#71: Permissions are now fully inherited from an "ultimate parent". Most actions that can change the outcome of a user's permissions rebuild the permissions cache. Corrected a few minor HTML issues in layouts.

This commit is contained in:
Andy Heathershaw 2018-09-16 22:11:53 +01:00
parent 138cb91986
commit ee4978878f
12 changed files with 185 additions and 55 deletions

View File

@ -103,6 +103,29 @@ class Album extends Model
}
}
/**
* Try and locate the parent album ID that permissions are inherited from.
* @return integer
*/
public function effectiveAlbumIDForPermissions()
{
$current = $this;
while (!is_null($current->parent_album_id))
{
if ($current->is_permissions_inherited)
{
$current = $current->parent;
}
else
{
break;
}
}
return $current->id;
}
public function generateAlias()
{
$this->url_alias = MiscHelper::capitaliseWord(preg_replace('/[^a-z0-9\-]/', '-', strtolower($this->name)));

View File

@ -10,13 +10,13 @@ use Illuminate\Support\Facades\DB;
class PermissionsHelper
{
public function getAlbumIDs($permission = 'list', $user)
public function getAlbumIDs($permission = 'list', User $user = null)
{
$result = [];
$query = DB::table('album_permissions_cache')
->join('permissions', 'permissions.id', '=', 'album_permissions_cache.permission_id')
->where([
['album_permissions_cache.user_id', (is_null($user) ? null : $user->id)],
['album_permissions_cache.user_id', (is_null($user) || $user->isAnonymous() ? null : $user->id)],
['permissions.section', 'album'],
['permissions.description', $permission]
])
@ -69,9 +69,11 @@ class PermissionsHelper
/** @var Album $album */
foreach ($albums as $album)
{
$anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($album)
$effectiveAlbumID = $album->effectiveAlbumIDForPermissions();
$anonymousPermissions = array_filter($albumAnonPermissions->toArray(), function($item) use ($effectiveAlbumID)
{
return ($item->album_id == $album->id);
return ($item->album_id == $effectiveAlbumID);
});
foreach ($anonymousPermissions as $anonymousPermission)
@ -84,9 +86,9 @@ class PermissionsHelper
];
}
$userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($album)
$userPermissions = array_filter($albumUserPermissions->toArray(), function($item) use ($effectiveAlbumID)
{
return ($item->album_id == $album->id);
return ($item->album_id == $effectiveAlbumID);
});
foreach ($userPermissions as $userPermission)
@ -100,9 +102,9 @@ class PermissionsHelper
];
}
$groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($album)
$groupPermissions = array_filter($albumGroupPermissions->toArray(), function($item) use ($effectiveAlbumID)
{
return ($item->album_id == $album->id);
return ($item->album_id == $effectiveAlbumID);
});
foreach ($groupPermissions as $groupPermission)

View File

@ -10,6 +10,7 @@ use App\Group;
use App\Helpers\DbHelper;
use App\Helpers\FileHelper;
use App\Helpers\MiscHelper;
use App\Helpers\PermissionsHelper;
use App\Http\Controllers\Controller;
use App\Http\Requests;
use App\Label;
@ -267,6 +268,10 @@ class AlbumController extends Controller
$album->save();
// Rebuild the permissions cache
$helper = new PermissionsHelper();
$helper->rebuildCache();
return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
}
@ -342,6 +347,10 @@ class AlbumController extends Controller
$album->save();
// Rebuild the permissions cache
$helper = new PermissionsHelper();
$helper->rebuildCache();
return redirect(route('albums.show', [$album->id, 'tab' => 'permissions']));
}
@ -451,6 +460,7 @@ class AlbumController extends Controller
$album = new Album();
$album->fill($request->only(['name', 'description', 'storage_id', 'parent_album_id']));
$album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
if (strlen($album->parent_album_id) == 0)
{
@ -465,20 +475,27 @@ class AlbumController extends Controller
$album->save();
// Link all default permissions to anonymous users (if a public album)
$isPrivate = (strtolower($request->get('is_private')) == 'on');
if (!$isPrivate)
if (!$album->is_permissions_inherited)
{
/** @var Permission $permission */
foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission)
$isPrivate = (strtolower($request->get('is_private')) == 'on');
if (!$isPrivate)
{
$album->anonymousPermissions()->attach($permission->id, [
'created_at' => new \DateTime(),
'updated_at' => new \DateTime()
]);
/** @var Permission $permission */
foreach (Permission::where(['section' => 'album', 'is_default' => true])->get() as $permission)
{
$album->anonymousPermissions()->attach($permission->id, [
'created_at' => new \DateTime(),
'updated_at' => new \DateTime()
]);
}
}
}
// Rebuild the permissions cache
$helper = new PermissionsHelper();
$helper->rebuildCache();
return redirect(route('albums.show', ['id' => $album->id]));
}
@ -512,7 +529,7 @@ class AlbumController extends Controller
$currentParentID = $album->parent_album_id;
$album->fill($request->only(['name', 'description', 'parent_album_id']));
$album->is_permissions_inherited = $request->has('is_permissions_inherited');
$album->is_permissions_inherited = (strtolower($request->get('is_permissions_inherited')) == 'on');
if (strlen($album->parent_album_id) == 0)
{
@ -549,6 +566,11 @@ class AlbumController extends Controller
}
$album->save();
// Rebuild the permissions cache
$helper = new PermissionsHelper();
$helper->rebuildCache();
$request->session()->flash('success', trans('admin.album_saved_successfully', ['name' => $album->name]));
return redirect(route('albums.show', ['id' => $id]));

View File

@ -5,6 +5,7 @@ namespace App\Http\Controllers\Admin;
use App\Facade\Theme;
use App\Facade\UserConfig;
use App\Group;
use App\Helpers\PermissionsHelper;
use App\User;
use App\Http\Requests;
@ -200,6 +201,10 @@ class UserController extends Controller
$user->save();
// Rebuild the permissions cache
$helper = new PermissionsHelper();
$helper->rebuildCache();
return redirect(route('users.index'));
}

View File

@ -14,8 +14,8 @@ class CreateAlbumPermissionsCacheTable extends Migration
public function up()
{
Schema::create('album_permissions_cache', function (Blueprint $table) {
$table->unsignedInteger('user_id')->nullable(true);
$table->unsignedInteger('album_id');
$table->unsignedInteger('user_id')->nullable(true);
$table->unsignedInteger('permission_id');
$table->timestamps();

View File

@ -46,6 +46,29 @@ function AboutViewModel(urls) {
};
}
/**
* This model is used by admin/create_album.blade.php.
* @constructor
*/
function CreateAlbumViewModel() {
this.el = '#create-album-app';
this.data = {
is_inherit_permissions: true,
is_private: false,
parent_id: ''
};
this.computed = {
isParentAlbum: function() {
return this.parent_id == '';
},
isPrivateDisabled: function() {
return !this.isParentAlbum && this.is_inherit_permissions;
}
}
}
/**
* This model is used by admin/edit_album.blade.php.
* @constructor

View File

@ -32,8 +32,10 @@ return [
'album_cameras_heading' => 'Cameras used in this album',
'album_cameras_tab' => 'Cameras',
'album_cameras_text' => 'Blue Twilight analyses the Exif data in your photos to determine which cameras have been used. The cameras that were found are displayed below.',
'album_inheriting_permissions_p1' => 'Permissions inherited from parent album',
'album_inheriting_permissions_p2' => 'This album is inheriting permissions from its parent album. You can change the permissions applied to this album from the :l_parent_startparent album\'s permissions tab:l_parent_end. ',
'album_change_more_details' => 'You can change more details about this album by editing it. Click the button below to go to the album\'s Edit page.',
'album_inheriting_permissions_p1' => 'Inherited permissions are in effect',
'album_inheriting_permissions_p2' => 'This album is inheriting permissions from a parent album and therefore permissions cannot be applied directly to it.',
'album_inheriting_permissions_p3' => 'You can change the permissions applied to this album (and other albums under the same parent) from the :l_parent_start parent album\'s permissions tab:l_parent_end, or stop permissions from being inherited by :l_edit_start editing this album:l_edit_end.',
'album_no_cameras_found_p1' => 'No cameras were found',
'album_no_cameras_found_p2' => 'Upload more photos to this album or ensure the cameras you use support Exif image tagging.',
'album_no_photos_p1' => 'No photos in this album',

View File

@ -24,6 +24,7 @@ return [
'description_label' => 'Description:',
'download_action' => 'Download',
'edit_action' => 'Edit',
'edit_album_action' => 'Edit this album',
'email_label' => 'E-mail address:',
'enable_profile_page_label' => 'Allow others to see my profile page',
'inherit_album_permissions' => 'Inherit permissions from parent album',

View File

@ -9,7 +9,7 @@
@endsection
@section('content')
<div class="container">
<div class="container" id="create-album-app">
<div class="row">
<div class="col">
<h1>@lang('admin.create_album')</h1>
@ -37,10 +37,10 @@
<div class="form-group">
<label class="form-control-label" for="parent-album">@lang('forms.parent_album_label')</label>
<select class="form-control" name="parent_album_id" id="parent-album">
<select class="form-control" name="parent_album_id" id="parent-album" v-model="parent_id">
<option value="">@lang('forms.parent_album_placeholder')</option>
@foreach ($parent_albums as $key => $value)
<option value="{{ $key }}"{{ $key == old('parent_album_id') ? ' selected="selected"' : '' }}>{{ $value->display_name }}</option>
<option value="{{ $key }}">{{ $value->display_name }}</option>
@endforeach
</select>
</div>
@ -54,9 +54,18 @@
</select>
</div>
<div class="form-group" v-if="!isParentAlbum">
<div class="mt-3 form-check">
<input type="checkbox" class="form-check-input" id="inherit-permissions" name="is_permissions_inherited" v-model="is_inherit_permissions" />
<label class="form-check-label" for="inherit-permissions">
@lang('forms.inherit_album_permissions')
</label>
</div>
</div>
<div class="form-check">
<label class="form-check-label">
<input class="form-check-inline" type="checkbox" name="is_private">
<input class="form-check-input" type="checkbox" name="is_private" id="is-private" v-bind:disabled="isPrivateDisabled" v-model="is_private">
<label class="form-check-label" for="is-private">
<i class="fa fa-fw fa-lock"></i> @lang('forms.private_album_label')
</label>
</div>
@ -70,3 +79,34 @@
</div>
</div>
@endsection
@push('scripts')
<script type="text/javascript">
var createAlbumViewModel = new CreateAlbumViewModel();
createAlbumViewModel.data.parent_id = '{{ old('parent_album_id') }}';
var app = null;
$(document).ready(function()
{
app = new Vue(createAlbumViewModel);
app.$watch('is_private', function()
{
// If user chooses to make the album private, it cannot then inherit permissions (secure by default)
if (app.is_private)
{
app.is_inherit_permissions = false;
}
});
app.$watch('is_inherit_permissions', function()
{
// If user chooses to inherit permissions, it cannot also be private
if (app.is_inherit_permissions)
{
app.is_private = false;
}
});
});
</script>
@endpush

View File

@ -1,14 +1,19 @@
<div role="tabpanel" class="tab-pane{{ $active_tab == 'permissions' ? ' active' : '' }}" id="permissions-tab">
<h4>@lang('admin.security_heading')</h4>
<p>@lang('admin.security_text')</p>
<hr/>
@if ($album->is_permissions_inherited)
<div class="text-center mt-4">
<h4 class="text-success"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
<p class="mb-0">@lang('admin.album_inheriting_permissions_p2', ['l_parent_start' => '<a href="' . route('albums.show', [$album->parent_album_id]) . '?tab=permissions">', 'l_parent_end' => '</a>'])</p>
<div class="text-center mt-3">
<h4 class="text-info"><b>@lang('admin.album_inheriting_permissions_p1')</b></h4>
<p>@lang('admin.album_inheriting_permissions_p2')</p>
<p>@lang('admin.album_inheriting_permissions_p3', [
'l_parent_start' => sprintf('<a href="%s">', route('albums.show', [$album->effectiveAlbumIDForPermissions(), 'tab' => 'permissions'])),
'l_parent_end' => '</a>',
'l_edit_start' => sprintf('<a href="%s">', route('albums.edit', [$album->id])),
'l_edit_end' => '</a>'
])</p>
</div>
@else
<h4>@lang('admin.security_heading')</h4>
<p>@lang('admin.security_text')</p>
<hr/>
<h5 style="font-weight: bold;">@lang('admin.security_groups_heading')</h5>
<form action="{{ route('albums.set_group_permissions', ['id' => $album->id]) }}" method="post">

View File

@ -4,29 +4,31 @@
@if ($album->redirects()->count() > 0)
<p>@lang('admin.existing_album_redirects')</p>
<table class="table table-striped table-responsive">
<thead>
<tr>
<th>@lang('admin.redirects_source_url_heading')</th>
<th style="width: 100px;">@lang('admin.redirects_actions_heading')</th>
</tr>
</thead>
<tbody>
@foreach ($album->redirects as $redirect)
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<td><a href="{{ route('home') }}/a{{ $redirect->source_url }}">{{ route('home') }}/a{{ $redirect->source_url }}</a></td>
<td>
<form method="post" action="{{ route('albums.delete_redirect', [$album->id, $redirect->id]) }}">
{{ csrf_field() }}
{{ method_field('DELETE') }}
<input type="hidden" name="redirect_id" value="{{ $redirect->id }}" />
<button type="submit" class="btn btn-sm btn-danger delete-redirect">@lang('forms.delete_action')</button>
</form>
</td>
<th>@lang('admin.redirects_source_url_heading')</th>
<th style="width: 100px;">@lang('admin.redirects_actions_heading')</th>
</tr>
@endforeach
</tbody>
</table>
</thead>
<tbody>
@foreach ($album->redirects as $redirect)
<tr>
<td><a href="{{ route('home') }}/a{{ $redirect->source_url }}">{{ route('home') }}/a{{ $redirect->source_url }}</a></td>
<td>
<form method="post" action="{{ route('albums.delete_redirect', [$album->id, $redirect->id]) }}">
{{ csrf_field() }}
{{ method_field('DELETE') }}
<input type="hidden" name="redirect_id" value="{{ $redirect->id }}" />
<button type="submit" class="btn btn-sm btn-danger delete-redirect">@lang('forms.delete_action')</button>
</form>
</td>
</tr>
@endforeach
</tbody>
</table>
</div>
<br/>
@endif

View File

@ -22,6 +22,11 @@
<textarea class="form-control" id="album-description" name="description" rows="5">{{ old('description') }}</textarea>
</div>
<div class="form-group">
<p>@lang('admin.album_change_more_details')</p>
<a href="{{ route('albums.edit', [$album->id]) }}" class="btn btn-outline-primary">@lang('forms.edit_album_action')</a>
</div>
<hr/>
<h4><i class="fa fa-fw fa-paint-brush"></i> @lang('admin.album_appearance_heading')</h4>