Merge branch 'master' of github.com:gallery/gallery3

author: Bharat Mediratta <bharat@menalto.com> 2010-03-28 21:04:44 -0700
committer: Bharat Mediratta <bharat@menalto.com> 2010-03-28 21:04:44 -0700
commit: ea43c5f06f5c7242f1d5811fe427e55c87497ecc (patch)
tree: 7ee253a40c57c8ea8066305e36b633fa2d7500e4 /modules/rest
parent: 2eea7b874aa06f08ed58a85197473233b54693aa (diff)
parent: e8eb23db42bb929548af358452f1b65e16b61913 (diff)
7 files changed, 30 insertions, 23 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index 7cdd97c9..9f9b9aff 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -36,7 +36,7 @@ class Rest_Controller extends Controller {
 
     $key = rest::get_access_token($user->id);
     rest::reply($key->access_key);
- }
+  }
 
   public function __call($function, $args) {
     $input = Input::instance();
@@ -68,7 +68,7 @@ class Rest_Controller extends Controller {
     }
 
     try {
-      print rest::reply(call_user_func(array($handler_class, $handler_method), $request));
+      rest::reply(call_user_func(array($handler_class, $handler_method), $request));
     } catch (ORM_Validation_Exception $e) {
       foreach ($e->validation->errors() as $key => $value) {
         $msgs[] = "$key: $value";
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 1ee72aed..7440350f 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,8 +39,7 @@ class rest_Core {
 
   static function set_active_user($access_token) {
     if (empty($access_token)) {
-      identity::set_active_user(identity::guest());
-      return;
+      throw new Rest_Exception("Forbidden", 403);
     }
 
     $key = ORM::factory("user_access_token")
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index c46e65c4..91affe7a 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index 9fbc5b2e..f69f62d1 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/libraries/Rest_Exception.php b/modules/rest/libraries/Rest_Exception.php
index c3548b7e..505c2e7a 100644
--- a/modules/rest/libraries/Rest_Exception.php
+++ b/modules/rest/libraries/Rest_Exception.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_token.php
index 5669d8d1..44330768 100644
--- a/modules/rest/models/user_access_token.php
+++ b/modules/rest/models/user_access_token.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index 9f73bed9..21be8300 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,6 +20,9 @@
 class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
+
+    $key = rest::get_access_token(1);  // admin user
+    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
   }
 
   public function teardown() {
@@ -60,24 +63,26 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   }
 
   public function get_test() {
+    unset($_SERVER["HTTP_X_GALLERY_REQUEST_KEY"]);
+
     $_SERVER["REQUEST_METHOD"] = "GET";
     $_GET["key"] = "value";
 
-    $this->assert_array_equal_to_json(
-      array("params" => array("key" => "value"),
-            "method" => "get",
-            "access_token" => null,
-            "url" => "http://./index.php/gallery_unit_test"),
-      test::call_and_capture(array(new Rest_Controller(), "mock")));
+    try {
+      test::call_and_capture(array(new Rest_Controller(), "mock"));
+    } catch (Rest_Exception $e) {
+      $this->assert_same(403, $e->getCode());
+      return;
+    }
+
+    $this->assert_true(false, "Should be forbidden");
   }
 
   public function get_with_access_key_test() {
-    $key = rest::get_access_token(1);  // admin user
-
     $_SERVER["REQUEST_METHOD"] = "GET";
-    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
     $_GET["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "get",
@@ -90,10 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "post",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -103,10 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "put",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -116,10 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "delete",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
author	Bharat Mediratta <bharat@menalto.com>	2010-03-28 21:04:44 -0700
committer	Bharat Mediratta <bharat@menalto.com>	2010-03-28 21:04:44 -0700
commit	ea43c5f06f5c7242f1d5811fe427e55c87497ecc (patch)
tree	7ee253a40c57c8ea8066305e36b633fa2d7500e4 /modules/rest
parent	2eea7b874aa06f08ed58a85197473233b54693aa (diff)
parent	e8eb23db42bb929548af358452f1b65e16b61913 (diff)