Add a new maintenance task that resyncs album .htaccess files with

database access intents. Use this to fix up .htaccess files after you relocate your Gallery. Fixes ticket #1252.
gallery · Jul 25, 2010 · 5be9ae3 · 5be9ae3
1 parent 055e115
commit 5be9ae3
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 5 deletions.
diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php
@@ -222,7 +222,7 @@ private static function _set(Group_Definition $group, $perm_name, $album, $value
       self::_update_access_non_view_cache($group, $perm_name, $album);
     }
 
-    self::_update_htaccess_files($album, $group, $perm_name, $value);
+    self::update_htaccess_files($album, $group, $perm_name, $value);
     model_cache::clear();
   }
 
@@ -623,10 +623,16 @@ private static function _update_access_non_view_cache($group, $perm_name, $item)
   }
 
   /**
-   * Maintain .htacccess files to prevent direct access to albums, resizes and thumbnails when we
-   * apply the view and view_full permissions to guest users.
+   * Rebuild the .htaccess files that prevent direct access to albums, resizes and thumbnails.  We
+   * call this internally any time we change the view or view_full permissions for guest users.
+   * This function is only public because we use it in maintenance tasks.
+   *
+   * @param  Item_Model   the album
+   * @param  Group_Model  the group whose permission is changing
+   * @param  string       the permission name
+   * @param  string       the new permission value (eg access::DENY)
    */
-  private static function _update_htaccess_files($album, $group, $perm_name, $value) {
+  public static function update_htaccess_files($album, $group, $perm_name, $value) {
     if ($group->id != identity::everybody()->id ||
         !($perm_name == "view" || $perm_name == "view_full")) {
       return;

diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
@@ -50,7 +50,14 @@ static function available_tasks() {
       ->callback("gallery_task::fix_mptt")
       ->name(t("Fix Album/Photo hierarchy"))
       ->description(t("Fix problems where your album/photo breadcrumbs are out of " .
-                      "sync with your actual hierarchy."))
+                      "sync with your actual hierarchy"))
+      ->severity(log::SUCCESS);
+
+    $tasks[] = Task_Definition::factory()
+      ->callback("gallery_task::fix_permissions")
+      ->name(t("Fix permissions"))
+      ->description(t("Resynchronize database permissions with the .htaccess " .
+                      "files in your gallery3/var directory"))
       ->severity(log::SUCCESS);
 
     return $tasks;
@@ -386,4 +393,54 @@ static function fix_mptt_set_right($id, $value) {
       ->where("id", "=", $id)
       ->execute();
   }
+
+  static function fix_permissions($task) {
+    $start = microtime(true);
+
+    $total = $task->get("total");
+    if (empty($total)) {
+      $everybody_id = identity::everybody()->id;
+      $stack = array();
+      foreach (db::build()
+               ->select("id")
+               ->from("access_intents")
+               ->where("view_{$everybody_id}", "=", 0)
+               ->or_where("view_full_{$everybody_id}", "=", 0)
+               ->execute() as $row) {
+        $stack[] = $row->id;
+      }
+
+      $task->set("total", $total = count($stack));
+      $task->set("stack", implode(" ", $stack));
+      $task->set("completed", 0);
+    }
+
+    $stack = explode(" ", $task->get("stack"));
+    $completed = $task->get("completed");
+
+    while ($stack && microtime(true) - $start < 1.5) {
+      $album = ORM::factory("item", array_pop($stack));
+      $everybody = identity::everybody();
+      if (!access::group_can($everybody, "view", $album)) {
+        access::update_htaccess_files($album, identity::everybody(), "view", access::DENY);
+      } else {
+        // It's one or the other, so if they have view then they don't have view_full
+        access::update_htaccess_files($album, identity::everybody(), "view_full", access::DENY);
+      }
+      $completed++;
+    }
+
+    $task->set("stack", implode(" ", $stack));
+    $task->set("completed", $completed);
+
+    if ($total == $completed) {
+      $task->done = true;
+      $task->state = "success";
+      $task->percent_complete = 100;
+    } else {
+      $task->percent_complete = round(100 * $completed / $total);
+    }
+    $task->status = t2("One album updated", "%count / %total albums updated", $completed,
+                       array("total" => $total));
+  }
 }