diff --git a/app/Album.php b/app/Album.php index 8e94eda..d19c77b 100644 --- a/app/Album.php +++ b/app/Album.php @@ -123,6 +123,12 @@ class Album extends Model } } + if (is_null($current->parent_album_id) && $current->is_permissions_inherited) + { + // Use default permissions list + return 0; + } + return $current->id; } diff --git a/app/AlbumDefaultAnonymousPermission.php b/app/AlbumDefaultAnonymousPermission.php new file mode 100644 index 0000000..6924144 --- /dev/null +++ b/app/AlbumDefaultAnonymousPermission.php @@ -0,0 +1,9 @@ +get(); $albumAnonPermissions = DB::table('album_anonymous_permissions')->get(); + $defaultAlbumUserPermissions = AlbumDefaultUserPermission::all(); + $defaultAlbumGroupPermissions = AlbumDefaultGroupPermission::all(); + $defaultAnonPermissions = AlbumDefaultAnonymousPermission::all(); + // Get a list of all user->group memberships $userGroups = DB::table('user_groups')->get(); @@ -88,60 +95,109 @@ class PermissionsHelper { $effectiveAlbumID = $album->effectiveAlbumIDForPermissions(); - $anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($effectiveAlbumID) + if ($effectiveAlbumID === 0) { - return ($item->album_id == $effectiveAlbumID); - }); + /* Use the default permissions list */ - foreach ($anonymousPermissions as $anonymousPermission) - { - $permissionsCache[] = [ - 'album_id' => $album->id, - 'permission_id' => $anonymousPermission->permission_id, - 'created_at' => new \DateTime(), - 'updated_at' => new \DateTime() - ]; - } - - $userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($effectiveAlbumID) - { - return ($item->album_id == $effectiveAlbumID); - }); - - foreach ($userPermissions as $userPermission) - { - $permissionsCache[] = [ - 'user_id' => $userPermission->user_id, - 'album_id' => $album->id, - 'permission_id' => $userPermission->permission_id, - 'created_at' => new \DateTime(), - 'updated_at' => new \DateTime() - ]; - } - - $groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($effectiveAlbumID) - { - return ($item->album_id == $effectiveAlbumID); - }); - - foreach ($groupPermissions as $groupPermission) - { - // Get a list of users in this group, and add one per user - $usersInGroup = array_filter($userGroups->toArray(), function($item) use ($groupPermission) - { - return $item->group_id = $groupPermission->group_id; - }); - - foreach ($usersInGroup as $userGroup) + foreach ($defaultAnonPermissions as $anonymousPermission) { $permissionsCache[] = [ - 'user_id' => $userGroup->user_id, 'album_id' => $album->id, - 'permission_id' => $groupPermission->permission_id, + 'permission_id' => $anonymousPermission->permission_id, 'created_at' => new \DateTime(), 'updated_at' => new \DateTime() ]; } + + foreach ($defaultAlbumUserPermissions as $userPermission) + { + $permissionsCache[] = [ + 'user_id' => $userPermission->user_id, + 'album_id' => $album->id, + 'permission_id' => $userPermission->permission_id, + 'created_at' => new \DateTime(), + 'updated_at' => new \DateTime() + ]; + } + + foreach ($defaultAlbumGroupPermissions as $groupPermission) + { + // Get a list of users in this group, and add one per user + $usersInGroup = array_filter($userGroups->toArray(), function ($item) use ($groupPermission) + { + return $item->group_id = $groupPermission->group_id; + }); + + foreach ($usersInGroup as $userGroup) + { + $permissionsCache[] = [ + 'user_id' => $userGroup->user_id, + 'album_id' => $album->id, + 'permission_id' => $groupPermission->permission_id, + 'created_at' => new \DateTime(), + 'updated_at' => new \DateTime() + ]; + } + } + } + else + { + /* Use the specified album-specific permissions */ + $anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function ($item) use ($effectiveAlbumID) + { + return ($item->album_id == $effectiveAlbumID); + }); + + foreach ($anonymousPermissions as $anonymousPermission) + { + $permissionsCache[] = [ + 'album_id' => $album->id, + 'permission_id' => $anonymousPermission->permission_id, + 'created_at' => new \DateTime(), + 'updated_at' => new \DateTime() + ]; + } + + $userPermissions = array_filter($albumUserPermissions->toArray(), function ($item) use ($effectiveAlbumID) + { + return ($item->album_id == $effectiveAlbumID); + }); + + foreach ($userPermissions as $userPermission) + { + $permissionsCache[] = [ + 'user_id' => $userPermission->user_id, + 'album_id' => $album->id, + 'permission_id' => $userPermission->permission_id, + 'created_at' => new \DateTime(), + 'updated_at' => new \DateTime() + ]; + } + + $groupPermissions = array_filter($albumGroupPermissions->toArray(), function ($item) use ($effectiveAlbumID) + { + return ($item->album_id == $effectiveAlbumID); + }); + + foreach ($groupPermissions as $groupPermission) + { + // Get a list of users in this group, and add one per user + $usersInGroup = array_filter($userGroups->toArray(), function ($item) use ($groupPermission) + { + return $item->group_id = $groupPermission->group_id; + }); + + foreach ($usersInGroup as $userGroup) + { + $permissionsCache[] = [ + 'user_id' => $userGroup->user_id, + 'album_id' => $album->id, + 'permission_id' => $groupPermission->permission_id, + 'created_at' => new \DateTime(), + 'updated_at' => new \DateTime() + ]; + } + } } } diff --git a/app/Http/Controllers/Admin/AlbumController.php b/app/Http/Controllers/Admin/AlbumController.php index bf91fbc..1dede84 100644 --- a/app/Http/Controllers/Admin/AlbumController.php +++ b/app/Http/Controllers/Admin/AlbumController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers\Admin; use App\Album; +use App\AlbumDefaultAnonymousPermission; use App\AlbumDefaultGroupPermission; use App\AlbumDefaultUserPermission; use App\AlbumRedirect; @@ -30,6 +31,30 @@ use Illuminate\Support\Facades\View; class AlbumController extends Controller { + public static function doesGroupHaveDefaultPermission(Group $group, Permission $permission) + { + return AlbumDefaultGroupPermission::where([ + 'group_id' => $group->id, + 'permission_id' => $permission->id + ])->count() > 0; + } + + public static function doesUserHaveDefaultPermission($user, Permission $permission) + { + // User will be null for anonymous users + if (is_null($user)) + { + return AlbumDefaultAnonymousPermission::where(['permission_id' => $permission->id])->count() > 0; + } + else + { + return AlbumDefaultUserPermission::where([ + 'user_id' => $user->id, + 'permission_id' => $permission->id + ])->count() > 0; + } + } + public function __construct() { $this->middleware('auth'); @@ -252,6 +277,130 @@ class AlbumController extends Controller ]); } + public function setDefaultGroupPermissions(Request $request) + { + $this->authorizeAccessToAdminPanel('admin:manage-albums'); + + if ($request->get('action') == 'add_group' && $request->has('group_id')) + { + /* Add a new group to the default permission list */ + + /** @var Group $group */ + $group = Group::where('id', $request->get('group_id'))->first(); + if (is_null($group)) + { + App::abort(404); + } + + // Link all default permissions to the group + /** @var Permission $permission */ + foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission) + { + $defaultPermission = new AlbumDefaultGroupPermission(); + $defaultPermission->group_id = $group->id; + $defaultPermission->permission_id = $permission->id; + $defaultPermission->save(); + } + } + else if ($request->get('action') == 'update_group_permissions') + { + /* Update existing group permissions for this album */ + AlbumDefaultGroupPermission::truncate(); + + $permissions = $request->get('permissions'); + if (is_array($permissions)) + { + foreach ($permissions as $groupID => $permissionIDs) + { + foreach ($permissionIDs as $permissionID) + { + $defaultPermission = new AlbumDefaultGroupPermission(); + $defaultPermission->group_id = $groupID; + $defaultPermission->permission_id = $permissionID; + $defaultPermission->save(); + } + } + } + } + + // Rebuild the permissions cache + $helper = new PermissionsHelper(); + $helper->rebuildCache(); + + return redirect(route('albums.defaultPermissions')); + } + + public function setDefaultUserPermissions(Request $request) + { + $this->authorizeAccessToAdminPanel('admin:manage-albums'); + + if ($request->get('action') == 'add_user' && $request->has('user_id')) + { + /* Add a new user to the permission list for this album */ + + /** @var User $user */ + $user = User::where('id', $request->get('user_id'))->first(); + if (is_null($user)) + { + App::abort(404); + } + + // Link all default permissions to the group + /** @var Permission $permission */ + foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission) + { + $defaultPermission = new AlbumDefaultUserPermission(); + $defaultPermission->user_id = $user->id; + $defaultPermission->permission_id = $permission->id; + $defaultPermission->save(); + } + } + else if ($request->get('action') == 'update_user_permissions') + { + /* Update existing user and anonymous permissions for this album */ + AlbumDefaultAnonymousPermission::truncate(); + AlbumDefaultUserPermission::truncate(); + + $permissions = $request->get('permissions'); + if (is_array($permissions)) + { + if (isset($permissions['anonymous'])) + { + foreach ($permissions['anonymous'] as $permissionID) + { + $defaultPermission = new AlbumDefaultAnonymousPermission(); + $defaultPermission->permission_id = $permissionID; + $defaultPermission->save(); + } + } + + foreach ($permissions as $key => $value) + { + $userID = intval($key); + if ($userID == 0) + { + // Skip non-numeric IDs (e.g. anonymous) + continue; + } + + foreach ($value as $permissionID) + { + $defaultPermission = new AlbumDefaultUserPermission(); + $defaultPermission->user_id = $userID; + $defaultPermission->permission_id = $permissionID; + $defaultPermission->save(); + } + } + } + } + + // Rebuild the permissions cache + $helper = new PermissionsHelper(); + $helper->rebuildCache(); + + return redirect(route('albums.defaultPermissions')); + } + public function setGroupPermissions(Request $request, $id) { $this->authorizeAccessToAdminPanel('admin:manage-albums'); diff --git a/resources/lang/en/admin.php b/resources/lang/en/admin.php index a696646..69b8ca0 100644 --- a/resources/lang/en/admin.php +++ b/resources/lang/en/admin.php @@ -35,7 +35,9 @@ return [ 'album_change_more_details' => 'You can change more details about this album by editing it. Click the button below to go to the album\'s Edit page.', 'album_inheriting_permissions_p1' => 'Inherited permissions are in effect', 'album_inheriting_permissions_p2' => 'This album is inheriting permissions from a parent album and therefore permissions cannot be applied directly to it.', + 'album_inheriting_permissions_p2_toplevel' => 'This album is inheriting permissions from the default album permissions and therefore permissions cannot be applied directly to it.', 'album_inheriting_permissions_p3' => 'You can change the permissions applied to this album (and other albums under the same parent) from the :l_parent_start parent album\'s permissions tab:l_parent_end, or stop permissions from being inherited by :l_edit_start editing this album:l_edit_end.', + 'album_inheriting_permissions_p3_toplevel' => 'You can change the permissions applied to this album from the :l_defperms_start default album permissions screen:l_defperms_end, or stop permissions from being inherited by :l_edit_start editing this album:l_edit_end.', 'album_no_cameras_found_p1' => 'No cameras were found', 'album_no_cameras_found_p2' => 'Upload more photos to this album or ensure the cameras you use support Exif image tagging.', 'album_no_photos_p1' => 'No photos in this album', @@ -232,6 +234,8 @@ return [ 'analytics_tab' => 'Analytics', 'comments_moderation' => 'Moderation', 'comments_tab' => 'Comments', + 'default_album_permissions' => 'Default Album Permissions', + 'default_album_permissions_intro' => 'Configure a set of permissions to apply to top-level albums that do not have their own permissions, and as a base set of permissions for newly-created albums.', 'permissions_cache' => 'Permissions Cache', 'permissions_cache_intro' => 'Blue Twilight maintains the permissions each user has to albums in the database. If you feel these aren\'t correct based on what\'s configured, you can rebuild the cache by clicking the button below.', 'rebuild_permissions_cache' => 'Rebuild Permissions Cache', diff --git a/resources/lang/en/forms.php b/resources/lang/en/forms.php index ada0a0c..aef8373 100644 --- a/resources/lang/en/forms.php +++ b/resources/lang/en/forms.php @@ -28,7 +28,7 @@ return [ 'email_label' => 'E-mail address:', 'email_placeholder' => 'name@example.com', 'enable_profile_page_label' => 'Allow others to see my profile page', - 'inherit_album_permissions' => 'Inherit permissions from parent album', + 'inherit_album_permissions' => 'Inherit permissions from parent album / default settings', 'labels_label' => 'Labels:', 'login_action' => 'Login', 'name_label' => 'Name:', diff --git a/resources/views/themes/base/admin/album_default_permissions.blade.php b/resources/views/themes/base/admin/album_default_permissions.blade.php index 0905c7d..6c1b7ba 100644 --- a/resources/views/themes/base/admin/album_default_permissions.blade.php +++ b/resources/views/themes/base/admin/album_default_permissions.blade.php @@ -18,6 +18,9 @@

@lang('admin.default_album_permissions.intro_2')

+
+
@lang('admin.security_groups_heading')
+
{{ csrf_field() }} @@ -28,7 +31,7 @@ 'key_id' => 'group_' . $group->id, 'object_id' => $group->id, 'title' => $group->name, - 'callback' => [$album, 'doesGroupHavePermission'], + 'callback' => [\App\Http\Controllers\Admin\AlbumController::class, 'doesGroupHaveDefaultPermission'], 'callback_object' => $group, 'parent_id' => 'groups-accordion' ]) @@ -67,7 +70,7 @@ 'key_id' => 'anonymous', 'object_id' => 'anonymous', 'title' => trans('admin.anonymous_users'), - 'callback' => [$album, 'doesUserHavePermission'], + 'callback' => [\App\Http\Controllers\Admin\AlbumController::class, 'doesUserHaveDefaultPermission'], 'callback_object' => null, 'parent_id' => 'users-accordion' ]) @@ -77,7 +80,7 @@ 'key_id' => 'user_' . $user->id, 'object_id' => $user->id, 'title' => $user->name, - 'callback' => [$album, 'doesUserHavePermission'], + 'callback' => [\App\Http\Controllers\Admin\AlbumController::class, 'doesUserHaveDefaultPermission'], 'callback_object' => $user, 'parent_id' => 'users-accordion' ]) @@ -102,4 +105,37 @@ -@endsection \ No newline at end of file +@endsection + +@push('scripts') + +@endpush \ No newline at end of file diff --git a/resources/views/themes/base/admin/create_album.blade.php b/resources/views/themes/base/admin/create_album.blade.php index db9e9c1..0f41cce 100644 --- a/resources/views/themes/base/admin/create_album.blade.php +++ b/resources/views/themes/base/admin/create_album.blade.php @@ -54,7 +54,7 @@ -
+
-
+
is_permissions_inherited ? ' checked="checked"' : '' }}>