Merge branch 'master' of git://github.com/gallery/gallery3

8 files changed, 90 insertions, 58 deletions

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index dab54976..f8a46515 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -34,53 +34,59 @@ class Rest_Controller extends Controller {
 
     auth::login($user);
 
-    $key = rest::get_access_key($user->id);
-    rest::reply($key->access_key);
+    rest::reply(rest::access_key());
   }
 
   public function __call($function, $args) {
-    $input = Input::instance();
-    $request = new stdClass();
-    switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
-    case "get":
-      $request->params = (object) $input->get();
-      break;
+    try {
+      $input = Input::instance();
+      $request = new stdClass();
+
+      switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
+      case "get":
+        $request->params = (object) $input->get();
+        break;
 
-    case "post":
-      $request->params = (object) $input->post();
-      if (isset($_FILES["file"])) {
-        $request->file = upload::save("file");
+      default:
+        $request->params = (object) $input->post();
+        if (isset($_FILES["file"])) {
+          $request->file = upload::save("file");
+        }
+        break;
       }
-      break;
-    }
 
-    if (isset($request->params->entity)) {
-      $request->params->entity = json_decode($request->params->entity);
-    }
-    if (isset($request->params->members)) {
-      $request->params->members = json_decode($request->params->members);
-    }
+      if (isset($request->params->entity)) {
+        $request->params->entity = json_decode($request->params->entity);
+      }
+      if (isset($request->params->members)) {
+        $request->params->members = json_decode($request->params->members);
+      }
 
-    $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
-    $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
-    $request->url = url::abs_current(true);
+      $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
+      $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
 
-    rest::set_active_user($request->access_key);
+      if (empty($request->access_key) && !empty($request->params->access_key)) {
+        $request->access_key = $request->params->access_key;
+      }
 
-    $handler_class = "{$function}_rest";
-    $handler_method = $request->method;
+      $request->url = url::abs_current(true);
 
-    if (!method_exists($handler_class, $handler_method)) {
-      throw new Rest_Exception("Bad Request", 400);
-    }
+      rest::set_active_user($request->access_key);
 
-    try {
-      rest::reply(call_user_func(array($handler_class, $handler_method), $request));
-    } catch (ORM_Validation_Exception $e) {
-      foreach ($e->validation->errors() as $key => $value) {
-        $msgs[] = "$key: $value";
+      $handler_class = "{$function}_rest";
+      $handler_method = $request->method;
+
+      if (!method_exists($handler_class, $handler_method)) {
+        throw new Rest_Exception("Bad Request", 400);
       }
-      throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400);
+
+      $response = call_user_func(array($handler_class, $handler_method), $request);
+      rest::reply($response);
+    } catch (ORM_Validation_Exception $e) {
+      // Note: this is totally insufficient because it doesn't take into account localization.  We
+      // either need to map the result values to localized strings in the application code, or every
+      // client needs its own l10n string set.
+      throw new Rest_Exception("Bad Request", 400, $e->validation->errors());
     }
   }
 }
\ No newline at end of file
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 49999520..bcb12d58 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -18,9 +18,12 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class rest_Core {
+  const API_VERSION = "3.0";
+
   static function reply($data=array()) {
     Session::instance()->abort_save();
 
+    header("X-Gallery-API-Version: " . rest::API_VERSION);
     if (Input::instance()->get("output") == "html") {
       header("Content-type: text/html");
       if ($data) {
@@ -39,7 +42,12 @@ class rest_Core {
 
   static function set_active_user($access_key) {
     if (empty($access_key)) {
-      throw new Rest_Exception("Forbidden", 403);
+      if (module::get_var("rest", "allow_guest_access")) {
+        identity::set_active_user(identity::guest());
+        return;
+      } else {
+        throw new Rest_Exception("Forbidden", 403);
+      }
     }
 
     $key = ORM::factory("user_access_key")
@@ -58,17 +66,18 @@ class rest_Core {
     identity::set_active_user($user);
   }
 
-  static function get_access_key($user_id) {
+  static function access_key() {
     $key = ORM::factory("user_access_key")
-      ->where("user_id", "=", $user_id)
+      ->where("user_id", "=", identity::active_user()->id)
       ->find();
 
     if (!$key->loaded()) {
-      $key->user_id = $user_id;
+      $key->user_id = identity::active_user()->id;
       $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key()));
       $key->save();
     }
-    return $key;
+
+    return $key->access_key;
   }
 
   /**
@@ -129,9 +138,9 @@ class rest_Core {
       foreach (glob(MODPATH . "{$module->name}/helpers/*_rest.php") as $filename) {
         $class = str_replace(".php", "", basename($filename));
         if (method_exists($class, "relationships")) {
-          $results = array_merge(
-            $results,
-            call_user_func(array($class, "relationships"), $resource_type, $resource));
+          if ($tmp = call_user_func(array($class, "relationships"), $resource_type, $resource)) {
+            $results = array_merge($results, $tmp);
+          }
         }
       }
     }
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index e4e53ef6..f23b9a58 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -29,6 +29,13 @@ class rest_event {
        ->execute();
   }
 
+
+  static function change_provider($new_provider) {
+    db::build()
+      ->delete("user_access_keys")
+      ->execute();
+  }
+
   /**
    * Called after a user has been added.  Just add a remote access key
    * on every add.
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index aeb9573e..c2694a29 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -28,7 +28,8 @@ class rest_installer {
                 UNIQUE KEY(`access_key`),
                 UNIQUE KEY(`user_id`))
               DEFAULT CHARSET=utf8;");
-    module::set_version("rest", 2);
+    module::set_var("rest", "allow_guest_access", false);
+    module::set_version("rest", 3);
   }
 
   static function upgrade($version) {
@@ -37,6 +38,11 @@ class rest_installer {
       $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
       module::set_version("rest", $version = 2);
     }
+
+    if ($version == 2) {
+      module::set_var("rest", "allow_guest_access", false);
+      module::set_version("rest", $version = 3);
+    }
   }
 
   static function uninstall() {
diff --git a/modules/rest/libraries/Rest_Exception.php b/modules/rest/libraries/Rest_Exception.php
index 505c2e7a..087da939 100644
--- a/modules/rest/libraries/Rest_Exception.php
+++ b/modules/rest/libraries/Rest_Exception.php
@@ -18,8 +18,11 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Rest_Exception_Core extends Kohana_Exception {
-  public function __construct($message, $code) {
+  var $response = array();
+
+  public function __construct($message, $code, $response=array()) {
     parent::__construct($message, null, $code);
+    $this->response = $response;
   }
 
   public function sendHeaders() {
@@ -27,4 +30,8 @@ class Rest_Exception_Core extends Kohana_Exception {
       header("HTTP/1.1 " . $this->getCode() . " " . $this->getMessage());
     }
   }
+
+  public function getTemplate() {
+    return "error_rest.json";
+  }
 }
\ No newline at end of file
diff --git a/modules/rest/module.info b/modules/rest/module.info
index 3ab7e165..5aaffc28 100644
--- a/modules/rest/module.info
+++ b/modules/rest/module.info
@@ -1,4 +1,4 @@
-name = "REST Access Module"
-description = "The RESTful implementation/interface to Gallery3"
+name = "REST API Module"
+description = "A REST-based API that allows desktop clients and other apps to interact with Gallery 3"
 
-version = 2
+version = 3
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index fe83283d..0c8a4a98 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -21,8 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
 
-    $key = rest::get_access_key(1);  // admin user
-    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
+    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = rest::access_key();
   }
 
   public function teardown() {
@@ -83,11 +82,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "GET";
     $_GET["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "get",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -96,11 +94,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "post",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -110,11 +107,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "put",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -124,11 +120,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
     $_POST["key"] = "value";
 
-    $key = rest::get_access_key(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "delete",
-            "access_key" => $key->access_key,
+            "access_key" => rest::access_key(),
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
diff --git a/modules/rest/views/error_rest.json.php b/modules/rest/views/error_rest.json.php
new file mode 100644
index 00000000..179ce7f9
--- /dev/null
+++ b/modules/rest/views/error_rest.json.php
@@ -0,0 +1,2 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<?= json_encode($e->response);
\ No newline at end of file