[dev] [cvs] commit: ansel/lib/Block gallery.php random_photo.php

[Michael Rubinsky]

Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Michael Rubinsky <mrubinsk at horde.org>:
>
>> Yea, I did actually play with combining this with general permission
>> checking (especially since we also want to add password protected
>> galleries as well), but kept coming back to the problem that we want
>> the galleries returned in a search so the user can see that there *is*
>> a gallery, we just need to decide what thumbnail to display based on
>> the age check. I moved the age check method to the gallery to at least
>> keep it cleaner.
>
> If the user otherwise has permissions for the gallery, then they
> should be limited to the SHOW permission - "show the object exists" -
> and we should honor that.

We already filter on PERMS_SHOW by default, but currently I guess we  
interpret that more as a PERMS_READ - which I assume was done for  
performance reasons.  Are you suggesting that we have to make at least  
one more permission check for each gallery that is being displayed in  
this case -   PERMS_SHOW in Ansel_Storage::listGalleries() and another  
to Ansel_Gallery::hasPermission() for PERMS_READ when attempting to  
display the gallery/tile/title/image names in the recent block etc...  
(which would include the check for other "extended" permissions?)


Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : http://lists.horde.org/archives/dev/attachments/20080319/d0977f2f/attachment.bin