summaryrefslogtreecommitdiff
path: root/core/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'core/controllers')
-rw-r--r--core/controllers/albums.php135
-rw-r--r--core/controllers/items.php118
-rw-r--r--core/controllers/photos.php53
-rw-r--r--core/controllers/rest.php2
4 files changed, 168 insertions, 140 deletions
diff --git a/core/controllers/albums.php b/core/controllers/albums.php
index 0947e913..8d2b5b77 100644
--- a/core/controllers/albums.php
+++ b/core/controllers/albums.php
@@ -22,15 +22,13 @@ class Albums_Controller extends Items_Controller {
/**
* @see Rest_Controller::_show($resource)
*/
- public function _show($item) {
- if (!access::can("view", $item)) {
- Kohana::show_404();
- }
+ public function _show($album) {
+ access::required("view", $album);
$theme_name = module::get_var("core", "active_theme", "default");
$page_size = module::get_var("core", "page_size", 9);
$page = $this->input->get("page", "1");
- $children_count = $item->viewable()->children_count();
+ $children_count = $album->viewable()->children_count();
$offset = ($page-1) * $page_size;
// Make sure that the page references a valid offset
@@ -40,25 +38,136 @@ class Albums_Controller extends Items_Controller {
$template = new Theme_View("page.html", "album", $theme_name);
$template->set_global("page_size", $page_size);
- $template->set_global("item", $item);
- $template->set_global("children", $item->viewable()->children($page_size, $offset));
+ $template->set_global("item", $album);
+ $template->set_global("children", $album->viewable()->children($page_size, $offset));
$template->set_global("children_count", $children_count);
- $template->set_global("parents", $item->parents());
+ $template->set_global("parents", $album->parents());
$template->content = new View("album.html");
- $item->view_count++;
- $item->save();
+ $album->view_count++;
+ $album->save();
print $template;
}
/**
+ * @see Rest_Controller::_create($resource)
+ */
+ public function _create($album) {
+ access::required("edit", $album);
+
+ switch ($this->input->post("type")) {
+ case "album":
+ return $this->_create_album($album);
+
+ case "photo":
+ return $this->_create_photo($album);
+
+ default:
+ access::forbidden();
+ }
+ }
+
+ private function _create_album($album) {
+ access::required("edit", $album);
+
+ $form = album::get_add_form($album);
+ if ($form->validate()) {
+ $new_album = album::create(
+ $album,
+ $this->input->post("name"),
+ $this->input->post("title", $this->input->post("name")),
+ $this->input->post("description"),
+ user::active()->id);
+
+ log::add("content", "Created an album", log::INFO,
+ html::anchor("albums/$new_album->id", "view album"));
+ message::add(_("Successfully created album"));
+ rest::http_status(rest::CREATED);
+ rest::http_location(url::site("albums/$new_album->id"));
+ } else {
+ print $form;
+ }
+ }
+
+ private function _create_photo($album) {
+ access::required("edit", $album);
+
+ $form = photo::get_add_form($album);
+ if ($form->validate()) {
+ $photo = photo::create(
+ $album,
+ $this->input->post("file"),
+ $_FILES["file"]["name"],
+ $this->input->post("title", $this->input->post("name")),
+ $this->input->post("description"),
+ user::active()->id);
+
+ log::add("content", "Added a photo", log::INFO,
+ html::anchor("photos/$photo->id", "view photo"));
+ message::add(_("Successfully added photo"));
+ //rest::http_status(rest::CREATED);
+ //rest::http_location(url::site("photos/$photo->id"));
+ print "<h1>this is a response</h1>";
+ } else {
+ print $form;
+ }
+ }
+
+ /**
+ * @see Rest_Controller::_update($resource)
+ */
+ public function _update($album) {
+ access::required("edit", $album);
+
+ $form = album::get_edit_form($album);
+ if ($form->validate()) {
+ // @todo implement changing the name. This is not trivial, we have
+ // to check for conflicts and rename the album itself, etc. Needs an
+ // api method.
+ $album->title = $form->edit_album->title->value;
+ $album->description = $form->edit_album->description->value;
+ $album->save();
+
+ module::event("album_changed", $album);
+
+ log::add("content", "Updated album", log::INFO, "<a href=\"albums/$album->id\">view</a>");
+ message::add(_("Successfully saved album"));
+ rest::http_status(rest::CREATED);
+ rest::http_location(url::site("albums/$album->id"));
+ } else {
+ rest::html($form);
+ }
+ rest::respond();
+ }
+
+ /**
* @see Rest_Controller::_form_add($parameters)
*/
- public function _form_add($parent_id) {
- $parent = ORM::factory("item", $parent_id);
+ public function _form_add($album_id) {
+ $album = ORM::factory("item", $album_id);
+ access::required("edit", $album);
+
+ switch ($this->input->get("type")) {
+ case "album":
+ print album::get_add_form($album)->render();
+ break;
+
+ case "photo":
+ print photo::get_add_form($album)->render();
+ break;
- print album::get_add_form($parent)->render();
+ default:
+ kohana::show_404();
+ }
}
+ /**
+ * @see Rest_Controller::_form_add($parameters)
+ */
+ public function _form_edit($album) {
+ access::required("edit", $album);
+
+ print album::get_edit_form($album);
+ }
}
diff --git a/core/controllers/items.php b/core/controllers/items.php
index b79d28d2..1cb24324 100644
--- a/core/controllers/items.php
+++ b/core/controllers/items.php
@@ -45,125 +45,19 @@ class Items_Controller extends REST_Controller {
// Redirect to the more specific resource type, since it will render
// differently. We could also just delegate here, but it feels more appropriate
// to have a single canonical resource mapping.
+ access::required("view", $item);
return url::redirect("{$item->type}s/$item->id");
}
- public function _create($item) {
- // @todo Productionize this code
- // 1) Add security checks
- $owner_id = user::active()->id;
-
- switch ($this->input->post("type")) {
- case "album":
- $album = album::create(
- $item,
- $this->input->post("name"),
- $this->input->post("title", $this->input->post("name")),
- $this->input->post("description"),
- $owner_id);
- log::add("content", "Created an album", log::INFO,
- html::anchor("albums/$album->id", "view album"));
- message::add(_("Successfully created album"));
- if (request::is_ajax()) {
- rest::http_status(rest::CREATED);
- rest::http_location(url::site("albums/$album->id"));
- } else {
- url::redirect("albums/$album->id");
- }
- break;
-
- case "photo":
- if (is_array($_FILES["file"]["name"])) {
- $count = count($_FILES["file"]["name"]);
- for ($i = 0; $i < $count - 1; $i++) {
- if ($_FILES["file"]["error"][$i] == 0) {
- $photo = photo::create(
- $item,
- $_FILES["file"]["tmp_name"][$i],
- $_FILES["file"]["name"][$i],
- $_FILES["file"]["name"][$i],
- "", $owner_id);
- } else {
- log::add("content", "Error uploading photo", log::WARNING);
- message::add(sprintf(_("Error uploading photo %s"),
- html::specialchars($_FILES["file"]["name"][$i])));
- }
- }
- log::add("content", "Added $count photos", log::INFO,
- html::anchor("albums/$item->id", "view album"));
- if (request::is_ajax()) {
- rest::http_status(rest::CREATED);
- rest::http_location(url::site("albums/$item->id"));
- } else {
- url::redirect("albums/$item->id");
- }
- } else {
- $photo = photo::create(
- $item,
- $_FILES["file"]["tmp_name"],
- $_FILES["file"]["name"],
- $this->input->post("title", $this->input->post("name")),
- $this->input->post("description"),
- $owner_id);
- log::add("content", "Added a photo", log::INFO,
- html::anchor("photos/$photo->id", "view photo"));
- message::add(_("Successfully added photo"));
- if (request::is_ajax()) {
- rest::http_status(rest::CREATED);
- rest::http_location(url::site("photos/$photo->id"));
- } else {
- url::redirect("photos/$photo->id");
- }
- }
- break;
- }
- }
-
public function _delete($item) {
- // @todo Productionize this code
- // 1) Add security checks
- $parent = $item->parent();
- if ($parent->id) {
- module::event("{$item->type}_before_delete", $item);
-
- $item->delete();
- }
+ throw new Exception("@todo Item_Controller::_delete NOT IMPLEMENTED");
+ }
- url::redirect("{$parent->type}s/{$parent->id}");
+ public function _create($item) {
+ throw new Exception("@todo Item_Controller::_create NOT IMPLEMENTED");
}
public function _update($item) {
- // @todo Productionize this
- // 1) Figure out how to do the right validation here. Validate the form input and apply it to
- // the model as appropriate.
- // 2) Figure out how to dispatch according to the needs of the client. Ajax requests from
- // jeditable will want the changed field back, and possibly the whole item in json.
- //
- // For now let's establish a simple protocol where the client passes in a __return parameter
- // that specifies which field it wants back from the item. Later on we can expand that to
- // include a data format, etc.
-
- // These fields are safe to change
- $post = $this->input->post();
- foreach ($post as $key => $value) {
- switch ($key) {
- case "title":
- case "description":
- $item->$key = $value;
- break;
- }
- }
-
- // @todo Support additional fields
- // These fields require additional work if you change them
- // parent_id, owner_id
-
- $item->save();
-
- module::event("{$item->type}_changed", $item);
-
- if (array_key_exists("_return", $post)) {
- print $item->{$post["_return"]};
- }
+ throw new Exception("@todo Item_Controller::_update NOT IMPLEMENTED");
}
}
diff --git a/core/controllers/photos.php b/core/controllers/photos.php
index 465c291d..730cfd2c 100644
--- a/core/controllers/photos.php
+++ b/core/controllers/photos.php
@@ -22,34 +22,59 @@ class Photos_Controller extends Items_Controller {
/**
* @see Rest_Controller::_show($resource)
*/
- public function _show($item) {
- if (!access::can("view", $item)) {
- return Kohana::show_404();
- }
+ public function _show($photo) {
+ access::required("view", $photo);
$theme_name = module::get_var("core", "active_theme", "default");
$template = new Theme_View("page.html", "photo", $theme_name);
- $template->set_global('item', $item);
- $template->set_global('children', $item->children());
- $template->set_global('children_count', $item->children_count());
- $template->set_global('parents', $item->parents());
+ $template->set_global('item', $photo);
+ $template->set_global('children', array());
+ $template->set_global('children_count', $photo->children_count());
+ $template->set_global('parents', $photo->parents());
$template->content = new View("photo.html");
- $item->view_count++;
- $item->save();
+ $photo->view_count++;
+ $photo->save();
print $template;
}
/**
- * @see Rest_Controller::_form_add($parameters)
+ * @see Rest_Controller::_update($resource)
*/
- public function _form_add($parent_id) {
- $parent = ORM::factory("item", $parent_id);
+ public function _update($photo) {
+ access::required("edit", $photo);
+
+ $form = photo::get_edit_form($photo);
+ if ($form->validate()) {
+ // @todo implement changing the name. This is not trivial, we have
+ // to check for conflicts and rename the album itself, etc. Needs an
+ // api method.
+ $photo->title = $form->edit_photo->title->value;
+ $photo->description = $form->edit_photo->description->value;
+ $photo->save();
+
+ module::event("photo_changed", $photo);
- print photo::get_add_form($parent)->render();
+ log::add("content", "Updated photo", log::INFO, "<a href=\"photos/$photo->id\">view</a>");
+ message::add(_("Successfully saved photo"));
+
+ rest::http_status(rest::FOUND);
+ rest::http_location(url::site("photos/$photo->id"));
+ } else {
+ rest::html($form);
+ }
+ rest::respond();
+ }
+
+ /**
+ * @see Rest_Controller::_form_edit($resource)
+ */
+ public function _form_edit($photo) {
+ access::required("edit", $photo);
+ print photo::get_edit_form($photo);
}
}
diff --git a/core/controllers/rest.php b/core/controllers/rest.php
index c10bbcdb..0ac7a1c9 100644
--- a/core/controllers/rest.php
+++ b/core/controllers/rest.php
@@ -118,7 +118,7 @@ abstract class REST_Controller extends Controller {
/* We're adding a new item, pass along any additional parameters. */
public function form_add($parameters) {
- return $this->_form_add($parameters);
+ return $this->_form_add($parameters);
}
/**
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 18:25:01 +0000