diff options
Diffstat (limited to 'modules/gallery/helpers')
| -rw-r--r-- | modules/gallery/helpers/gallery_rest.php | 80 |
1 files changed, 45 insertions, 35 deletions
diff --git a/modules/gallery/helpers/gallery_rest.php b/modules/gallery/helpers/gallery_rest.php index 30a37ad1..e31c4252 100644 --- a/modules/gallery/helpers/gallery_rest.php +++ b/modules/gallery/helpers/gallery_rest.php @@ -48,7 +48,7 @@ class gallery_rest_Core { "size" => array("height" => $item->height, "width" => $item->width), "description" => $item->description, - "internet_address" => $item->slug); + "slug" => $item->slug); $children = self::_get_children($item, $request); if (!empty($children) || $item->is_album()) { @@ -58,10 +58,6 @@ class gallery_rest_Core { } static function put($request) { - if (empty($request->path)) { - return rest::invalid_request(); - } - $item = ORM::factory("item") ->where("relative_url_cache", $request->path) ->viewable() @@ -75,37 +71,18 @@ class gallery_rest_Core { return rest::not_found("Resource: {$request->path} permission denied."); } - // Normalize the request - $new_values = array(); - $fields = array("title", "description", "name", "slug"); - if ($item->is_album()) { - $fields = array_merge($fields, array("sort_column", "sort_order")); - } - foreach ($fields as $field) { - $new_values[$field] = !empty($request->$field) ? $request->$field : $item->$field; - } - if ($item->id == 1) { - unset($new_values["name"]); - } - if ($item->id != 1 && - ($new_values["name"] != $item->name || $new_values["slug"] != $item->slug)) { - // Make sure that there's not a conflict - $errors = item::check_for_conflicts($item, $new_values["name"], $new_values["slug"]); - if (!empty($errors["name_conflict"])) { - return rest::fail(t("Renaming %path failed: new name exists", - array("path" => $request->path))); - } - if (!empty($errors["slug_conflict"])) { - return rest::fail(t("Renaming %path failed: new internet address exists", - array("path" => $request->path))); - } - } - - item::update($item, $new_values); + // Validate the request data + $new_values = gallery_rest::_validate($item, $request); + $errors = $new_values->errors(); + if (empty($errors)) { + item::update($item, $new_values->as_array()); - log::success("content", "Updated $item->type", "<a href=\"{$item->type}s/$item->id\">view</a>"); + log::success("content", "Updated $item->type", "<a href=\"{$item->type}s/$item->id\">view</a>"); - return rest::success(); + return rest::success(); + } else { + return rest::validation_error($errors); + } } static function post($request) { @@ -129,6 +106,8 @@ class gallery_rest_Core { return rest::not_found("Resource: {$request->path} permission denied."); } + // @TODO validate input values (assume nothing about the quality of input) + if (empty($_FILES["image"])) { $new_item = album::create( $parent, @@ -189,6 +168,7 @@ class gallery_rest_Core { return rest::invalid_request("Attempt to delete the root album"); } + $parent = $item->parent(); $item->delete(); if ($item->is_album()) { @@ -198,7 +178,7 @@ class gallery_rest_Core { } log::success("content", $msg); - return rest::success(); + return rest::success(array("resource" => array("parent_path" => $parent->relative_url()))); } private static function _get_children($item, $request) { @@ -219,4 +199,34 @@ class gallery_rest_Core { return $children; } + + private static function _validate($item, $request) { + $new_values = array(); + $fields = array("title", "description", "name", "slug"); + if ($item->id == 1) { + unset($request["name"]); + unset($request["slug"]); + } + foreach ($fields as $field) { + $new_values[$field] = isset($request->$field) ? $request->$field : $item->$field; + } + + $new_values = new Validation($new_values); + foreach ($item->rules as $field => $rules) { + foreach (explode("|", $rules) as $rule) { + $new_values->add_rules($field, $rule); + } + } + + if (($valid = $new_values->validate()) && $item->id != 1) { + $errors = item::check_for_conflicts($item, $new_values["name"], $new_values["slug"]); + if ($valid = empty($errors)) { + !empty($errors["name_conflict"]) OR $new_values->add_error("name", "Duplicate Name"); + !empty($errors["slug_conflict"]) OR + $new_values->add_error("name", "Duplicate Internet Address"); + } + } + + return $new_values; + } } |