Permalink
Browse files

If the user does not have permission to view the album, photo or movi…

…e, redirect

to a logon page to allow the user to login.  Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful.  Fixes ticket #1009.
  • Loading branch information...
1 parent f6c615c commit 17f0a1b10f3df250129188316c14b01f0e3b45f0 @talmdal talmdal committed Feb 10, 2010
@@ -28,20 +28,19 @@ public function show($album) {
// sure that we're actually receiving an object
Kohana::show_404();
}
- $page_size = module::get_var("gallery", "page_size", 9);
+
if (!access::can("view", $album)) {
- if ($album->id == 1) {
- $view = new Theme_View("page.html", "other", "login");
- $view->page_title = t("Log in to Gallery");
- $view->content = new View("login_ajax.html");
- $view->content->form = auth::get_login_form("login/auth_html");
- print $view;
- return;
- } else {
- access::forbidden();
- }
+ $view = new Theme_View("page.html", "other", "login");
+ $view->page_title = t("Log in to Gallery");
+ $view->content = new View("login_ajax.html");
+ $view->content->form = auth::get_login_form("login/auth_html");
+ // Avoid anti-phishing protection by passing the url as session variable.
+ Session::instance()->set("continue_url", url::current(true));
+ print $view;
+ return;
}
+ $page_size = module::get_var("gallery", "page_size", 9);
$input = Input::instance();
$show = $input->get("show");
@@ -44,9 +44,10 @@ public function html() {
public function auth_html() {
access::verify_csrf();
+ $continue_url = Session::instance()->get("continue_url", null);
list ($valid, $form) = $this->_auth("login/auth_html");
if ($valid) {
- url::redirect(item::root()->abs_url());
+ url::redirect($continue_url ? $continue_url : item::root()->abs_url());
} else {
$view = new Theme_View("page.html", "other", "login");
$view->page_title = t("Log in to Gallery");
@@ -24,7 +24,16 @@ public function show($movie) {
// sure that we're actually receiving an object
Kohana::show_404();
}
- access::required("view", $movie);
+
+ if (!access::can("view", $movie)) {
+ $view = new Theme_View("page.html", "other", "login");
+ $view->page_title = t("Log in to Gallery");
+ $view->content = new View("login_ajax.html");
+ $view->content->form = auth::get_login_form("login/auth_html");
+
+ print $view;
+ return;
+ }
$where = array(array("type", "!=", "album"));
$position = $movie->parent()->get_position($movie, $where);
@@ -24,7 +24,15 @@ public function show($photo) {
// sure that we're actually receiving an object
Kohana::show_404();
}
- access::required("view", $photo);
+
+ if (!access::can("view", $photo)) {
+ $view = new Theme_View("page.html", "other", "login");
+ $view->page_title = t("Log in to Gallery");
+ $view->content = new View("login_ajax.html");
+ $view->content->form = auth::get_login_form("login/auth_html");
+ print $view;
+ return;
+ }
$where = array(array("type", "!=", "album"));
$position = $photo->parent()->get_position($photo, $where);

0 comments on commit 17f0a1b

Please sign in to comment.