summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/helpers/gallery_rest.php72
-rw-r--r--modules/gallery/tests/Gallery_Rest_Helper_Test.php16
2 files changed, 37 insertions, 51 deletions
diff --git a/modules/gallery/helpers/gallery_rest.php b/modules/gallery/helpers/gallery_rest.php
index 1d790d8c..94c7dc6f 100644
--- a/modules/gallery/helpers/gallery_rest.php
+++ b/modules/gallery/helpers/gallery_rest.php
@@ -21,14 +21,7 @@ class gallery_rest_Core {
static function get($request) {
$path = implode("/", $request->arguments);
- $item = ORM::factory("item")
- ->where("relative_url_cache", "=", $path)
- ->viewable()
- ->find();
-
- if (!$item->loaded()) {
- return rest::not_found("Resource: {$path} missing.");
- }
+ $item = gallery_rest::_get_item($path);
$parent = $item->parent();
$response_data = array("type" => $item->type,
@@ -60,25 +53,19 @@ class gallery_rest_Core {
return rest::invalid_request();
}
$path = implode("/", $request->arguments);
-
- $item = ORM::factory("item")
- ->where("relative_url_cache", "=", $path)
- ->viewable()
- ->find();
-
- if (!$item->loaded()) {
- return rest::not_found("Resource: {$path} missing.");
- }
-
- if (!access::can("edit", $item)) {
- return rest::not_found("Resource: {$path} permission denied.");
- }
+ $item = gallery_rest::_get_item($path, "edit");
// Validate the request data
$new_values = gallery_rest::_validate($request, $item->parent_id, $item->id);
$errors = $new_values->errors();
if (empty($errors)) {
- item::update($item, $new_values->as_array());
+ $item->title = $new_values->title;
+ $item->description = $new_values->description;
+ if ($item->id != 1) {
+ $item->rename($new_values->name);
+ }
+ $item->slug = $new_values->slug;
+ $item->save();
log::success("content", "Updated $item->type",
"<a href=\"{$item->type}s/$item->id\">view</a>");
@@ -93,23 +80,11 @@ class gallery_rest_Core {
if (empty($request->arguments)) {
return rest::invalid_request();
}
- $path = implode("/", $request->arguments);
$components = $request->arguments;
$name = urldecode(array_pop($components));
- $parent = ORM::factory("item")
- ->where("relative_url_cache", "=", implode("/", $components))
- ->viewable()
- ->find();
-
- if (!$parent->loaded()) {
- return rest::not_found("Resource: {$path} missing.");
- }
-
- if (!access::can("edit", $parent)) {
- return rest::not_found("Resource: {$path} permission denied.");
- }
+ $parent = gallery_rest::_get_item(implode("/", $components), "edit");
// Validate the request data
$new_values = gallery_rest::_validate($request, $parent->id);
@@ -153,18 +128,7 @@ class gallery_rest_Core {
}
$path = implode("/", $request->arguments);
- $item = ORM::factory("item")
- ->where("relative_url_cache", "=", $path)
- ->viewable()
- ->find();
-
- if (!$item->loaded()) {
- return rest::success();
- }
-
- if (!access::can("edit", $item)) {
- return rest::not_found("Resource: {$path} permission denied.");
- }
+ $item = gallery_rest::_get_item($path, "edit");
if ($item->id == 1) {
return rest::invalid_request("Attempt to delete the root album");
@@ -183,6 +147,20 @@ class gallery_rest_Core {
return rest::success(array("resource" => array("parent_path" => $parent->relative_url())));
}
+ private static function _get_item($path, $permission="view") {
+ $item = url::get_item_from_uri($path);
+
+ if (!$item->loaded()) {
+ throw new Kohana_404_Exception();
+ }
+
+ if (!access::can($permission, $item)) {
+ throw new Kohana_404_Exception();
+ }
+
+ return $item;
+ }
+
private static function _get_children($item, $request) {
$children = array();
$limit = empty($request->limit) ? null : $request->limit;
diff --git a/modules/gallery/tests/Gallery_Rest_Helper_Test.php b/modules/gallery/tests/Gallery_Rest_Helper_Test.php
index f36f6aaf..fba83d47 100644
--- a/modules/gallery/tests/Gallery_Rest_Helper_Test.php
+++ b/modules/gallery/tests/Gallery_Rest_Helper_Test.php
@@ -136,8 +136,12 @@ class Gallery_Rest_Helper_Test extends Unit_Test_Case {
"title" => "Updated Title",
"name" => "new name");
- $this->assert_equal(json_encode(array("status" => "ERROR", "message" => "Resource not found")),
- gallery_rest::put($request));
+ try {
+ gallery_rest::put($request);
+ } catch (Kohana_404_Exception $k404) {
+ } catch (Exception $e) {
+ $this->assert_false(true, $e->__toString());
+ }
}
public function gallery_rest_put_album_no_edit_permission_test() {
@@ -147,8 +151,12 @@ class Gallery_Rest_Helper_Test extends Unit_Test_Case {
"title" => "Updated Title",
"name" => "new name");
- $this->assert_equal(json_encode(array("status" => "ERROR", "message" => "Resource not found")),
- gallery_rest::put($request));
+ try {
+ gallery_rest::put($request);
+ } catch (Kohana_404_Exception $k404) {
+ } catch (Exception $e) {
+ $this->assert_false(true, $e->__toString());
+ }
}
public function gallery_rest_put_album_rename_conflict_test() {
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 23:19:21 +0000