10 files changed, 32 insertions, 119 deletions

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index e67df6f6..43040b67 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -18,10 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Albums_Controller extends Items_Controller {
-
-  /**
-   *  @see REST_Controller::_show($resource)
-   */
   public function _show($album) {
     $page_size = module::get_var("gallery", "page_size", 9);
     if (!access::can("view", $album)) {
@@ -82,27 +78,9 @@ class Albums_Controller extends Items_Controller {
     print $template;
   }
 
-  /**
-   * @see REST_Controller::_create($resource)
-   */
-  public function _create($album) {
+  public function create($parent_id) {
     access::verify_csrf();
-    access::required("view", $album);
-    access::required("add", $album);
-
-    switch ($this->input->post("type")) {
-    case "album":
-      return $this->_create_album($album);
-
-    case "photo":
-      return $this->_create_photo($album);
-
-    default:
-      access::forbidden();
-    }
-  }
-
-  private function _create_album($album) {
+    $album = ORM::factory("item", $parent_id);
     access::required("view", $album);
     access::required("add", $album);
 
@@ -123,8 +101,7 @@ class Albums_Controller extends Items_Controller {
 
       print json_encode(
         array("result" => "success",
-              "location" => $new_album->url(),
-              "resource" => $new_album->url()));
+              "location" => $new_album->url()));
     } else {
       print json_encode(
         array(
@@ -133,43 +110,9 @@ class Albums_Controller extends Items_Controller {
     }
   }
 
-  private function _create_photo($album) {
-    access::required("view", $album);
-    access::required("add", $album);
-
-    // If we set the content type as JSON, it triggers saving the result as
-    // a document in the browser (well, in Chrome at least).
-    // @todo figure out why and fix this.
-    $form = photo::get_add_form($album);
-    if ($form->validate()) {
-      $photo = photo::create(
-        $album,
-        $this->input->post("file"),
-        $_FILES["file"]["name"],
-        $this->input->post("title", $this->input->post("name")),
-        $this->input->post("description"),
-        identity::active_user()->id);
-
-      log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
-      message::success(t("Added photo %photo_title",
-                         array("photo_title" => html::purify($photo->title))));
-
-      print json_encode(
-        array("result" => "success",
-              "resource" => $photo->url(),
-              "location" => $photo->url()));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  /**
-   * @see REST_Controller::_update($resource)
-   */
-  public function _update($album) {
+  public function update($album_id) {
     access::verify_csrf();
+    $album = ORM::factory("item", $album_id);
     access::required("view", $album);
     access::required("edit", $album);
 
@@ -229,32 +172,16 @@ class Albums_Controller extends Items_Controller {
     }
   }
 
-  /**
-   *  @see REST_Controller::_form_add($parameters)
-   */
-  public function _form_add($album_id) {
+  public function form_add($album_id) {
     $album = ORM::factory("item", $album_id);
     access::required("view", $album);
     access::required("add", $album);
 
-    switch ($this->input->get("type")) {
-    case "album":
-      print album::get_add_form($album);
-      break;
-
-    case "photo":
-      print photo::get_add_form($album);
-      break;
-
-    default:
-      kohana::show_404();
-    }
+    print album::get_add_form($album);
   }
 
-  /**
-   *  @see REST_Controller::_form_add($parameters)
-   */
-  public function _form_edit($album) {
+  public function form_edit($album_id) {
+    $album = ORM::factory("item", $album_id);
     access::required("view", $album);
     access::required("edit", $album);
 
diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php
index 7f60f2b7..ec3681a3 100644
--- a/modules/gallery/controllers/items.php
+++ b/modules/gallery/controllers/items.php
@@ -17,14 +17,16 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class Items_Controller extends REST_Controller {
-  protected $resource_type = "item";
-
-  public function _show($item) {
+class Items_Controller extends Controller {
+  public function __call($function, $args) {
+    $item = ORM::factory("item", (int)$function);
+    if (!$item->loaded) {
+      return Kohana::show_404();
+    }
     // Redirect to the more specific resource type, since it will render
     // differently.  We could also just delegate here, but it feels more appropriate
     // to have a single canonical resource mapping.
     access::required("view", $item);
-    return url::redirect($item->abs_url());
+    return $this->_show($item);
   }
 }
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index 2e2e837c..3d5eac32 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -18,10 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Movies_Controller extends Items_Controller {
-
-  /**
-   *  @see REST_Controller::_show($resource)
-   */
   public function _show($movie) {
     access::required("view", $movie);
 
@@ -53,11 +49,9 @@ class Movies_Controller extends Items_Controller {
     print $template;
   }
 
-  /**
-   * @see REST_Controller::_update($resource)
-   */
-  public function _update($movie) {
+  public function update($movie_id) {
     access::verify_csrf();
+    $movie = ORM::factory("item", $movie_id);
     access::required("view", $movie);
     access::required("edit", $movie);
 
@@ -120,10 +114,8 @@ class Movies_Controller extends Items_Controller {
     }
   }
 
-  /**
-   *  @see REST_Controller::_form_edit($resource)
-   */
-  public function _form_edit($movie) {
+  public function form_edit($movie_id) {
+    $movie = ORM::factory("item", $movie_id);
     access::required("view", $movie);
     access::required("edit", $movie);
     print movie::get_edit_form($movie);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 0c2ff6ee..f052eccd 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -18,10 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Photos_Controller extends Items_Controller {
-
-  /**
-   *  @see REST_Controller::_show($resource)
-   */
   public function _show($photo) {
     access::required("view", $photo);
 
@@ -53,12 +49,9 @@ class Photos_Controller extends Items_Controller {
     print $template;
   }
 
-
-  /**
-   * @see REST_Controller::_update($resource)
-   */
-  public function _update($photo) {
+  public function update($photo_id) {
     access::verify_csrf();
+    $photo = ORM::factory("item", $photo_id);
     access::required("view", $photo);
     access::required("edit", $photo);
 
@@ -125,10 +118,8 @@ class Photos_Controller extends Items_Controller {
     }
   }
 
-  /**
-   *  @see REST_Controller::_form_edit($resource)
-   */
-  public function _form_edit($photo) {
+  public function form_edit($photo_id) {
+    $photo = ORM::factory("item", $photo_id);
     access::required("view", $photo);
     access::required("edit", $photo);
 
diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 72a79a75..e9a0f6ec 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -92,7 +92,7 @@ class album_Core {
   }
 
   static function get_add_form($parent) {
-    $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "g-add-album-form"));
+    $form = new Forge("albums/create/{$parent->id}", "", "post", array("id" => "g-add-album-form"));
     $group = $form->group("add_album")
       ->label(t("Add an album to %album_title", array("album_title" => $parent->title)));
     $group->input("title")->label(t("Title"));
@@ -114,7 +114,7 @@ class album_Core {
   }
 
   static function get_edit_form($parent) {
-    $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
+    $form = new Forge("albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
     $form->hidden("_method")->value("put");
     $group = $form->group("edit_item")->label(t("Edit Album"));
 
diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php
index e84e8ea6..536d5143 100644
--- a/modules/gallery/helpers/movie.php
+++ b/modules/gallery/helpers/movie.php
@@ -129,7 +129,7 @@ class movie_Core {
   }
 
   static function get_edit_form($movie) {
-    $form = new Forge("movies/$movie->id", "", "post", array("id" => "g-edit-movie-form"));
+    $form = new Forge("movies/update/$movie->id", "", "post", array("id" => "g-edit-movie-form"));
     $form->hidden("_method")->value("put");
     $group = $form->group("edit_item")->label(t("Edit Movie"));
     $group->input("title")->label(t("Title"))->value($movie->title);
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index 01cf5278..3f41097c 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -157,7 +157,7 @@ class photo_Core {
   }
 
   static function get_edit_form($photo) {
-    $form = new Forge("photos/$photo->id", "", "post", array("id" => "g-edit-photo-form"));
+    $form = new Forge("photos/update/$photo->id", "", "post", array("id" => "g-edit-photo-form"));
     $form->hidden("_method")->value("put");
     $group = $form->group("edit_item")->label(t("Edit Photo"));
     $group->input("title")->label(t("Title"))->value($photo->title);
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php
index 8562355c..9b904387 100644
--- a/modules/gallery/tests/Albums_Controller_Test.php
+++ b/modules/gallery/tests/Albums_Controller_Test.php
@@ -48,7 +48,8 @@ class Albums_Controller_Test extends Unit_Test_Case {
     access::allow(identity::everybody(), "edit", $root);
 
     ob_start();
-    $controller->_update($this->_album);
+    $controller->update($this->_album->id);
+    $this->_album->reload();
     $results = ob_get_contents();
     ob_end_clean();
 
diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php
index 624e6878..fa4f101a 100644
--- a/modules/gallery/tests/Photos_Controller_Test.php
+++ b/modules/gallery/tests/Photos_Controller_Test.php
@@ -44,7 +44,8 @@ class Photos_Controller_Test extends Unit_Test_Case {
     access::allow(identity::everybody(), "edit", $root);
 
     ob_start();
-    $controller->_update($photo);
+    $controller->update($photo->id);
+    $photo->reload();
     $results = ob_get_contents();
     ob_end_clean();
 
diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt
index b1ad6347..73950d88 100644
--- a/modules/gallery/tests/controller_auth_data.txt
+++ b/modules/gallery/tests/controller_auth_data.txt
@@ -4,7 +4,6 @@ modules/digibug/controllers/digibug.php                      print_proxy
 modules/digibug/controllers/digibug.php                      close_window         DIRTY_AUTH
 modules/gallery/controllers/admin.php                        __call               DIRTY_AUTH
 modules/gallery/controllers/albums.php                       _show                DIRTY_CSRF
-modules/gallery/controllers/albums.php                       _form_add            DIRTY_CSRF
 modules/gallery/controllers/combined.php                     javascript           DIRTY_AUTH
 modules/gallery/controllers/combined.php                     css                  DIRTY_AUTH
 modules/gallery/controllers/file_proxy.php                   __call               DIRTY_CSRF|DIRTY_AUTH