is_album()) { access::forbidden(); } $view = new View("permissions_browse.html"); $view->htaccess_works = access::htaccess_works(); $view->item = $item; $view->parents = $item->parents(); $view->form = $this->_get_form($item); print $view; } function form($id) { $item = ORM::factory("item", $id); access::required("view", $item); access::required("edit", $item); if (!$item->is_album()) { access::forbidden(); } print $this->_get_form($item); } function change($command, $group_id, $perm_id, $item_id) { access::verify_csrf(); $group = identity::lookup_group($group_id); $perm = ORM::factory("permission", $perm_id); $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); if (!empty($group) && $perm->loaded() && $item->loaded()) { switch($command) { case "allow": access::allow($group, $perm->name, $item); break; case "deny": access::deny($group, $perm->name, $item); break; case "reset": access::reset($group, $perm->name, $item); break; } // If the active user just took away their own edit permissions, give it back. if ($perm->name == "edit") { if (!access::user_can(identity::active_user(), "edit", $item)) { access::allow($group, $perm->name, $item); } } } } private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; $view->groups = identity::groups(); $view->permissions = ORM::factory("permission")->find_all(); return $view; } }