[dev] [cvs] commit: ansel/lib/Block gallery.php random_photo.php

Michael Rubinsky mrubinsk at horde.org
Wed Mar 19 18:21:02 UTC 2008 

Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Michael Rubinsky <mrubinsk at horde.org>:
>
>> We already filter on PERMS_SHOW by default, but currently I guess we
>>  interpret that more as a PERMS_READ - which I assume was done for
>> performance reasons.  Are you suggesting that we have to make at
>> least  one more permission check for each gallery that is being
>> displayed in  this case -   PERMS_SHOW in
>> Ansel_Storage::listGalleries() and another  to
>> Ansel_Gallery::hasPermission() for PERMS_READ when attempting to
>> display the gallery/tile/title/image names in the recent block
>> etc...  (which would include the check for other "extended"
>> permissions?)
>
> I *think* that sounds about right. It's only a check for permissions
> that are already fetched, right? So it shouldn't be a problem in that
> respect.
>
> We might make a decision that for Ansel SHOW does let you see the name
> of the gallery - that feels right to me.

That sounds right, we can show the gallery name - but no image  
thumbnails or gallery tile thumbnails etc... they get replaced by some  
sort of 'adult' icon.  But things get tricky if we try to add a check  
for a password protected gallery in the same (centralized) place in  
the code.

In that case, just like with the age limit, the gallery would require  
SHOW - but IMO I'm not sure we should show anything more than gallery  
name - no image titles/filenames/etc.. either. So I'm not sure how to  
easily differentiate between the case where we can show the image name  
but no thumbnail and the case where we don't want to show *anything*  
about the gallery other than it's name.  This (I think) only comes  
into play in Blocks and maybe in RSS.

For the sake of simplification, I guess we could treat both cases the  
same, but then I would vote for the more restrictive rule - don't show  
any image information at all in the blocks or rss if we don't have READ.


Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : http://lists.horde.org/archives/dev/attachments/20080319/f6a2fc04/attachment.bin

More information about the dev mailing list