diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2010-02-21 13:08:06 -0800 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2010-02-21 13:08:06 -0800 |
| commit | be20309259de9310da3be703c93c4e42def2541b (patch) | |
| tree | 38ecbb4fe4183e65af79cd9fbdfae3d99b8cd4d3 /modules/rest/helpers | |
| parent | cb57c3912aef6bed394a4693f94e9c97001aff34 (diff) | |
| parent | 1377b2c7b3110a132d4b2d748be72a6aafa537e6 (diff) | |
Merge commit 'upstream/master'
Diffstat (limited to 'modules/rest/helpers')
| -rw-r--r-- | modules/rest/helpers/rest.php | 10 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 28 |
2 files changed, 25 insertions, 13 deletions
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 3c53784d..1ee72aed 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -23,9 +23,13 @@ class rest_Core { if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); - $html = preg_replace( - "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", - var_export(!empty($data) ? $data : t("Empty response"), 1)); + if ($data) { + $html = preg_replace( + "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", + var_export($data, 1)); + } else { + $html = t("Empty response"); + } print "<pre>$html</pre>"; } else { header("Content-type: application/json"); diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index f9aa34e3..c46e65c4 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -76,19 +76,27 @@ class rest_event { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_rest.html"); - $key = ORM::factory("user_access_token") + // Guests can't see a REST key + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their own REST key + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_rest.html"); + $key = ORM::factory("user_access_token") ->where("user_id", "=", $data->user->id) ->find(); - if (!$key->loaded()) { - $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); - $key->save(); - } - $view->rest_key = $key->access_key; - $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); + if (!$key->loaded()) { + $key->user_id = $data->user->id; + $key->access_key = md5($data->user->name . rand()); + $key->save(); } + $view->rest_key = $key->access_key; + $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); } } |