From 1f49737ae7a5f2e8818eb0046ecf27e58b50a548 Mon Sep 17 00:00:00 2001
From: Colin Kuskie <colink@perldreamer.com>
Date: Fri, 13 Nov 2009 17:16:56 -0800
Subject: [PATCH] Allow other users to save photos into another user's album. 
 Fixes bug #11228.

---
 docs/changelog/7.x.x.txt                  |  1 +
 lib/WebGUI/Asset/File/GalleryFile.pm      | 13 +++++++++++++
 lib/WebGUI/Asset/Wobject/GalleryAlbum.pm  |  5 +----
 t/Asset/Wobject/GalleryAlbum/permission.t |  8 +-------
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 56035044f..47f8f1994 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -15,6 +15,7 @@
  - fixed #11216: LDAP Connections status incorrect
  - fixed #11229: ProgressBar throws errors on some messages.
  - fixed #11217: LDAP authentication fails if user DN changes
+ - fixed #11228: Gallery image upload to other users folder permission denied
 
 7.8.4
  - Fixed a compatibility problem between WRE and new Spectre code.
diff --git a/lib/WebGUI/Asset/File/GalleryFile.pm b/lib/WebGUI/Asset/File/GalleryFile.pm
index 210bccb25..c640dcf45 100644
--- a/lib/WebGUI/Asset/File/GalleryFile.pm
+++ b/lib/WebGUI/Asset/File/GalleryFile.pm
@@ -738,6 +738,19 @@ sub update {
 }
 
 
+#----------------------------------------------------------------------------
+
+=head2 validParent ( )
+
+Override validParent to only allow GalleryAlbums to hold GalleryFiles.
+
+=cut
+
+sub validParent {
+    my ($class, $session) = @_;
+    return $session->asset->isa('WebGUI::Asset::Wobject::GalleryAlbum');
+}
+
 #----------------------------------------------------------------------------
 
 =head2 view ( )
diff --git a/lib/WebGUI/Asset/Wobject/GalleryAlbum.pm b/lib/WebGUI/Asset/Wobject/GalleryAlbum.pm
index d339d2cba..79937eb06 100644
--- a/lib/WebGUI/Asset/Wobject/GalleryAlbum.pm
+++ b/lib/WebGUI/Asset/Wobject/GalleryAlbum.pm
@@ -306,10 +306,7 @@ sub canEdit {
     my $form        = $self->session->form;
 
     # Handle adding a photo
-    if ( $form->get("func") eq "add" ) {
-        return $self->canAddFile;
-    }
-    elsif ( $form->get("func") eq "editSave" && $form->get("className") eq __PACKAGE__ ) {
+    if ( $form->get("func") eq "add" || $form->get("func") eq "editSave" ) {
         return $self->canAddFile;
     }
     else {
diff --git a/t/Asset/Wobject/GalleryAlbum/permission.t b/t/Asset/Wobject/GalleryAlbum/permission.t
index 2ae6a5750..86a0dcd98 100644
--- a/t/Asset/Wobject/GalleryAlbum/permission.t
+++ b/t/Asset/Wobject/GalleryAlbum/permission.t
@@ -32,6 +32,7 @@ WebGUI::Test->usersToDelete($user{'2'});
 
 my $versionTag      = WebGUI::VersionTag->getWorking($session);
 $versionTag->set({name=>"Album Test"});
+addToCleanup($versionTag);
 my $gallery
     = $node->addChild({
         className           => "WebGUI::Asset::Wobject::Gallery",
@@ -104,10 +105,3 @@ $maker->prepare({
     fail        => [ 1, ],
 });
 $maker->run;
-
-#----------------------------------------------------------------------------
-# Cleanup
-END {
-    $versionTag->rollback();
-}
-