Dev question : how to gain access to the original object? [SOLVED]

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Thu, 2007-03-22 13:36

I'm currently integrating a zipcart-like feature into the checkout modules. Could someone tell me how I can gain access to the original image, even if the user does not have permission to access it? I didn't find anything in the functions of the core library, but probably missed it/misunderstood. I obviously need access to the image loaction on disk...
And as a side point, is it possible to get access to resize images without the watermark, when the watermark is used by default?
Addendum : is it possible to create the resizes on-the-fly, without watermarking?
Thanks,
Jay

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Thu, 2007-03-22 21:03

if you're zipping files... take a look at the zipcart module.

besides: noone is stopping you from accessing the original images. you decide in your code when to do permission checks and when not.

is your question how to give a user access to the original such that the user can download the orignal image?
- if you want to give the user permanent access, use GalleryCoreApi::addUserPermission().
- if you want to give the user access to the original image temporarily, for the rest of the duration of the user's session, you can do:
use GalleryCoreApi::addEntityPermission() to set the permission

use the following to grant the permission to the current user's session:

                global $gallery;
                $session =& $gallery->getSession();
		if (!$session->exists(GALLERY_PERMISSION_SESSION_KEY)) {
		    $session->put(GALLERY_PERMISSION_SESSION_KEY, array());
		}
		$sessionPerms =& $session->get(GALLERY_PERMISSION_SESSION_KEY);
		if (!in_array($itemId, $sessionPerms)) {
		    $sessionPerms[] = (int)$itemId;
		}

for details, see modules/password/

--------------
Doumentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Thu, 2007-03-22 21:14

valiant, I was hoping to hear from you, thanks! Yes, I have already integrated the zipcart module into the checkout module (on my testbed).
Currently working on security of the checkoutpaypal module (before allowing download) as it was missing.
You understood my question in the latter part of your response, I will try that, thanks for the very complete response.

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Sat, 2007-03-24 14:46

valiant,
I've haven't managed to get this working. But in fact, the most efficient would be if I could get the path of the original image (not a resize), given an itemId. No need to overload with code to deal with sessions, since it's only for the purposes of a download that I need access, not for display.
Sorry, I'm clearly being dumb, but have not yet worked out how to get to this path, only that of derivatives of the image.
Jay

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Sat, 2007-03-24 16:13

OK, figured it out. Is this valid? :

$absolutePath = $gallery->getConfig('data.gallery.albums');

list ($ret, $logicalPath) = $item->fetchLogicalPath();
if ($ret) {
return array($ret->wrap(__FILE__, __LINE__), null);
}
$path = $absolutePath . $logicalPath;

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Sat, 2007-03-24 16:37

What's the purpose of the whole thing?
Maybe you can describe the feature in details such that we can avoid bad design decisions like avoiding an additional download script (there's already core/DownloadItem.inc).

anyhow, to answer your question:
list ($ret, $absolutePath) = $item->fetchPath();

--------------
Doumentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Sat, 2007-03-24 16:52

Ahhhh, many apologies. Your point led me to reread the code and I realised that I had mistakenly understood that fetchPath() was not returning the path to the original image, but it is! So yes, this makes perfect sense now.

valiant

Joined: 2003-01-04
Posts: 32509

Posted: Sat, 2007-03-24 19:58

Yes, but I'm concerned about your usage of it.
Are you creating another DownloadItem.inc for your module?
If so, why not use permenant or temporary permissions? Redundancy is very bad for code maintenance in this case.

--------------
Doumentation: Support / Troubleshooting | Installation, Upgrade, Configuration and Usage

jayhen

Joined: 2007-02-12
Posts: 159

Posted: Sat, 2007-03-24 20:05

What I'm doing is a slight modification to the zipcart functionality that allows the administrator to choose whether to allow the user to download the original image, or simply the best he has permission to (as is currently the case). I do not necessarily want to give permission to view the image, just to download it, so it doesn't seem necessary to use permissions in this case.

jayhen Joined: 2007-02-12 Posts: 159	Posted: Thu, 2007-03-22 13:36
	I'm currently integrating a zipcart-like feature into the checkout modules. Could someone tell me how I can gain access to the original image, even if the user does not have permission to access it? I didn't find anything in the functions of the core library, but probably missed it/misunderstood. I obviously need access to the image loaction on disk... And as a side point, is it possible to get access to resize images without the watermark, when the watermark is used by default? Addendum : is it possible to create the resizes on-the-fly, without watermarking? Thanks, Jay
	XUser login Username: * Password: * Create new account Request new password
valiant Joined: 2003-01-04 Posts: 32509	Posted: Thu, 2007-03-22 21:03
	if you're zipping files... take a look at the zipcart module. besides: noone is stopping you from accessing the original images. you decide in your code when to do permission checks and when not. is your question how to give a user access to the original such that the user can download the orignal image? - if you want to give the user permanent access, use GalleryCoreApi::addUserPermission(). - if you want to give the user access to the original image temporarily, for the rest of the duration of the user's session, you can do: use GalleryCoreApi::addEntityPermission() to set the permission use the following to grant the permission to the current user's session: global $gallery; $session =& $gallery->getSession(); if (!$session->exists(GALLERY_PERMISSION_SESSION_KEY)) { $session->put(GALLERY_PERMISSION_SESSION_KEY, array()); } $sessionPerms =& $session->get(GALLERY_PERMISSION_SESSION_KEY); if (!in_array($itemId, $sessionPerms)) { $sessionPerms[] = (int)$itemId; } for details, see modules/password/ -------------- Doumentation: Support / Troubleshooting \| Installation, Upgrade, Configuration and Usage

jayhen Joined: 2007-02-12 Posts: 159	Posted: Thu, 2007-03-22 21:14
	valiant, I was hoping to hear from you, thanks! Yes, I have already integrated the zipcart module into the checkout module (on my testbed). Currently working on security of the checkoutpaypal module (before allowing download) as it was missing. You understood my question in the latter part of your response, I will try that, thanks for the very complete response.

jayhen Joined: 2007-02-12 Posts: 159	Posted: Sat, 2007-03-24 14:46
	valiant, I've haven't managed to get this working. But in fact, the most efficient would be if I could get the path of the original image (not a resize), given an itemId. No need to overload with code to deal with sessions, since it's only for the purposes of a download that I need access, not for display. Sorry, I'm clearly being dumb, but have not yet worked out how to get to this path, only that of derivatives of the image. Jay

jayhen Joined: 2007-02-12 Posts: 159	Posted: Sat, 2007-03-24 16:13
	OK, figured it out. Is this valid? : $absolutePath = $gallery->getConfig('data.gallery.albums'); list ($ret, $logicalPath) = $item->fetchLogicalPath(); if ($ret) { return array($ret->wrap(__FILE__, __LINE__), null); } $path = $absolutePath . $logicalPath;

valiant Joined: 2003-01-04 Posts: 32509	Posted: Sat, 2007-03-24 16:37
	What's the purpose of the whole thing? Maybe you can describe the feature in details such that we can avoid bad design decisions like avoiding an additional download script (there's already core/DownloadItem.inc). anyhow, to answer your question: list ($ret, $absolutePath) = $item->fetchPath(); -------------- Doumentation: Support / Troubleshooting \| Installation, Upgrade, Configuration and Usage

jayhen Joined: 2007-02-12 Posts: 159	Posted: Sat, 2007-03-24 16:52
	Ahhhh, many apologies. Your point led me to reread the code and I realised that I had mistakenly understood that fetchPath() was not returning the path to the original image, but it is! So yes, this makes perfect sense now.

valiant Joined: 2003-01-04 Posts: 32509	Posted: Sat, 2007-03-24 19:58
	Yes, but I'm concerned about your usage of it. Are you creating another DownloadItem.inc for your module? If so, why not use permenant or temporary permissions? Redundancy is very bad for code maintenance in this case. -------------- Doumentation: Support / Troubleshooting \| Installation, Upgrade, Configuration and Usage

jayhen Joined: 2007-02-12 Posts: 159	Posted: Sat, 2007-03-24 20:05
	What I'm doing is a slight modification to the zipcart functionality that allows the administrator to choose whether to allow the user to download the original image, or simply the best he has permission to (as is currently the case). I do not necessarily want to give permission to view the image, just to download it, so it doesn't seem necessary to use permissions in this case.

Dev question : how to gain access to the original object? [SOLVED]

XUser login