#71: Permissions are now fully inherited from an "ultimate parent". Most actions that can change the outcome of a user's permissions rebuild the permissions cache. Corrected a few minor HTML issues in layouts.

2018-09-16 22:11:53 +01:00 · 2018-09-16 22:11:53 +01:00 · ee4978878f
commit ee4978878f
parent 138cb91986
12 changed files with 185 additions and 55 deletions
--- a/app/Album.php
+++ b/app/Album.php
@ -103,6 +103,29 @@ class Album extends Model
        }
    }
    /**
     * Try and locate the parent album ID that permissions are inherited from.
     * @return integer
     */
    public function effectiveAlbumIDForPermissions()
    {
        $current = $this;
        while (!is_null($current->parent_album_id))
        {
            if ($current->is_permissions_inherited)
            {
                $current = $current->parent;
            }
            else
            {
                break;
            }
        }
        return $current->id;
    }
    public function generateAlias()
    {
        $this->url_alias = MiscHelper::capitaliseWord(preg_replace('/[^a-z0-9\-]/', '-', strtolower($this->name)));
--- a/app/Helpers/PermissionsHelper.php
+++ b/app/Helpers/PermissionsHelper.php
@ -10,13 +10,13 @@ use Illuminate\Support\Facades\DB;
 class PermissionsHelper
 {
-    public function getAlbumIDs($permission = 'list', $user)
+    public function getAlbumIDs($permission = 'list', User $user = null)
    {
        $result = [];
        $query = DB::table('album_permissions_cache')
            ->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
            ->where([
-                ['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
+                ['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
                ['permissions.section', 'album'],
                ['permissions.description', $permission]
            ])
@ -69,9 +69,11 @@ class PermissionsHelper
        /** @var Album $album */
        foreach ($albums as $album)
        {
-            $anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($album)
+            $effectiveAlbumID = $album->effectiveAlbumIDForPermissions();
            $anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($effectiveAlbumID)
            {
-                return ($item->album_id == $album->id);
+                return ($item->album_id == $effectiveAlbumID);
            });
            foreach ($anonymousPermissions as $anonymousPermission)
@ -84,9 +86,9 @@ class PermissionsHelper
                ];
            }
-            $userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($album)
+            $userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($effectiveAlbumID)
            {
-                return ($item->album_id == $album->id);
+                return ($item->album_id == $effectiveAlbumID);
            });
            foreach ($userPermissions as $userPermission)
@ -100,9 +102,9 @@ class PermissionsHelper
                ];
            }
-            $groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($album)
+            $groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($effectiveAlbumID)
            {
-                return ($item->album_id == $album->id);
+                return ($item->album_id == $effectiveAlbumID);
            });
            foreach ($groupPermissions as $groupPermission)
--- a/app/Http/Controllers/Admin/AlbumController.php
+++ b/app/Http/Controllers/Admin/AlbumController.php
@ -10,6 +10,7 @@ use App\Group;
 use App\Helpers\DbHelper;
 use App\Helpers\FileHelper;
 use App\Helpers\MiscHelper;
 use App\Helpers\PermissionsHelper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests;
 use App\Label;
@ -267,6 +268,10 @@ class AlbumController extends Controller
        $album->save();
        // Rebuild the permissions cache
        $helper = new PermissionsHelper();
        $helper->rebuildCache();
        return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
    }
@ -342,6 +347,10 @@ class AlbumController extends Controller
        $album->save();
        // Rebuild the permissions cache
        $helper = new PermissionsHelper();
        $helper->rebuildCache();
        return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
    }
@ -451,6 +460,7 @@ class AlbumController extends Controller
        $album = new Album();
        $album->fill($request->only(['name', 'description', 'storage_id', 'parent_album_id']));
        $album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
        if (strlen($album->parent_album_id) == 0)
        {
@ -465,6 +475,8 @@ class AlbumController extends Controller
        $album->save();
        // Link all default permissions to anonymous users (if a public album)
        if (!$album->is_permissions_inherited)
        {
            $isPrivate = (strtolower($request->get('is_private')) == 'on');
            if (!$isPrivate)
@ -478,6 +490,11 @@ class AlbumController extends Controller
                    ]);
                }
            }
        }
        // Rebuild the permissions cache
        $helper = new PermissionsHelper();
        $helper->rebuildCache();
        return redirect(route('albums.show', ['id' => $album->id]));
    }
@ -512,7 +529,7 @@ class AlbumController extends Controller
        $currentParentID = $album->parent_album_id;
        $album->fill($request->only(['name', 'description', 'parent_album_id']));
-        $album->is_permissions_inherited = $request->has('is_permissions_inherited');
+        $album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
        if (strlen($album->parent_album_id) == 0)
        {
@ -549,6 +566,11 @@ class AlbumController extends Controller
        }
        $album->save();
        // Rebuild the permissions cache
        $helper = new PermissionsHelper();
        $helper->rebuildCache();
        $request->session()->flash('success', trans('admin.album_saved_successfully', ['name' => $album->name]));
        return redirect(route('albums.show', ['id' => $id]));
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -5,6 +5,7 @@ namespace App\Http\Controllers\Admin;
 use App\Facade\Theme;
 use App\Facade\UserConfig;
 use App\Group;
 use App\Helpers\PermissionsHelper;
 use App\User;
 use App\Http\Requests;
@ -200,6 +201,10 @@ class UserController extends Controller
        $user->save();
        // Rebuild the permissions cache
        $helper = new PermissionsHelper();
        $helper->rebuildCache();
        return redirect(route('users.index'));
    }
--- a/database/migrations/2018_09_14_091046_create_album_permissions_cache_table.php
+++ b/database/migrations/2018_09_14_091046_create_album_permissions_cache_table.php
@ -14,8 +14,8 @@ class CreateAlbumPermissionsCacheTable extends Migration
    public function up()
    {
        Schema::create('album_permissions_cache', function (Blueprint $table) {
            $table->unsignedInteger('user_id')->nullable(true);
            $table->unsignedInteger('album_id');
            $table->unsignedInteger('user_id')->nullable(true);
            $table->unsignedInteger('permission_id');
            $table->timestamps();
--- a/resources/assets/js/admin.js
+++ b/resources/assets/js/admin.js
@ -46,6 +46,29 @@ function AboutViewModel(urls) {
    };
 }
 /**
 * This model is used by admin/create_album.blade.php.
 * @constructor
 */
 function CreateAlbumViewModel() {
    this.el = '#create-album-app';
    this.data = {
        is_inherit_permissions: true,
        is_private: false,
        parent_id: ''
    };
    this.computed = {
        isParentAlbum: function() {
            return this.parent_id == '';
        },
        isPrivateDisabled: function() {
            return !this.isParentAlbum && this.is_inherit_permissions;
        }
    }
 }
 /**
 * This model is used by admin/edit_album.blade.php.
 * @constructor
--- a/resources/lang/en/admin.php
+++ b/resources/lang/en/admin.php
@ -32,8 +32,10 @@ return [
    'album_cameras_heading' => 'Cameras used in this album',
    'album_cameras_tab' => 'Cameras',
    'album_cameras_text' => 'Blue Twilight analyses the Exif data in your photos to determine which cameras have been used. The cameras that were found are displayed below.',
-    'album_inheriting_permissions_p1' => 'Permissions inherited from parent album',
+    'album_change_more_details' => 'You can change more details about this album by editing it. Click the button below to go to the album\'s Edit page.',
-    'album_inheriting_permissions_p2' => 'This album is inheriting permissions from its parent album. You can change the permissions applied to this album from the :l_parent_startparent album\'s permissions tab:l_parent_end. ',
+    'album_inheriting_permissions_p1' => 'Inherited permissions are in effect',
    'album_inheriting_permissions_p2' => 'This album is inheriting permissions from a parent album and therefore permissions cannot be applied directly to it.',
    'album_inheriting_permissions_p3' => 'You can change the permissions applied to this album (and other albums under the same parent) from the :l_parent_start parent album\'s permissions tab:l_parent_end, or stop permissions from being inherited by :l_edit_start editing this album:l_edit_end.',
    'album_no_cameras_found_p1' => 'No cameras were found',
    'album_no_cameras_found_p2' => 'Upload more photos to this album or ensure the cameras you use support Exif image tagging.',
    'album_no_photos_p1' => 'No photos in this album',
--- a/resources/lang/en/forms.php
+++ b/resources/lang/en/forms.php
@ -24,6 +24,7 @@ return [
    'description_label' => 'Description:',
    'download_action' => 'Download',
    'edit_action' => 'Edit',
    'edit_album_action' => 'Edit this album',
    'email_label' => 'E-mail address:',
    'enable_profile_page_label' => 'Allow others to see my profile page',
    'inherit_album_permissions' => 'Inherit permissions from parent album',
--- a/resources/views/themes/base/admin/create_album.blade.php
+++ b/resources/views/themes/base/admin/create_album.blade.php
@ -9,7 +9,7 @@
@endsection
@section('content')
-    <div class="container">
+    <div class="container" id="create-album-app">
        <div class="row">
            <div class="col">
                <h1>@lang('admin.create_album')</h1>
@ -37,10 +37,10 @@
                    <div class="form-group">
                        <label class="form-control-label" for="parent-album">@lang('forms.parent_album_label')</label>
-                        <select class="form-control" name="parent_album_id" id="parent-album">
+                        <select class="form-control" name="parent_album_id" id="parent-album" v-model="parent_id">
                            <option value="">@lang('forms.parent_album_placeholder')</option>
                            @foreach ($parent_albums as $key => $value)
-                                <option value="{{ $key }}"{{ $key == old('parent_album_id') ? ' selected="selected"' : '' }}>{{ $value->display_name }}</option>
+                                <option value="{{ $key }}">{{ $value->display_name }}</option>
                            @endforeach
                        </select>
                    </div>
@ -54,9 +54,18 @@
                        </select>
                    </div>
                    <div class="form-group" v-if="!isParentAlbum">
                        <div class="mt-3 form-check">
                            <input type="checkbox" class="form-check-input" id="inherit-permissions" name="is_permissions_inherited" v-model="is_inherit_permissions" />
                            <label class="form-check-label" for="inherit-permissions">
                                @lang('forms.inherit_album_permissions')
                            </label>
                        </div>
                    </div>
                    <div class="form-check">
-                        <label class="form-check-label">
+                        <input class="form-check-input" type="checkbox" name="is_private" id="is-private" v-bind:disabled="isPrivateDisabled" v-model="is_private">
-                            <input class="form-check-inline" type="checkbox" name="is_private">
+                        <label class="form-check-label" for="is-private">
                            <i class="fa fa-fw fa-lock"></i> @lang('forms.private_album_label')
                        </label>
                    </div>
@ -70,3 +79,34 @@
        </div>
    </div>
@endsection
@push('scripts')
    <script type="text/javascript">
        var createAlbumViewModel = new CreateAlbumViewModel();
        createAlbumViewModel.data.parent_id = '{{ old('parent_album_id') }}';
        var app = null;
        $(document).ready(function()
        {
            app = new Vue(createAlbumViewModel);
            app.$watch('is_private', function()
            {
                // If user chooses to make the album private, it cannot then inherit permissions (secure by default)
                if (app.is_private)
                {
                    app.is_inherit_permissions = false;
                }
            });
            app.$watch('is_inherit_permissions', function()
            {
                // If user chooses to inherit permissions, it cannot also be private
                if (app.is_inherit_permissions)
                {
                    app.is_private = false;
                }
            });
        });
    </script>
@endpush
--- a/resources/views/themes/base/partials/album_permissions_tab.blade.php
+++ b/resources/views/themes/base/partials/album_permissions_tab.blade.php
@ -1,14 +1,19 @@
 <div role="tabpanel" class="tab-pane{{ $active_tab == 'permissions' ? ' active' : '' }}" id="permissions-tab">
    @if ($album->is_permissions_inherited)
        <div class="text-center mt-3">
            <h4 class="text-info"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
            <p>@lang('admin.album_inheriting_permissions_p2')</p>
            <p>@lang('admin.album_inheriting_permissions_p3', [
                'l_parent_start' => sprintf('<a href="%s">', route('albums.show', [$album->effectiveAlbumIDForPermissions(), 'tab' => 'permissions'])),
                'l_parent_end' => '</a>',
                'l_edit_start' => sprintf('<a href="%s">', route('albums.edit', [$album->id])),
                'l_edit_end' => '</a>'
            ])</p>
        </div>
    @else
        <h4>@lang('admin.security_heading')</h4>
        <p>@lang('admin.security_text')</p>
        <hr/>
    @if ($album->is_permissions_inherited)
        <div class="text-center mt-4">
            <h4 class="text-success"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
            <p class="mb-0">@lang('admin.album_inheriting_permissions_p2', ['l_parent_start' => '<a href="' . route('albums.show', [$album->parent_album_id]) . '?tab=permissions">', 'l_parent_end' => '</a>'])</p>
        </div>
    @else
        <h5 style="font-weight: bold;">@lang('admin.security_groups_heading')</h5>
        <form action="{{ route('albums.set_group_permissions', ['id' => $album->id]) }}" method="post">
--- a/resources/views/themes/base/partials/album_redirects_tab.blade.php
+++ b/resources/views/themes/base/partials/album_redirects_tab.blade.php
@ -4,7 +4,8 @@
    @if ($album->redirects()->count() > 0)
        <p>@lang('admin.existing_album_redirects')</p>
-        <table class="table table-striped table-responsive">
+        <div class="table-responsive">
            <table class="table table-striped">
                <thead>
                    <tr>
                        <th>@lang('admin.redirects_source_url_heading')</th>
@ -27,6 +28,7 @@
                    @endforeach
                </tbody>
            </table>
        </div>
        <br/>
    @endif
--- a/resources/views/themes/base/partials/album_settings_tab.blade.php
+++ b/resources/views/themes/base/partials/album_settings_tab.blade.php
@ -22,6 +22,11 @@
            <textarea class="form-control" id="album-description" name="description" rows="5">{{ old('description') }}</textarea>
        </div>
        <div class="form-group">
            <p>@lang('admin.album_change_more_details')</p>
            <a href="{{ route('albums.edit', [$album->id]) }}" class="btn btn-outline-primary">@lang('forms.edit_album_action')</a>
        </div>
        <hr/>
        <h4><i class="fa fa-fw fa-paint-brush"></i> @lang('admin.album_appearance_heading')</h4>