$count, 'filename of the resized-numth resize [G2 since 2.14]');
|
||||
//$reply->set('image.resized.resized-num.width.'.$count, 'the width of the resized-numth resize [G2 since 2.14]');
|
||||
//$reply->set('image.resized.resized-num.height.'.$count, 'the height of the resized-numth resize [G2 since 2.14]');
|
||||
/*
|
||||
$reply->set('image.resizedNum.'.$count, 'the number of resized versions for this image [since 2.14]');
|
||||
$reply->set('image.resized.resized-num.name.'.$count, 'filename of the resized-numth resize [G2 since 2.14]');
|
||||
$reply->set('image.resized.resized-num.width.'.$count, 'the width of the resized-numth resize [G2 since 2.14]');
|
||||
$reply->set('image.resized.resized-num.height.'.$count, 'the height of the resized-numth resize [G2 since 2.14]');
|
||||
//*/
|
||||
$reply->set('image.thumbName.'.$count, $item->name); //g3 stores resizes and thumbs different than g1
|
||||
$reply->set('image.thumb_width.'.$count, $item->thumb_width);
|
||||
$reply->set('image.thumb_height.'.$count, $item->thumb_height);
|
||||
|
||||
$reply->set('image.caption.'.$count, $item->title);
|
||||
$reply->set('image.title.'.$count, $item->title);
|
||||
$reply->set('image.title.'.$count, $item->name);
|
||||
//$reply->set('image.extrafield.fieldname.'.$count, 'value of the extra field of key fieldname');
|
||||
$reply->set('image.clicks.'.$count, $item->view_count);
|
||||
//*
|
||||
$reply->set('image.capturedate.year.'.$count, date("Y", $item->captured));
|
||||
$reply->set('image.capturedate.mon.'.$count, date("m", $item->captured));
|
||||
$reply->set('image.capturedate.mday.'.$count, date("d", $item->captured));
|
||||
$reply->set('image.capturedate.hours.'.$count, date("H", $item->captured));
|
||||
$reply->set('image.capturedate.minutes.'.$count, date("i", $item->captured));
|
||||
$reply->set('image.capturedate.seconds.'.$count, date("s", $item->captured));
|
||||
//*/
|
||||
//XXX $reply->set('image.forceExtension.'.$count, '');
|
||||
$reply->set('image.hidden.'.$count, 'no'); //XXX
|
||||
$reply->set('image.forceExtension.'.$count, $info['extension']);
|
||||
$reply->set('image.hidden.'.$count, access::user_can(identity::guest(), 'view', $item) ? 'no' : 'yes');
|
||||
}
|
||||
else {
|
||||
$reply->set('album.name.'.$count, $item->name);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
$reply->set('image_count', $count);
|
||||
|
Reference in New Issue
Block a user