public function cant_view_comments_for_unviewable_items_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), rand(), rand());
$comment = comment::create($album, user::guest(), "text", "name", "email", "url");
user::set_active(user::guest());
// We can see the comment when permissions are granted on the album
access::allow(group::everybody(), "view", $album);
$this->assert_equal(1, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
// We can't see the comment when permissions are denied on the album
access::deny(group::everybody(), "view", $album);
$this->assert_equal(0, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
}
public function viewable_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), rand(), rand());
$item = self::_create_random_item($album);
user::set_active(user::guest());
// We can see the item when permissions are granted
access::allow(group::everybody(), "view", $album);
$this->assert_equal(1, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
// We can't see the item when permissions are denied
access::deny(group::everybody(), "view", $album);
$this->assert_equal(0, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
}
/**
* Create a new user.
*
* @param string $name
* @param string $full_name
* @param string $password
* @return User_Model
*/
static function create($name, $full_name, $password)
{
$user = ORM::factory("user")->where("name", $name)->find();
if ($user->loaded) {
throw new Exception("@todo USER_ALREADY_EXISTS {$name}");
}
$user->name = $name;
$user->full_name = $full_name;
$user->password = $password;
// Required groups
$user->add(group::everybody());
$user->add(group::registered_users());
$user->save();
return $user;
}
public function change_album_no_csrf_fails_test()
{
$controller = new Albums_Controller();
$root = ORM::factory("item", 1);
$this->_album = album::create($root, "test", "test", "test");
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
access::allow(group::everybody(), "edit", $root);
try {
$controller->_update($this->_album);
$this->assert_true(false, "This should fail");
} catch (Exception $e) {
// pass
}
}
public function change_photo_no_csrf_fails_test()
{
$controller = new Photos_Controller();
$root = ORM::factory("item", 1);
$photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test", "test", "test");
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
access::allow(group::everybody(), "edit", $root);
try {
$controller->_update($photo);
$this->assert_true(false, "This should fail");
} catch (Exception $e) {
// pass
}
}
/**
* Handle any business logic necessary to create or update a user.
* @see ORM::save()
*
* @return ORM User_Model
*/
public function save()
{
if (!$this->loaded()) {
// New user
$this->add(group::everybody());
if (!$this->guest) {
$this->add(group::registered_users());
}
parent::save();
module::event("user_created", $this);
} else {
// Updated user
$original = ORM::factory("user", $this->id);
parent::save();
module::event("user_updated", $original, $this);
}
return $this;
}
public function print_photo($id)
{
access::verify_csrf();
$item = ORM::factory("item", $id);
access::required("view", $item);
if (access::group_can(group::everybody(), "view_full", $item)) {
$full_url = $item->file_url(true);
$thumb_url = $item->thumb_url(true);
} else {
$proxy = ORM::factory("digibug_proxy");
$proxy->uuid = md5(rand());
$proxy->item_id = $item->id;
$proxy->save();
$full_url = url::abs_site("digibug/print_proxy/full/{$proxy->uuid}");
$thumb_url = url::abs_site("digibug/print_proxy/thumb/{$proxy->uuid}");
}
$v = new View("digibug_form.html");
$v->order_parms = array("digibug_api_version" => "100", "company_id" => module::get_var("digibug", "company_id"), "event_id" => module::get_var("digibug", "event_id"), "cmd" => "addimg", "partner_code" => "69", "return_url" => url::abs_site("digibug/close_window"), "num_images" => "1", "image_1" => $full_url, "thumb_1" => $thumb_url, "image_height_1" => $item->height, "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, "title_1" => html::purify($item->title));
print $v;
}
/**
* Import a single group.
*/
static function import_group(&$queue)
{
$g2_group_id = array_shift($queue);
if (self::map($g2_group_id)) {
return t("Group with id: %id already imported, skipping", array("id" => $g2_group_id));
}
try {
$g2_group = g2(GalleryCoreApi::loadEntitiesById($g2_group_id));
} catch (Exception $e) {
return t("Failed to import Gallery 2 group with id: %id\n%exception", array("id" => $g2_group_id, "exception" => $e->__toString()));
}
switch ($g2_group->getGroupType()) {
case GROUP_NORMAL:
try {
$group = group::create($g2_group->getGroupName());
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate group" exception
$group = group::lookup_by_name($g2_group->getGroupname());
}
$message = t("Group '%name' was imported", array("name" => $g2_group->getGroupname()));
break;
case GROUP_ALL_USERS:
$group = group::registered_users();
$message = t("Group 'Registered' was converted to '%name'", array("name" => $group->name));
break;
case GROUP_SITE_ADMINS:
$message = t("Group 'Admin' does not exist in Gallery 3, skipping");
break;
// This is not a group in G3
// This is not a group in G3
case GROUP_EVERYBODY:
$group = group::everybody();
$message = t("Group 'Everybody' was converted to '%name'", array("name" => $group->name));
break;
}
if (isset($group)) {
self::set_map($g2_group->getId(), $group->id);
}
return $message;
}
/**
* Import a single group.
*/
static function import_group(&$queue)
{
$g2_group_id = array_shift($queue);
if (self::map($g2_group_id)) {
return;
}
try {
$g2_group = g2(GalleryCoreApi::loadEntitiesById($g2_group_id));
} catch (Exception $e) {
g2_import::log(t("Failed to import Gallery 2 group with id: %id", array("id" => $g2_group_id)));
return;
}
switch ($g2_group->getGroupType()) {
case GROUP_NORMAL:
try {
$group = group::create($g2_group->getGroupName());
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate group" exception
$group = group::lookup_by_name($g2_group->getGroupname());
}
break;
case GROUP_ALL_USERS:
$group = group::registered_users();
break;
case GROUP_SITE_ADMINS:
break;
// This is not a group in G3
// This is not a group in G3
case GROUP_EVERYBODY:
$group = group::everybody();
break;
}
if (isset($group)) {
self::set_map($g2_group->getId(), $group->id);
}
}
public function everybody_view_full_permission_maintains_htaccess_files_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), "test album");
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(group::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::allow(group::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::deny(group::everybody(), "view_full", $album);
$this->assert_true(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
access::reset(group::everybody(), "view_full", $album);
$this->assert_false(file_exists($album->file_path() . "/.htaccess"));
$this->assert_false(file_exists($album->resize_path() . "/.htaccess"));
$this->assert_false(file_exists($album->thumb_path() . "/.htaccess"));
}
public function moved_items_inherit_new_permissions_test()
{
user::set_active(user::lookup_by_name("admin"));
$root = ORM::factory("item", 1);
$public_album = album::create($root, rand(), "public album");
$public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", "");
access::allow(group::everybody(), "view", $public_album);
$root->reload();
// Account for MPTT changes
$private_album = album::create($root, rand(), "private album");
access::deny(group::everybody(), "view", $private_album);
$private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", "");
// Make sure that we now have a public photo and private photo.
$this->assert_true(access::group_can(group::everybody(), "view", $public_photo));
$this->assert_false(access::group_can(group::everybody(), "view", $private_photo));
// Swap the photos
item::move($public_photo, $private_album);
$private_album->reload();
// Reload to get new MPTT pointers and cached perms.
$public_album->reload();
$private_photo->reload();
$public_photo->reload();
item::move($private_photo, $public_album);
$private_album->reload();
// Reload to get new MPTT pointers and cached perms.
$public_album->reload();
$private_photo->reload();
$public_photo->reload();
// Make sure that the public_photo is now private, and the private_photo is now public.
$this->assert_false(access::group_can(group::everybody(), "view", $public_photo));
$this->assert_true(access::group_can(group::everybody(), "view", $private_photo));
}
/**
* @see IdentityProvider_Driver::everybody.
*/
public function everybody()
{
return group::everybody();
}
