Skip to content
This repository has been archived by the owner on Jan 20, 2024. It is now read-only.

Commit

Permalink
Added privacy and ownership checks.
Browse files Browse the repository at this point in the history
  • Loading branch information
@michaelchisari
michaelchisari authored and The Appleseed Project committed Feb 24, 2011
1 parent fe60c0e commit 2e781a4
Show file tree
Hide file tree
Showing 4 changed files with 129 additions and 9 deletions.
16 changes: 16 additions & 0 deletions components/photos/controllers/photo.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ public function __construct ( ) {
public function Display ( $pView = null, $pData = array ( ) ) {

$this->_Focus = $this->Talk ( 'User', 'Focus' );
$this->_Current = $this->Talk ( 'User', 'Current' );

$this->View = $this->GetView ( $pView );

Expand All @@ -40,6 +41,7 @@ public function Display ( $pView = null, $pData = array ( ) ) {
$this->Photos = $this->GetModel ( 'Photos' );

$Set = $this->GetSys ( 'Request' )->Get ( 'Set' );

$Identifier = $this->GetSys ( 'Request' )->Get ( 'Photo' );

$this->Set->Load ( $this->_Focus->Id, $Set );
Expand All @@ -48,6 +50,20 @@ public function Display ( $pView = null, $pData = array ( ) ) {
$this->Photos->Load ( $Identifier );
$this->Photos->Fetch();

$Access = $this->Talk ( 'Privacy', 'Check', $data = array ( 'Requesting' => $this->_Current->Account, 'Type' => 'Photosets', 'Identifier' => $this->Set->Get ( 'Identifier' ) ) );

if ( ( !$Access ) && ( $this->_Current->Account != $this->_Focus->Account ) ) {
if ( !$this->_Current->Account ) {
$this->GetSys ( 'Session' )->Context ( 'login.login.(\d)+.login' );
$this->GetSys ( 'Session' )->Set ( 'Message', __( 'Login To See This Page' ) );
$this->GetSys ( 'Session' )->Set ( 'Error', true );
$this->GetSys ( 'Foundation' )->Redirect ( 'login/login.php' );
} else {
$this->GetSys ( 'Foundation' )->Redirect ( 'common/denied.php' );
}
return ( false );
}

$this->_Prep();

$this->View->Display();
Expand Down
33 changes: 29 additions & 4 deletions components/photos/controllers/photos.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ public function __construct ( ) {
public function Display ( $pView = null, $pData = array ( ) ) {

$this->_Focus = $this->Talk ( 'User', 'Focus' );
$this->_Current = $this->Talk ( 'User', 'Current' );

$this->View = $this->GetView ( $pView );

Expand All @@ -50,6 +51,20 @@ public function Display ( $pView = null, $pData = array ( ) ) {

$this->Set->Fetch();

$Access = $this->Talk ( 'Privacy', 'Check', $data = array ( 'Requesting' => $this->_Current->Account, 'Type' => 'Photosets', 'Identifier' => $this->Set->Get ( 'Identifier' ) ) );

if ( ( !$Access ) && ( $this->_Current->Account != $this->_Focus->Account ) ) {
if ( !$this->_Current->Account ) {
$this->GetSys ( 'Session' )->Context ( 'login.login.(\d)+.login' );
$this->GetSys ( 'Session' )->Set ( 'Message', __( 'Login To See This Page' ) );
$this->GetSys ( 'Session' )->Set ( 'Error', true );
$this->GetSys ( 'Foundation' )->Redirect ( 'login/login.php' );
} else {
$this->GetSys ( 'Foundation' )->Redirect ( 'common/denied.php' );
}
return ( false );
}

$this->Photos->LoadFromSet ( $this->Set->Get ( 'Set_PK' ) );

$this->_Prep();
Expand All @@ -61,8 +76,14 @@ public function Display ( $pView = null, $pData = array ( ) ) {

private function _Prep ( ) {

$this->View->Find ( 'form[class="edit"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/' . $this->Set->Get ( 'Directory' ) . '/';
$this->View->Find ( 'form[class="add"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/' . $this->Set->Get ( 'Directory' ) . '/';
if ( $this->_Current->Account == $this->_Focus->Account ) {
$this->View->Find ( 'form[class="edit"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/' . $this->Set->Get ( 'Directory' ) . '/';
$this->View->Find ( 'form[class="add"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/' . $this->Set->Get ( 'Directory' ) . '/';
} else {
$this->View->Find ( 'form[class="edit"]', 0 )->outertext = '';
$this->View->Find ( 'form[class="add"]', 0 )->outertext = '';
}

$Contexts = $this->View->Find ( '[name="Context"]' );
foreach ( $Contexts as $c => $context ) {
$context->value = $this->Get ( 'Context' );
Expand Down Expand Up @@ -97,8 +118,12 @@ private function _Prep ( ) {

public function Add ( $pView = null, $pData = array ( ) ) {

$this->_Focus = $this->Talk ( 'User', 'Focus' );

// Determine access.
if ( !$this->_CheckAccess ( ) ) {
$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
return ( false );
}

$this->View = $this->GetView ( 'photos.add' );

$this->Sets = $this->GetModel ( 'Sets' );
Expand Down
17 changes: 13 additions & 4 deletions components/photos/controllers/sets.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ public function __construct ( ) {
public function Display ( $pView = null, $pData = array ( ) ) {

$this->_Focus = $this->Talk ( 'User', 'Focus' );
$this->_Current = $this->Talk ( 'User', 'Current' );

$this->View = $this->GetView ( $pView );

Expand All @@ -50,8 +51,12 @@ public function Display ( $pView = null, $pData = array ( ) ) {

private function _Prep ( ) {

$this->View->Find ( 'form[class="add"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/';
$this->View->Find ( '[name="Context"]', 0 )->value = $this->Get ( 'Context' );
if ( $this->_Focus->Account == $this->_Current->Account ) {
$this->View->Find ( 'form[class="add"]', 0 )->action = '/profile/' . $this->_Focus->Username . '/photos/';
$this->View->Find ( '[name="Context"]', 0 )->value = $this->Get ( 'Context' );
} else {
$this->View->Find ( 'form[class="add"]', 0 )->outertext = '';
}

$list = $this->View->Find ( '.list', 0);

Expand Down Expand Up @@ -93,8 +98,12 @@ private function _Prep ( ) {

public function Add ( $pView = null, $pData = array ( ) ) {

$this->_Focus = $this->Talk ( 'User', 'Focus' );

// Determine access.
if ( !$this->_CheckAccess ( ) ) {
$this->GetSys ( 'Foundation' )->Redirect ( 'common/403.php' );
return ( false );
}

$this->View = $this->GetView ( 'sets.add' );

$this->Sets = $this->GetModel ( 'Sets' );
Expand Down
72 changes: 71 additions & 1 deletion components/photos/models/sets.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,82 @@ public function Load ( $pOwner, $pDirectory = null ) {
$this->Fetch();
}
} else {
$this->Retrieve ( array ( 'Owner_FK' => $pOwner ), 'Created DESC' );
return ( $this->_Sets ( $pOwner ) );
}
}

public function DirectoryExists ( $pSetId, $pOwner ) {
return ( true );
}

private function _Sets ( $pUserId ) {
//$this->Retrieve ( array ( 'Owner_FK' => $pOwner ), 'Created DESC' );

//return ( true );

eval ( GLOBALS );
// $this->Retrieve ( array ( 'Owner_FK' => $pUserId ), 'Created DESC', $pLimit );

$start = $pLimit['start'] ? $pLimit['start'] : 0;
$limit = $pLimit['limit'] ? $pLimit['limit'] : 10;

// Get a list of circles the current member is a member of.
$Current = $zApp->GetSys ( 'Components' )->Talk ( 'User', 'Current' );
$Focus = $zApp->GetSys ( 'Components' )->Talk ( 'User', 'Focus' );

$Circles = $zApp->GetSys ( 'Components' )->Talk ( 'Friends', 'Circles', array ( 'Requesting' => $Current->Account, 'All' => true ) );
$Friends = $zApp->GetSys ( 'Components' )->Talk ( 'Friends', 'Friends', array ( 'Requesting' => $Current->Account, 'All' => true ) );

$prepared[] = $pUserId;

$this->Privacy = new cModel ( 'PrivacySettings' );

if ( $Focus->Account == $Current->Account ) {
// We're looking at our own journal, so return everything.
} elseif ( !$Current->Account ) {
// We're not logged in, so search for Everybody
$criteria = array ( 'User_FK' => $pUserId, 'Type' => 'Photosets', 'Everybody' => true );

$this->Privacy->Retrieve ( $criteria );

// No identifiers were found, which means no entries were found.
if ( $this->Privacy->Get ( 'Total' ) == 0 ) return ( false );

while ( $this->Privacy->Fetch() ) {
$Identifiers[] = $this->Privacy->Get ( 'Identifier' );
}
} else {
// We're logged in, so search based on our criteria
$subcriteria['Everybody'] = true;

if ( in_array ( $Current->Account, $Friends ) ) {
$subcriteria['||Friends'] = true;
}

foreach ( $Circles as $c => $circle ) {
$circleList[] = $c;
}
if ( count ( $circleList > 0 ) ) {
$subcriteria['||Circle_FK'] = '()' . implode ( $circleList );
}
$criteria = array ( 'User_FK' => $pUserId, 'Type' => 'Photosets', $subcriteria );
$this->Privacy->Retrieve ( $criteria );

// No identifiers were found, which means no entries were found.
if ( $this->Privacy->Get ( 'Total' ) == 0 ) return ( false );

while ( $this->Privacy->Fetch() ) {
$Identifiers[] = $this->Privacy->Get ( 'Identifier' );
}
}

if ( $Focus->Account == $Current->Account ) {
$this->Retrieve ( array ( 'Owner_FK' => $pUserId ), 'Created DESC', $pLimit );
} else {
$this->Retrieve ( array ( 'Owner_FK' => $pUserId, 'Identifier' => '()' . implode ( ',', $Identifiers ) ), 'Created DESC', $pLimit );
}

return ( true );
}

}

0 comments on commit 2e781a4

Please sign in to comment.