/**
  * A custom access check.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   Run access checks for this account.
  */
 public function access(AccountInterface $account) {
   // Check if user can view account photos.
   $uid = \Drupal::routeMatch()->getParameter('user');
   $account = \Drupal::entityManager()->getStorage('user')->load($uid);
   if (!$account || _photos_access('viewUser', $account)) {
     return AccessResult::allowed();
   }
   else {
     return AccessResult::forbidden();
   }
 }
Пример #2
0
 /**
  * A custom access check.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   Run access checks for this account.
  */
 public function access(AccountInterface $account) {
   // Check if user can edit this album.
   $node = \Drupal::routeMatch()->getParameter('node');
   if (!is_object($node)) {
     $node = \Drupal\node\Entity\Node::load($node);
   }
   if (_photos_access('editAlbum', $node)) {
     return AccessResult::allowed();
   }
   else {
     return AccessResult::forbidden();
   }
 }
 /**
  * A custom access check.
  *
  * @param \Drupal\Core\Session\AccountInterface $account
  *   Run access checks for this account.
  */
 public function access(AccountInterface $account) {
   // Get node.
   $nid = \Drupal::routeMatch()->getParameter('node');
   $node = \Drupal\node\Entity\Node::load($nid);
   if (!$node) {
     // Not found.
     throw new NotFoundHttpException();
   }
   $current_path = \Drupal::service('path.current')->getPath();
   $path_args = explode('/', $current_path);
   // Check access.
   $access_op = 'album';
   if (isset($path_args[3]) && $path_args[3] == 'sub_album') {
     $access_op = 'subAlbum';
   }
   if ($account->hasPermission('view photo') && _photos_access($access_op, $node)) {
     // Allow access.
     return AccessResult::allowed();
   }
   else {
     return AccessResult::forbidden();
   }
 }
 /**
  * Save new album weights.
  */
 public function editSortAlbumsSave($order = array(), $uid = 0) {
   if ($uid) {
     $user = \Drupal::currentUser();
     $access = FALSE;
     // @todo add support for admin role?
     if ($user->id() == $uid || $user->id() == 1) {
       $weight = 0;
       // Update weight for all albums in array.
       foreach ($order as $album_id) {
         $pid = str_replace('photos_', '', $album_id);
         $node = \Drupal::entityManager()->getStorage('node')->load($pid);
         // Check for node_accss.
         $access = _photos_access('editAlbum', $node);
         if ($access) {
           db_query("UPDATE {photos_album} SET wid = :wid WHERE pid = :pid",
             array(':wid' => $weight, ':pid' => $pid));
           $weight++;
         }
       }
       if ($weight > 0) {
         $message = t('Album order saved!');
         return $message;
       }
     }
   }
 }
  /**
   * Returns content for single image.
   *
   * @return string
   *   A HTML-formatted string with the administrative page content.
   *
   */
  public function contentOverview() {
    $fid = \Drupal::routeMatch()->getParameter('file');
    if (!is_numeric($fid)) {
      throw new NotFoundHttpException();
    }
    $user = \Drupal::currentUser();
    $query = db_select('file_managed', 'f');
    $query->join('photos_image', 'p', 'p.fid = f.fid');
    $query->join('photos_album', 'a', 'p.pid = a.pid');
    $query->join('node', 'n', 'n.nid = p.pid');
    $query->join('users_field_data', 'u', 'u.uid = f.uid');
    $query->fields('f', array('uri', 'filemime', 'created', 'filename'))
      ->fields('p')
      ->fields('a', array('data'))
      ->fields('u', array('uid', 'name'));
    $query->condition('p.fid', $fid);
    $query->addTag('node_access');
    $image = $query->execute()->fetchObject();

    if (!$image) {
      throw new NotFoundHttpException();
    }
    $image = photos_get_info(0, $image);
    $node = \Drupal::entityManager()->getStorage('node')->load($image->pid);
    if (_photos_access('imageEdit', $node)) {
      $image->ajax['edit_url'] = Url::fromUri('base:photos/image/' . $image->fid . '/update')->toString();
      if (_photos_select_sub_album()) {
        // Add image to sub-album.
        $url = Url::fromUri('base:photos/image/' . $image->fid . '/to_sub');
        $image->links['to_sub'] = l(t('Add to sub-album...'), $url, array(
          'attributes' => array(
            'class' => array('colorbox')
          )
        ));
      }
      // Set album cover.
      $url = Url::fromRoute('photos.album.update.cover', array('node' => $image->pid, 'file' => $fid));
      $image->links['cover'] = \Drupal::l(t('Set to Cover'), $url, array(
        'query' => drupal_get_destination())
      );
    }
    $image->class = array(
      'title_class' => '',
      'des_class' => '',
    );
    $image->id = array(
      'des_edit' => '',
      'title_edit' => ''
    );
    $edit = _photos_access('imageEdit', $node);
    if ($edit) {
      // Image edit link.
      $url = Url::fromUri('base:photos/image/' . $image->fid . '/edit');
      $image->ajax['edit_link'] = \Drupal::l(t('Edit'), $url, array(
        'query' => array(
          'destination' => 'photos/image/' . $image->fid
        ),
        'attributes' => array(
          'class' => array('colorbox-load', 'photos-edit-edit')
        )
      ));

      $image->class = array(
        'title_class' => ' jQueryeditable_edit_title',
        'des_class' => ' jQueryeditable_edit_des',
      );
      $image->id = array(
        'des_edit' => ' id="photos-image-edit-des-' . $image->fid . '"',
        'title_edit' => ' id="photos-image-edit-title-' . $image->fid . '"'
      );
      $jeditable_library = \Drupal::service('library.discovery')->getLibraryByName('photos', 'photos.jeditable');
    }
    if (_photos_access('imageDelete', $node)) {
      // Image delete link.
      $url = Url::fromUri('base:photos/image/' . $image->fid . '/delete');
      $image->ajax['del_link'] = \Drupal::l(t('Delete'), $url, array(
        'query' => array(
          'destination' => 'node/' . $image->pid
        ),
        'attributes' => array(
          'class' => array('colorbox-load', 'photos-edit-delete')
        )
      ));
    }
    if (\Drupal::config('photos.settings')->get('photos_vote')) {
      // @todo votingapi.
      $render_vote = array(
        '#theme' => 'photos_vote',
        '#fid' => $fid
      );
      // $image->vote = $render_vote;
    }
    if (\Drupal::config('photos.settings')->get('photos_comment')) {
      // Comment integration.
      $render_comment = array(
        '#theme' => 'photos_comment_count',
        '#comcount' => $image->comcount
      );
      $image->links['comment'] = $render_comment;
    }
    // @todo $uid?
    if (FALSE && $uid) {
      // User images.
      $pager_type = 'uid';
      $pager_id = $uid;
    }
    elseif (isset($_GET['photos_sub'])) {
      // Sub-album images.
      $pager_type = 'sub';
      $pager_id = (int)$_GET['photos_sub'];
    }
    else {
      // Album images.
      $pager_type = 'pid';
      $pager_id = $image->pid;
    }
    $data = unserialize($image->data);
    $style_name = isset($data['view_imagesize']) ? $data['view_imagesize'] : \Drupal::config('photos.settings')->get('photos_display_view_imagesize');

    // Necessary when upgrading from D6 to D7.
    // @todo remove?
    $image_styles = image_style_options(FALSE);
    if (!isset($image_styles[$style_name])) {
      $style_name = \Drupal::config('photos.settings')->get('photos_display_view_imagesize');
    }

    // Display all sizes link to share code?
    $all_sizes_link = \Drupal::config('photos.settings')->get('photos_print_sizes');
    if ($all_sizes_link < 2) {
      // Display full page or colorbox.
      $colorbox = array();
      if ($all_sizes_link == 1) {
        $colorbox = array(
          'query' => array(
            'iframe' => 'true',
            'height' => 650,
            'width' => 850
          ),
          'attributes' => array(
            'class' => array('colorbox-load')
          )
        );
      }
      $url = Url::fromUri('base:photos/zoom/' . $fid);
      $image->links['more'] = \Drupal::l(t('All sizes'), $url, $colorbox);
    }
    $image->links['pager'] = $this->imagePager($fid, $pager_id, $pager_type);
    $image->view = array(
      '#theme' => 'photos_image_html',
      '#style_name' => $style_name,
      '#image' => $image,
      '#cache' => array(
        'tags' => array(
          'photos:image:' . $fid
        )
      )
    );

    // Get comments.
    $image->comment['view'] = _photos_comment($fid, $image->comcount, $node);
    if (!\Drupal::config('photos.settings')->get('photos_image_count')) {
      $count = 1;
      db_update('photos_image')
        ->fields(array('count' => $count))
        ->expression('count', 'count + :count', array(':count' => $count))
        ->condition('fid', $fid)
        ->execute();
    }
    $image->title = \Drupal\Component\Utility\SafeMarkup::checkPlain($image->title);
    $image->des = \Drupal\Component\Utility\SafeMarkup::checkPlain($image->des);

    $GLOBALS['photos'][$image->fid . '_pid'] = $image->pid;

    $image_view = array(
      '#theme' => 'photos_image_view',
      '#image' => $image,
      '#display_type' => 'view',
      '#cache' => array(
        'tags' => array(
          'photos:image:' . $fid
        )
      )
    );
    // Check for Jeditable library.
    // @todo move to static public function?
    if ($edit && isset($jeditable_library['js']) && file_exists($jeditable_library['js'][0]['data'])) {
      $image_view['#attached']['library'][] = 'photos/photos.jeditable';
    }

    return $image_view;
  }
  /**
   * Ajax edit image load text.
   */
  public function ajaxEditUpdateLoad() {
    $message = '';
    if (isset($_POST['id'])) {
      $id = \Drupal\Component\Utility\SafeMarkup::checkPlain($_POST['id']);
      if (strstr($id, 'title')) {
        $switch = 'title';
        $fid = str_replace('photos-image-edit-title-', '', $id);
      }
      elseif (strstr($id, 'des')) {
        $switch = 'des';
        $fid = str_replace('photos-image-edit-des-', '', $id);
      }
      $fid = filter_var($fid, FILTER_SANITIZE_NUMBER_INT);
      // Check user image edit permissions.
      // @todo photos.routing.yml _csrf_token: 'TRUE'.
      if ($fid && _photos_access('imageEdit', $fid)) {
        switch ($switch) {
          case 'title':
            $value = db_query("SELECT title FROM {photos_image} WHERE fid = :fid", array(':fid' => $fid))->fetchField();
            $message = $value;
          break;
          case 'des':
            $value = db_query("SELECT des FROM {photos_image} WHERE fid = :fid", array(':fid' => $fid))->fetchField();
            $message = $value;
          break;
        }
        // Clear cache.
        $pid = db_query("SELECT pid FROM {photos_image} WHERE fid = :fid", array(':fid' => $fid))->fetchField();
        if ($pid) {
          Cache::invalidateTags(array('node:' . $pid, 'photos:album:' . $pid));
        }
        Cache::invalidateTags(array('photos:image:' . $fid));
      }
    }

    // Build plain text response.
    $response = new Response();
    $response->headers->set('Content-Type', 'text/plain');
    $response->setContent($message);
    return $response;
  }