Permalink
Browse files

When moving a single item, just copy its permissions from its parent

album.  This is totally legal since an items permissions must be the
same as its parent's, and it's much faster for large installs where
a complete recalculation can be very costly.  Should fix #1360.
  • Loading branch information...
1 parent 19750cb commit 1a0d76c43e3545771ae3e1c6ad6ba255beeae32d @bharat bharat committed Sep 14, 2010
View
30 modules/gallery/helpers/access.php
@@ -263,22 +263,44 @@ static function reset($group, $perm_name, $item) {
}
/**
- * Recalculate the permissions for a given item and its hierarchy. $item must be an album.
+ * Recalculate the permissions for an album's hierarchy.
*/
- static function recalculate_permissions($item) {
+ static function recalculate_album_permissions($album) {
foreach (self::_get_all_groups() as $group) {
foreach (ORM::factory("permission")->find_all() as $perm) {
if ($perm->name == "view") {
- self::_update_access_view_cache($group, $item);
+ self::_update_access_view_cache($group, $album);
} else {
- self::_update_access_non_view_cache($group, $perm->name, $item);
+ self::_update_access_non_view_cache($group, $perm->name, $album);
}
}
}
model_cache::clear();
}
/**
+ * Recalculate the permissions for a single photo.
+ */
+ static function recalculate_photo_permissions($photo) {
+ $parent = $photo->parent();
+ $parent_access_cache = ORM::factory("access_cache")->where("item_id", "=", $parent->id)->find();
+ $photo_access_cache = ORM::factory("access_cache")->where("item_id", "=", $photo->id)->find();
+ foreach (self::_get_all_groups() as $group) {
+ foreach (ORM::factory("permission")->find_all() as $perm) {
+ $field = "{$perm->name}_{$group->id}";
+ if ($perm->name == "view") {
+ $photo->$field = $parent->$field;
+ } else {
+ $photo_access_cache->$field = $parent_access_cache->$field;
+ }
+ }
+ }
+ $photo_access_cache->save();
+ $photo->save();
+ model_cache::clear();
+ }
+
+ /**
* Register a permission so that modules can use it.
*
* @param string $name The internal name for for this permission
View
6 modules/gallery/helpers/gallery_event.php
@@ -157,7 +157,11 @@ static function batch_complete() {
}
static function item_moved($item, $old_parent) {
- access::recalculate_permissions($item->parent());
+ if ($item->is_album()) {
+ access::recalculate_album_permissions($item->parent());
+ } else {
+ access::recalculate_photo_permissions($item);
+ }
// If the new parent doesn't have an album cover, make this it.
if (!$item->parent()->album_cover_item_id) {
View
2 modules/gallery/helpers/gallery_task.php
@@ -571,7 +571,7 @@ static function fix($task) {
// The new cache rows are there, but they're incorrectly populated so we have to fix
// them. If this turns out to be too slow, we'll have to refactor
// access::recalculate_permissions to allow us to do it in slices.
- access::recalculate_permissions(item::root());
+ access::recalculate_album_permissions(item::root());
$state = self::FIX_STATE_DONE;
}
break;
View
4 modules/gallery/tests/Access_Helper_Test.php
@@ -359,11 +359,13 @@ public function moved_items_inherit_new_permissions_test() {
$public_album = test::random_album();
$public_photo = test::random_photo($public_album);
access::allow(identity::everybody(), "view", $public_album);
+ access::allow(identity::everybody(), "edit", $public_album);
item::root()->reload(); // Account for MPTT changes
$private_album = test::random_album();
access::deny(identity::everybody(), "view", $private_album);
+ access::deny(identity::everybody(), "edit", $private_album);
$private_photo = test::random_photo($private_album);
// Make sure that we now have a public photo and private photo.
@@ -385,6 +387,8 @@ public function moved_items_inherit_new_permissions_test() {
// Make sure that the public_photo is now private, and the private_photo is now public.
$this->assert_false(access::group_can(identity::everybody(), "view", $public_photo));
+ $this->assert_false(access::group_can(identity::everybody(), "edit", $public_photo));
$this->assert_true(access::group_can(identity::everybody(), "view", $private_photo));
+ $this->assert_true(access::group_can(identity::everybody(), "edit", $private_photo));
}
}

0 comments on commit 1a0d76c

Please sign in to comment.