function change($command, $group_id, $perm_id, $item_id)
{
access::verify_csrf();
$group = identity::lookup_group($group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
if (!empty($group) && $perm->loaded() && $item->loaded()) {
switch ($command) {
case "allow":
access::allow($group, $perm->name, $item);
break;
case "deny":
access::deny($group, $perm->name, $item);
break;
case "reset":
access::reset($group, $perm->name, $item);
break;
}
// If the active user just took away their own edit permissions, give it back.
if ($perm->name == "edit") {
if (!access::user_can(identity::active_user(), "edit", $item)) {
access::allow($group, $perm->name, $item);
}
}
}
}
function change($command, $group_id, $perm_id, $item_id)
{
access::verify_csrf();
$group = ORM::factory("group", $group_id);
$perm = ORM::factory("permission", $perm_id);
$item = ORM::factory("item", $item_id);
access::required("edit", $item);
if ($group->loaded && $perm->loaded && $item->loaded) {
switch ($command) {
case "allow":
access::allow($group, $perm->name, $item);
break;
case "deny":
access::deny($group, $perm->name, $item);
break;
case "reset":
access::reset($group, $perm->name, $item);
break;
}
}
}
public function everybody_view_full_permission_maintains_htaccess_files_test()
{
$album = test::random_album();
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(identity::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::allow(identity::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(identity::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::reset(identity::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
}
public function everybody_view_full_permission_maintains_htaccess_files_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(group::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::allow(group::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(group::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::reset(group::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
}
