diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-02-19 11:40:49 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-02-19 11:40:49 -0800 |
| commit | d388e4bb868602f293b73918981bee1de6176a24 (patch) | |
| tree | ba51b80b60f412519b57aa48865e74f9d1ca8363 | |
| parent | 643fffdba0e595e4e3c4777a52088f81bafded40 (diff) | |
Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when. This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.
Throw a 404 if we try to view the user profile for a missing user.
The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.
Don't show any of the edit buttons unless identity::is_writable()
| -rw-r--r-- | modules/gallery/controllers/user_profile.php | 16 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/user_profile.html.php | 4 | ||||
| -rw-r--r-- | modules/notification/helpers/notification_event.php | 36 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 28 |
5 files changed, 51 insertions, 35 deletions
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index 05373466..b89bc358 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -21,21 +21,21 @@ class User_Profile_Controller extends Controller { public function show($id) { // If we get here, then we should have a user id other than guest. $user = identity::lookup_user($id); - $active_user = identity::active_user(); - $is_current_active = $active_user->id == $id; - $can_edit = $is_current_active && !$active_user->guest; - $display_all = $active_user->admin || $can_edit; + if (!$user) { + throw new Kohana_404_Exception(); + } $v = new Theme_View("page.html", "other", "profile"); $v->page_title = t("%name Profile", array("name" => $user->display_name())); $v->content = new View("user_profile.html"); - // @todo modify user_home to supply a link to their album, $v->content->user = $user; - $v->content->not_current = !$is_current_active; - $v->content->editable = identity::is_writable() && $can_edit; + $v->content->contactable = + !$user->guest && $user->id != identity::active_user()->id && $user->email; + $v->content->editable = + identity::is_writable() && !$user->guest && $user->id == identity::active_user()->id; - $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array()); + $event_data = (object)array("user" => $user, "content" => array()); module::event("show_user_profile", $event_data); $v->content->info_parts = $event_data->content; diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index faf1c0c6..36f91142 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -413,7 +413,7 @@ class gallery_event_Core { $fields = array("name" => t("Name"), "locale" => t("Language Preference"), "email" => t("Email"), "full_name" => t("Full name"), "url" => "Web site"); - if (!$data->display_all) { + if (!$data->user->guest) { $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site"); } $v->user_profile_data = array(); diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php index 53e8dc1e..257bd7ca 100644 --- a/modules/gallery/views/user_profile.html.php +++ b/modules/gallery/views/user_profile.html.php @@ -12,18 +12,18 @@ <a id="g-profile-return" class="g-button g-right ui-state-default ui-corner-all" href="#"> <?= t("Return") ?> </a> + <? if ($editable): ?> <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_email/{$user->id}") ?>"> <?= t("Change email") ?> </a> <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("users/form_change_password/{$user->id}") ?>"> <?= t("Change password") ?> </a> - <? if ($editable): ?> <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>"> <?= t("Edit") ?> </a> <? endif ?> - <? if (!$user->guest && $not_current && !empty($user->email)): ?> + <? if ($contactable): ?> <a class="g-button g-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("user_profile/contact/{$user->id}") ?>"> <?= t("Contact") ?> diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php index c8628ae4..19e8dedb 100644 --- a/modules/notification/helpers/notification_event.php +++ b/modules/notification/helpers/notification_event.php @@ -128,23 +128,31 @@ class notification_event_Core { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_notification.html"); - $view->subscriptions = array(); - foreach(ORM::factory("subscription") - ->where("user_id", "=", $data->user->id) - ->find_all() as $subscription) { - $item = ORM::factory("item") + // Guests don't see comment listings + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their comment listings + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_notification.html"); + $view->subscriptions = array(); + foreach(ORM::factory("subscription") + ->where("user_id", "=", $data->user->id) + ->find_all() as $subscription) { + $item = ORM::factory("item") ->where("id", "=", $subscription->item_id) ->find(); - if ($item->loaded()) { - $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title, - "url" => $item->url()); - } - } - if (count($view->subscriptions) > 0) { - $data->content[] = (object)array("title" => t("Watching"), "view" => $view); + if ($item->loaded()) { + $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title, + "url" => $item->url()); } } + if (count($view->subscriptions) > 0) { + $data->content[] = (object)array("title" => t("Watching"), "view" => $view); + } } }
\ No newline at end of file diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index f9aa34e3..c46e65c4 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -76,19 +76,27 @@ class rest_event { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_rest.html"); - $key = ORM::factory("user_access_token") + // Guests can't see a REST key + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their own REST key + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_rest.html"); + $key = ORM::factory("user_access_token") ->where("user_id", "=", $data->user->id) ->find(); - if (!$key->loaded()) { - $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); - $key->save(); - } - $view->rest_key = $key->access_key; - $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); + if (!$key->loaded()) { + $key->user_id = $data->user->id; + $key->access_key = md5($data->user->name . rand()); + $key->save(); } + $view->rest_key = $key->access_key; + $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); } } |