예제 #1
0
 /**
  * Imports G2 permissions, mapping G2's permission model to G3's
  * much simplified permissions.
  *
  *  - Ignores user permissions, G3 only supports group permissions.
  *  - Ignores item permissions, G3 only supports album permissions.
  *
  *  G2 permission   ->  G3 permission
  *  ---------------------------------
  *  core.view           view
  *  core.viewSource     view_full
  *  core.edit           edit
  *  core.addDataItem    add
  *  core.addAlbumItem   add
  *  core.viewResizes    <ignored>
  *  core.delete         <ignored>
  *  comment.*           <ignored>
  */
 private static function _import_permissions($g2_album, $g3_album)
 {
     // No need to do anything if this album has the same G2 ACL as its parent.
     if ($g2_album->getParentId() != null && g2(GalleryCoreApi::fetchAccessListId($g2_album->getId())) == g2(GalleryCoreApi::fetchAccessListId($g2_album->getParentId()))) {
         return;
     }
     $granted_permissions = self::_map_permissions($g2_album->getId());
     if ($g2_album->getParentId() == null) {
         // Compare to current permissions, and change them if necessary.
         $g3_parent_album = item::root();
     } else {
         $g3_parent_album = $g3_album->parent();
     }
     $granted_parent_permissions = array();
     $perm_ids = array_unique(array_values(self::$_permission_map));
     foreach (identity::groups() as $group) {
         $granted_parent_permissions[$group->id] = array();
         foreach ($perm_ids as $perm_id) {
             if (access::group_can($group, $perm_id, $g3_parent_album)) {
                 $granted_parent_permissions[$group->id][$perm_id] = 1;
             }
         }
     }
     // Note: Only registering permissions if they're not the same as
     //       the inherited ones.
     foreach ($granted_permissions as $group_id => $permissions) {
         if (!isset($granted_parent_permissions[$group_id])) {
             foreach (array_keys($permissions) as $perm_id) {
                 access::allow(identity::lookup_group($group_id), $perm_id, $g3_album);
             }
         } else {
             if ($permissions != $granted_parent_permissions[$group_id]) {
                 $parent_permissions = $granted_parent_permissions[$group_id];
                 // @todo Probably worth caching the group instances.
                 $group = identity::lookup_group($group_id);
                 // Note: Cannot use array_diff_key.
                 foreach (array_keys($permissions) as $perm_id) {
                     if (!isset($parent_permissions[$perm_id])) {
                         access::allow($group, $perm_id, $g3_album);
                     }
                 }
                 foreach (array_keys($parent_permissions) as $perm_id) {
                     if (!isset($permissions[$perm_id])) {
                         access::deny($group, $perm_id, $g3_album);
                     }
                 }
             }
         }
     }
     foreach ($granted_parent_permissions as $group_id => $parent_permissions) {
         if (isset($granted_permissions[$group_id])) {
             continue;
             // handled above
         }
         $group = identity::lookup_group($group_id);
         foreach (array_keys($parent_permissions) as $perm_id) {
             access::deny($group, $perm_id, $g3_album);
         }
     }
 }