diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index fbe0b55067..949aea840d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -99,16 +99,8 @@ static function user_can($user, $perm_name, $item) { return true; } - if ($item->owner_id == $user->id && - in_array($perm_name, array("view_full", "edit", "add"))) { - return true; - } - - if ($perm_name == "view") { - $resource = $item->owner_id == $user->id ? $item->parent() : $item; - } else { - $resource = model_cache::get("access_cache", $item->id, "item_id"); - } + $resource = $perm_name == "view" ? + $item : model_cache::get("access_cache", $item->id, "item_id"); foreach ($user->groups as $group) { if ($resource->__get("{$perm_name}_{$group->id}") === self::ALLOW) { return true; diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index c1d11a969b..038e11fbf1 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -38,17 +38,31 @@ public function viewable() { if (user::active()->admin) { $this->view_restrictions = array(); } else { - $this->view_restrictions["owner_id"] = user::active()->id; foreach (user::group_ids() as $id) { - $this->view_restrictions["view_$id"] = access::ALLOW; + // Separate the first restriction from the rest to make it easier for us to formulate + // our where clause below + if (empty($this->view_restrictions)) { + $this->view_restrictions[0] = "view_$id"; + } else { + $this->view_restrictions[1]["view_$id"] = access::ALLOW; + } } } } + switch (count($this->view_restrictions)) { + case 0: + break; - if (!empty($this->view_restrictions)) { + case 1: + $this->where($this->view_restrictions[0], access::ALLOW); + break; + + default: $this->open_paren(); - $this->orwhere($this->view_restrictions); + $this->where($this->view_restrictions[0], access::ALLOW); + $this->orwhere($this->view_restrictions[1]); $this->close_paren(); + break; } return $this; diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 737ed8a6ff..59cec453e8 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -101,48 +101,6 @@ public function user_can_no_access_test() { $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); } - public function owner_can_view_album_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $item = album::create($root, rand(), "test album", $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_can_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album", $user->id); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); - } - - public function owner_cant_view_photo_test() { - $user = user::create("access_test", "Access Test", ""); - foreach ($user->groups as $group) { - $user->remove($group); - } - $user->save(); - - $root = ORM::factory("item", 1); - $album = album::create($root, rand(), "test album"); - access::deny(group::everybody(), "view", $album); - $item = photo::create($album, MODPATH . "gallery/images/gallery.png", "", "", null, $user->id); - - $this->assert_false(access::user_can($user, "view", $item), "Should not be able to view"); - } - public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album");