#71: Permissions are now fully inherited from an "ultimate parent". Most actions that can change the outcome of a user's permissions rebuild the permissions cache. Corrected a few minor HTML issues in layouts.
This commit is contained in:
parent
138cb91986
commit
ee4978878f
|
|
@ -103,6 +103,29 @@ class Album extends Model
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Try and locate the parent album ID that permissions are inherited from.
|
||||
* @return integer
|
||||
*/
|
||||
public function effectiveAlbumIDForPermissions()
|
||||
{
|
||||
$current = $this;
|
||||
|
||||
while (!is_null($current->parent_album_id))
|
||||
{
|
||||
if ($current->is_permissions_inherited)
|
||||
{
|
||||
$current = $current->parent;
|
||||
}
|
||||
else
|
||||
{
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $current->id;
|
||||
}
|
||||
|
||||
public function generateAlias()
|
||||
{
|
||||
$this->url_alias = MiscHelper::capitaliseWord(preg_replace('/[^a-z0-9\-]/', '-', strtolower($this->name)));
|
||||
|
|
|
|||
|
|
@ -10,13 +10,13 @@ use Illuminate\Support\Facades\DB;
|
|||
|
||||
class PermissionsHelper
|
||||
{
|
||||
public function getAlbumIDs($permission = 'list', $user)
|
||||
public function getAlbumIDs($permission = 'list', User $user = null)
|
||||
{
|
||||
$result = [];
|
||||
$query = DB::table('album_permissions_cache')
|
||||
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
|
||||
->where([
|
||||
['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
|
||||
['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
|
||||
['permissions.section', 'album'],
|
||||
['permissions.description', $permission]
|
||||
])
|
||||
|
|
@ -69,9 +69,11 @@ class PermissionsHelper
|
|||
/** @var Album $album */
|
||||
foreach ($albums as $album)
|
||||
{
|
||||
$anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($album)
|
||||
$effectiveAlbumID = $album->effectiveAlbumIDForPermissions();
|
||||
|
||||
$anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($effectiveAlbumID)
|
||||
{
|
||||
return ($item->album_id == $album->id);
|
||||
return ($item->album_id == $effectiveAlbumID);
|
||||
});
|
||||
|
||||
foreach ($anonymousPermissions as $anonymousPermission)
|
||||
|
|
@ -84,9 +86,9 @@ class PermissionsHelper
|
|||
];
|
||||
}
|
||||
|
||||
$userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($album)
|
||||
$userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($effectiveAlbumID)
|
||||
{
|
||||
return ($item->album_id == $album->id);
|
||||
return ($item->album_id == $effectiveAlbumID);
|
||||
});
|
||||
|
||||
foreach ($userPermissions as $userPermission)
|
||||
|
|
@ -100,9 +102,9 @@ class PermissionsHelper
|
|||
];
|
||||
}
|
||||
|
||||
$groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($album)
|
||||
$groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($effectiveAlbumID)
|
||||
{
|
||||
return ($item->album_id == $album->id);
|
||||
return ($item->album_id == $effectiveAlbumID);
|
||||
});
|
||||
|
||||
foreach ($groupPermissions as $groupPermission)
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ use App\Group;
|
|||
use App\Helpers\DbHelper;
|
||||
use App\Helpers\FileHelper;
|
||||
use App\Helpers\MiscHelper;
|
||||
use App\Helpers\PermissionsHelper;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests;
|
||||
use App\Label;
|
||||
|
|
@ -267,6 +268,10 @@ class AlbumController extends Controller
|
|||
|
||||
$album->save();
|
||||
|
||||
// Rebuild the permissions cache
|
||||
$helper = new PermissionsHelper();
|
||||
$helper->rebuildCache();
|
||||
|
||||
return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
|
||||
}
|
||||
|
||||
|
|
@ -342,6 +347,10 @@ class AlbumController extends Controller
|
|||
|
||||
$album->save();
|
||||
|
||||
// Rebuild the permissions cache
|
||||
$helper = new PermissionsHelper();
|
||||
$helper->rebuildCache();
|
||||
|
||||
return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
|
||||
}
|
||||
|
||||
|
|
@ -451,6 +460,7 @@ class AlbumController extends Controller
|
|||
|
||||
$album = new Album();
|
||||
$album->fill($request->only(['name', 'description', 'storage_id', 'parent_album_id']));
|
||||
$album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
|
||||
|
||||
if (strlen($album->parent_album_id) == 0)
|
||||
{
|
||||
|
|
@ -465,20 +475,27 @@ class AlbumController extends Controller
|
|||
$album->save();
|
||||
|
||||
// Link all default permissions to anonymous users (if a public album)
|
||||
$isPrivate = (strtolower($request->get('is_private')) == 'on');
|
||||
|
||||
if (!$isPrivate)
|
||||
if (!$album->is_permissions_inherited)
|
||||
{
|
||||
/** @var Permission $permission */
|
||||
foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission)
|
||||
$isPrivate = (strtolower($request->get('is_private')) == 'on');
|
||||
|
||||
if (!$isPrivate)
|
||||
{
|
||||
$album->anonymousPermissions()->attach($permission->id, [
|
||||
'created_at' => new \DateTime(),
|
||||
'updated_at' => new \DateTime()
|
||||
]);
|
||||
/** @var Permission $permission */
|
||||
foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission)
|
||||
{
|
||||
$album->anonymousPermissions()->attach($permission->id, [
|
||||
'created_at' => new \DateTime(),
|
||||
'updated_at' => new \DateTime()
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Rebuild the permissions cache
|
||||
$helper = new PermissionsHelper();
|
||||
$helper->rebuildCache();
|
||||
|
||||
return redirect(route('albums.show', ['id' => $album->id]));
|
||||
}
|
||||
|
||||
|
|
@ -512,7 +529,7 @@ class AlbumController extends Controller
|
|||
$currentParentID = $album->parent_album_id;
|
||||
|
||||
$album->fill($request->only(['name', 'description', 'parent_album_id']));
|
||||
$album->is_permissions_inherited = $request->has('is_permissions_inherited');
|
||||
$album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
|
||||
|
||||
if (strlen($album->parent_album_id) == 0)
|
||||
{
|
||||
|
|
@ -549,6 +566,11 @@ class AlbumController extends Controller
|
|||
}
|
||||
|
||||
$album->save();
|
||||
|
||||
// Rebuild the permissions cache
|
||||
$helper = new PermissionsHelper();
|
||||
$helper->rebuildCache();
|
||||
|
||||
$request->session()->flash('success', trans('admin.album_saved_successfully', ['name' => $album->name]));
|
||||
|
||||
return redirect(route('albums.show', ['id' => $id]));
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ namespace App\Http\Controllers\Admin;
|
|||
use App\Facade\Theme;
|
||||
use App\Facade\UserConfig;
|
||||
use App\Group;
|
||||
use App\Helpers\PermissionsHelper;
|
||||
use App\User;
|
||||
|
||||
use App\Http\Requests;
|
||||
|
|
@ -200,6 +201,10 @@ class UserController extends Controller
|
|||
|
||||
$user->save();
|
||||
|
||||
// Rebuild the permissions cache
|
||||
$helper = new PermissionsHelper();
|
||||
$helper->rebuildCache();
|
||||
|
||||
return redirect(route('users.index'));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ class CreateAlbumPermissionsCacheTable extends Migration
|
|||
public function up()
|
||||
{
|
||||
Schema::create('album_permissions_cache', function (Blueprint $table) {
|
||||
$table->unsignedInteger('user_id')->nullable(true);
|
||||
$table->unsignedInteger('album_id');
|
||||
$table->unsignedInteger('user_id')->nullable(true);
|
||||
$table->unsignedInteger('permission_id');
|
||||
$table->timestamps();
|
||||
|
||||
|
|
|
|||
|
|
@ -46,6 +46,29 @@ function AboutViewModel(urls) {
|
|||
};
|
||||
}
|
||||
|
||||
/**
|
||||
* This model is used by admin/create_album.blade.php.
|
||||
* @constructor
|
||||
*/
|
||||
function CreateAlbumViewModel() {
|
||||
this.el = '#create-album-app';
|
||||
|
||||
this.data = {
|
||||
is_inherit_permissions: true,
|
||||
is_private: false,
|
||||
parent_id: ''
|
||||
};
|
||||
|
||||
this.computed = {
|
||||
isParentAlbum: function() {
|
||||
return this.parent_id == '';
|
||||
},
|
||||
isPrivateDisabled: function() {
|
||||
return !this.isParentAlbum && this.is_inherit_permissions;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This model is used by admin/edit_album.blade.php.
|
||||
* @constructor
|
||||
|
|
|
|||
|
|
@ -32,8 +32,10 @@ return [
|
|||
'album_cameras_heading' => 'Cameras used in this album',
|
||||
'album_cameras_tab' => 'Cameras',
|
||||
'album_cameras_text' => 'Blue Twilight analyses the Exif data in your photos to determine which cameras have been used. The cameras that were found are displayed below.',
|
||||
'album_inheriting_permissions_p1' => 'Permissions inherited from parent album',
|
||||
'album_inheriting_permissions_p2' => 'This album is inheriting permissions from its parent album. You can change the permissions applied to this album from the :l_parent_startparent album\'s permissions tab:l_parent_end. ',
|
||||
'album_change_more_details' => 'You can change more details about this album by editing it. Click the button below to go to the album\'s Edit page.',
|
||||
'album_inheriting_permissions_p1' => 'Inherited permissions are in effect',
|
||||
'album_inheriting_permissions_p2' => 'This album is inheriting permissions from a parent album and therefore permissions cannot be applied directly to it.',
|
||||
'album_inheriting_permissions_p3' => 'You can change the permissions applied to this album (and other albums under the same parent) from the :l_parent_start parent album\'s permissions tab:l_parent_end, or stop permissions from being inherited by :l_edit_start editing this album:l_edit_end.',
|
||||
'album_no_cameras_found_p1' => 'No cameras were found',
|
||||
'album_no_cameras_found_p2' => 'Upload more photos to this album or ensure the cameras you use support Exif image tagging.',
|
||||
'album_no_photos_p1' => 'No photos in this album',
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ return [
|
|||
'description_label' => 'Description:',
|
||||
'download_action' => 'Download',
|
||||
'edit_action' => 'Edit',
|
||||
'edit_album_action' => 'Edit this album',
|
||||
'email_label' => 'E-mail address:',
|
||||
'enable_profile_page_label' => 'Allow others to see my profile page',
|
||||
'inherit_album_permissions' => 'Inherit permissions from parent album',
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
@endsection
|
||||
|
||||
@section('content')
|
||||
<div class="container">
|
||||
<div class="container" id="create-album-app">
|
||||
<div class="row">
|
||||
<div class="col">
|
||||
<h1>@lang('admin.create_album')</h1>
|
||||
|
|
@ -37,10 +37,10 @@
|
|||
|
||||
<div class="form-group">
|
||||
<label class="form-control-label" for="parent-album">@lang('forms.parent_album_label')</label>
|
||||
<select class="form-control" name="parent_album_id" id="parent-album">
|
||||
<select class="form-control" name="parent_album_id" id="parent-album" v-model="parent_id">
|
||||
<option value="">@lang('forms.parent_album_placeholder')</option>
|
||||
@foreach ($parent_albums as $key => $value)
|
||||
<option value="{{ $key }}"{{ $key == old('parent_album_id') ? ' selected="selected"' : '' }}>{{ $value->display_name }}</option>
|
||||
<option value="{{ $key }}">{{ $value->display_name }}</option>
|
||||
@endforeach
|
||||
</select>
|
||||
</div>
|
||||
|
|
@ -54,9 +54,18 @@
|
|||
</select>
|
||||
</div>
|
||||
|
||||
<div class="form-group" v-if="!isParentAlbum">
|
||||
<div class="mt-3 form-check">
|
||||
<input type="checkbox" class="form-check-input" id="inherit-permissions" name="is_permissions_inherited" v-model="is_inherit_permissions" />
|
||||
<label class="form-check-label" for="inherit-permissions">
|
||||
@lang('forms.inherit_album_permissions')
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-check">
|
||||
<label class="form-check-label">
|
||||
<input class="form-check-inline" type="checkbox" name="is_private">
|
||||
<input class="form-check-input" type="checkbox" name="is_private" id="is-private" v-bind:disabled="isPrivateDisabled" v-model="is_private">
|
||||
<label class="form-check-label" for="is-private">
|
||||
<i class="fa fa-fw fa-lock"></i> @lang('forms.private_album_label')
|
||||
</label>
|
||||
</div>
|
||||
|
|
@ -69,4 +78,35 @@
|
|||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@endsection
|
||||
@endsection
|
||||
|
||||
@push('scripts')
|
||||
<script type="text/javascript">
|
||||
var createAlbumViewModel = new CreateAlbumViewModel();
|
||||
createAlbumViewModel.data.parent_id = '{{ old('parent_album_id') }}';
|
||||
|
||||
var app = null;
|
||||
|
||||
$(document).ready(function()
|
||||
{
|
||||
app = new Vue(createAlbumViewModel);
|
||||
app.$watch('is_private', function()
|
||||
{
|
||||
// If user chooses to make the album private, it cannot then inherit permissions (secure by default)
|
||||
if (app.is_private)
|
||||
{
|
||||
app.is_inherit_permissions = false;
|
||||
}
|
||||
});
|
||||
|
||||
app.$watch('is_inherit_permissions', function()
|
||||
{
|
||||
// If user chooses to inherit permissions, it cannot also be private
|
||||
if (app.is_inherit_permissions)
|
||||
{
|
||||
app.is_private = false;
|
||||
}
|
||||
});
|
||||
});
|
||||
</script>
|
||||
@endpush
|
||||
|
|
@ -1,14 +1,19 @@
|
|||
<div role="tabpanel" class="tab-pane{{ $active_tab == 'permissions' ? ' active' : '' }}" id="permissions-tab">
|
||||
<h4>@lang('admin.security_heading')</h4>
|
||||
<p>@lang('admin.security_text')</p>
|
||||
<hr/>
|
||||
|
||||
@if ($album->is_permissions_inherited)
|
||||
<div class="text-center mt-4">
|
||||
<h4 class="text-success"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
|
||||
<p class="mb-0">@lang('admin.album_inheriting_permissions_p2', ['l_parent_start' => '<a href="' . route('albums.show', [$album->parent_album_id]) . '?tab=permissions">', 'l_parent_end' => '</a>'])</p>
|
||||
<div class="text-center mt-3">
|
||||
<h4 class="text-info"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
|
||||
<p>@lang('admin.album_inheriting_permissions_p2')</p>
|
||||
<p>@lang('admin.album_inheriting_permissions_p3', [
|
||||
'l_parent_start' => sprintf('<a href="%s">', route('albums.show', [$album->effectiveAlbumIDForPermissions(), 'tab' => 'permissions'])),
|
||||
'l_parent_end' => '</a>',
|
||||
'l_edit_start' => sprintf('<a href="%s">', route('albums.edit', [$album->id])),
|
||||
'l_edit_end' => '</a>'
|
||||
])</p>
|
||||
</div>
|
||||
@else
|
||||
<h4>@lang('admin.security_heading')</h4>
|
||||
<p>@lang('admin.security_text')</p>
|
||||
<hr/>
|
||||
<h5 style="font-weight: bold;">@lang('admin.security_groups_heading')</h5>
|
||||
|
||||
<form action="{{ route('albums.set_group_permissions', ['id' => $album->id]) }}" method="post">
|
||||
|
|
|
|||
|
|
@ -4,29 +4,31 @@
|
|||
@if ($album->redirects()->count() > 0)
|
||||
<p>@lang('admin.existing_album_redirects')</p>
|
||||
|
||||
<table class="table table-striped table-responsive">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>@lang('admin.redirects_source_url_heading')</th>
|
||||
<th style="width: 100px;">@lang('admin.redirects_actions_heading')</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
@foreach ($album->redirects as $redirect)
|
||||
<div class="table-responsive">
|
||||
<table class="table table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<td><a href="{{ route('home') }}/a{{ $redirect->source_url }}">{{ route('home') }}/a{{ $redirect->source_url }}</a></td>
|
||||
<td>
|
||||
<form method="post" action="{{ route('albums.delete_redirect', [$album->id, $redirect->id]) }}">
|
||||
{{ csrf_field() }}
|
||||
{{ method_field('DELETE') }}
|
||||
<input type="hidden" name="redirect_id" value="{{ $redirect->id }}" />
|
||||
<button type="submit" class="btn btn-sm btn-danger delete-redirect">@lang('forms.delete_action')</button>
|
||||
</form>
|
||||
</td>
|
||||
<th>@lang('admin.redirects_source_url_heading')</th>
|
||||
<th style="width: 100px;">@lang('admin.redirects_actions_heading')</th>
|
||||
</tr>
|
||||
@endforeach
|
||||
</tbody>
|
||||
</table>
|
||||
</thead>
|
||||
<tbody>
|
||||
@foreach ($album->redirects as $redirect)
|
||||
<tr>
|
||||
<td><a href="{{ route('home') }}/a{{ $redirect->source_url }}">{{ route('home') }}/a{{ $redirect->source_url }}</a></td>
|
||||
<td>
|
||||
<form method="post" action="{{ route('albums.delete_redirect', [$album->id, $redirect->id]) }}">
|
||||
{{ csrf_field() }}
|
||||
{{ method_field('DELETE') }}
|
||||
<input type="hidden" name="redirect_id" value="{{ $redirect->id }}" />
|
||||
<button type="submit" class="btn btn-sm btn-danger delete-redirect">@lang('forms.delete_action')</button>
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
@endforeach
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<br/>
|
||||
|
||||
@endif
|
||||
|
|
|
|||
|
|
@ -22,6 +22,11 @@
|
|||
<textarea class="form-control" id="album-description" name="description" rows="5">{{ old('description') }}</textarea>
|
||||
</div>
|
||||
|
||||
<div class="form-group">
|
||||
<p>@lang('admin.album_change_more_details')</p>
|
||||
<a href="{{ route('albums.edit', [$album->id]) }}" class="btn btn-outline-primary">@lang('forms.edit_album_action')</a>
|
||||
</div>
|
||||
|
||||
<hr/>
|
||||
|
||||
<h4><i class="fa fa-fw fa-paint-brush"></i> @lang('admin.album_appearance_heading')</h4>
|
||||
|
|
|
|||
Loading…
Reference in New Issue