diff options
| author | Nathan Kinkade <nkinkade@nkinka.de> | 2010-02-27 14:03:01 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nkinkade@nkinka.de> | 2010-02-27 14:03:01 +0000 |
| commit | a58aa6e97b0e44adf7a878db6e276b081e202192 (patch) | |
| tree | cecc68b1222cb283a021478b822952c468d64393 /modules/rest/helpers | |
| parent | 10e36fcf1b5acf07c5cc128105af03fb09aac89e (diff) | |
| parent | d9707ae749df2770370dc4eeeeaddda28f092d4d (diff) | |
Merge branch 'master' of git://github.com/gallery/gallery3
Diffstat (limited to 'modules/rest/helpers')
| -rw-r--r-- | modules/rest/helpers/rest.php | 14 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 28 |
2 files changed, 26 insertions, 16 deletions
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index a61aba2f..1ee72aed 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -21,17 +21,19 @@ class rest_Core { static function reply($data=array()) { Session::instance()->abort_save(); - if ($data) { - if (Input::instance()->get("output") == "html") { - header("Content-type: text/html"); + if (Input::instance()->get("output") == "html") { + header("Content-type: text/html"); + if ($data) { $html = preg_replace( "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", var_export($data, 1)); - print "<pre>$html</pre>"; } else { - header("Content-type: application/json"); - print json_encode($data); + $html = t("Empty response"); } + print "<pre>$html</pre>"; + } else { + header("Content-type: application/json"); + print json_encode($data); } } diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index f9aa34e3..c46e65c4 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -76,19 +76,27 @@ class rest_event { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_rest.html"); - $key = ORM::factory("user_access_token") + // Guests can't see a REST key + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their own REST key + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_rest.html"); + $key = ORM::factory("user_access_token") ->where("user_id", "=", $data->user->id) ->find(); - if (!$key->loaded()) { - $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); - $key->save(); - } - $view->rest_key = $key->access_key; - $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); + if (!$key->loaded()) { + $key->user_id = $data->user->id; + $key->access_key = md5($data->user->name . rand()); + $key->save(); } + $view->rest_key = $key->access_key; + $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); } } |