diff options
Diffstat (limited to 'modules/tag')
| -rw-r--r-- | modules/tag/controllers/admin_tags.php | 1 | ||||
| -rw-r--r-- | modules/tag/helpers/item_tags_rest.php | 5 | ||||
| -rw-r--r-- | modules/tag/helpers/tag.php | 2 | ||||
| -rw-r--r-- | modules/tag/helpers/tag_item_rest.php | 2 | ||||
| -rw-r--r-- | modules/tag/helpers/tag_items_rest.php | 4 | ||||
| -rw-r--r-- | modules/tag/helpers/tag_rest.php | 27 | ||||
| -rw-r--r-- | modules/tag/helpers/tags_rest.php | 6 | ||||
| -rw-r--r-- | modules/tag/tests/Tag_Item_Rest_Helper_Test.php | 2 | ||||
| -rw-r--r-- | modules/tag/tests/Tag_Rest_Helper_Test.php | 32 | ||||
| -rw-r--r-- | modules/tag/tests/Tags_Rest_Helper_Test.php | 8 | ||||
| -rw-r--r-- | modules/tag/views/admin_tags.html.php | 2 |
11 files changed, 32 insertions, 59 deletions
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 03a14814..9e875d14 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -22,6 +22,7 @@ class Admin_Tags_Controller extends Admin_Controller { $filter = Input::instance()->get("filter"); $view = new Admin_View("admin.html"); + $view->page_title = t("Manage tags"); $view->content = new View("admin_tags.html"); $view->content->filter = $filter; diff --git a/modules/tag/helpers/item_tags_rest.php b/modules/tag/helpers/item_tags_rest.php index 8a1b1e8b..02c79e5d 100644 --- a/modules/tag/helpers/item_tags_rest.php +++ b/modules/tag/helpers/item_tags_rest.php @@ -31,8 +31,8 @@ class item_tags_rest_Core { } static function post($request) { - $tag = rest::resolve($request->params->tag); - $item = rest::resolve($request->params->item); + $tag = rest::resolve($request->params->entity->tag); + $item = rest::resolve($request->params->entity->item); access::required("view", $item); tag::add($item, $tag->name); @@ -45,6 +45,7 @@ class item_tags_rest_Core { static function delete($request) { list ($tag, $item) = rest::resolve($request->url); + access::required("edit", $item); $tag->remove($item); $tag->save(); } diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 8df4210d..14d27c94 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -98,7 +98,7 @@ class tag_Core { ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); - $group->input("name")->label($label)->rules("required"); + $group->input("name")->label($label)->rules("required")->id("name"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); return $form; diff --git a/modules/tag/helpers/tag_item_rest.php b/modules/tag/helpers/tag_item_rest.php index bce00a9f..17cb726e 100644 --- a/modules/tag/helpers/tag_item_rest.php +++ b/modules/tag/helpers/tag_item_rest.php @@ -22,7 +22,7 @@ class tag_item_rest_Core { list ($tag, $item) = rest::resolve($request->url); return array( "url" => $request->url, - "members" => array( + "entity" => array( "tag" => rest::url("tag", $tag), "item" => rest::url("item", $item))); } diff --git a/modules/tag/helpers/tag_items_rest.php b/modules/tag/helpers/tag_items_rest.php index 003c7c95..848c2cd3 100644 --- a/modules/tag/helpers/tag_items_rest.php +++ b/modules/tag/helpers/tag_items_rest.php @@ -33,8 +33,8 @@ class tag_items_rest_Core { } static function post($request) { - $tag = rest::resolve($request->params->tag); - $item = rest::resolve($request->params->item); + $tag = rest::resolve($request->params->entity->tag); + $item = rest::resolve($request->params->entity->item); access::required("view", $item); if (!$tag->loaded()) { diff --git a/modules/tag/helpers/tag_rest.php b/modules/tag/helpers/tag_rest.php index f30706bd..e0b7bd87 100644 --- a/modules/tag/helpers/tag_rest.php +++ b/modules/tag/helpers/tag_rest.php @@ -36,28 +36,25 @@ class tag_rest_Core { "members" => $tag_items))); } - static function post($request) { - if (empty($request->params->url)) { - throw new Rest_Exception("Bad request", 400); - } - - $tag = rest::resolve($request->url); - $item = rest::resolve($request->params->url); - access::required("edit", $item); - - tag::add($item, $tag->name); - return array("url" => rest::url("tag_item", $tag, $item)); - } - static function put($request) { + // Who can we allow to edit a tag name? If we allow anybody to do it then any logged in + // user can rename all your tags to something offensive. Right now limit renaming to admins. + if (!identity::active_user()->admin) { + access::forbidden(); + } $tag = rest::resolve($request->url); - if (isset($request->params->name)) { - $tag->name = $request->params->name; + if (isset($request->params->entity->name)) { + $tag->name = $request->params->entity->name; $tag->save(); } } static function delete($request) { + // Restrict deleting tags to admins. Otherwise, a logged in user can do great harm to an + // install. + if (!identity::active_user()->admin) { + access::forbidden(); + } $tag = rest::resolve($request->url); $tag->delete(); } diff --git a/modules/tag/helpers/tags_rest.php b/modules/tag/helpers/tags_rest.php index 82826d8e..434e774a 100644 --- a/modules/tag/helpers/tags_rest.php +++ b/modules/tag/helpers/tags_rest.php @@ -40,13 +40,13 @@ class tags_rest_Core { } } - if (empty($request->params->name)) { + if (empty($request->params->entity->name)) { throw new Rest_Exception("Bad Request", 400); } - $tag = ORM::factory("tag")->where("name", "=", $request->params->name)->find(); + $tag = ORM::factory("tag")->where("name", "=", $request->params->entity->name)->find(); if (!$tag->loaded()) { - $tag->name = $request->params->name; + $tag->name = $request->params->entity->name; $tag->count = 0; $tag->save(); } diff --git a/modules/tag/tests/Tag_Item_Rest_Helper_Test.php b/modules/tag/tests/Tag_Item_Rest_Helper_Test.php index e5acab93..533f832d 100644 --- a/modules/tag/tests/Tag_Item_Rest_Helper_Test.php +++ b/modules/tag/tests/Tag_Item_Rest_Helper_Test.php @@ -32,7 +32,7 @@ class Tag_Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->url = rest::url("tag_item", $tag, item::root()); $this->assert_equal_array( array("url" => rest::url("tag_item", $tag, item::root()), - "members" => array( + "entity" => array( "tag" => rest::url("tag", $tag), "item" => rest::url("item", item::root()))), tag_item_rest::get($request)); diff --git a/modules/tag/tests/Tag_Rest_Helper_Test.php b/modules/tag/tests/Tag_Rest_Helper_Test.php index f4d5a14a..a8aa89d4 100644 --- a/modules/tag/tests/Tag_Rest_Helper_Test.php +++ b/modules/tag/tests/Tag_Rest_Helper_Test.php @@ -67,41 +67,13 @@ class Tag_Rest_Helper_Test extends Gallery_Unit_Test_Case { tag_rest::get($request)); } - public function post_test() { - $tag = test::random_tag(); - - // Create an editable item to be tagged - $album = test::random_album(); - access::allow(identity::everybody(), "edit", $album); - - // Add the album to the tag - $request = new stdClass(); - $request->url = rest::url("tag", $tag); - $request->params = new stdClass(); - $request->params->url = rest::url("item", $album); - $this->assert_equal_array( - array("url" => rest::url("tag_item", $tag, $album)), - tag_rest::post($request)); - } - - public function post_with_no_item_url_test() { - $request = new stdClass(); - try { - tag_rest::post($request); - } catch (Rest_Exception $e) { - $this->assert_equal(400, $e->getCode()); - return; - } - - $this->assert_true(false, "Shouldn't get here"); - } - public function put_test() { $tag = test::random_tag(); $request = new stdClass(); $request->url = rest::url("tag", $tag); $request->params = new stdClass(); - $request->params->name = "new name"; + $request->params->entity = new stdClass(); + $request->params->entity->name = "new name"; tag_rest::put($request); $this->assert_equal("new name", $tag->reload()->name); diff --git a/modules/tag/tests/Tags_Rest_Helper_Test.php b/modules/tag/tests/Tags_Rest_Helper_Test.php index a0ebc8c3..99332c7c 100644 --- a/modules/tag/tests/Tags_Rest_Helper_Test.php +++ b/modules/tag/tests/Tags_Rest_Helper_Test.php @@ -45,11 +45,12 @@ class Tags_Rest_Helper_Test extends Gallery_Unit_Test_Case { } public function post_test() { - access::allow(identity::everybody(), "edit", item::root()); + identity::set_active_user(identity::guest()); $request = new stdClass(); $request->params = new stdClass(); - $request->params->name = "test tag"; + $request->params->entity = new stdClass(); + $request->params->entity->name = "test tag"; $this->assert_equal( array("url" => url::site("rest/tag/1")), tags_rest::post($request)); @@ -63,7 +64,8 @@ class Tags_Rest_Helper_Test extends Gallery_Unit_Test_Case { try { $request = new stdClass(); $request->params = new stdClass(); - $request->params->name = "test tag"; + $request->params->entity = new stdClass(); + $request->params->entity->name = "test tag"; tags_rest::post($request); } catch (Exception $e) { $this->assert_equal(403, $e->getCode()); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index b637a7f1..e1db387b 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -16,7 +16,7 @@ <? $column_tag_count = 0 ?> <div class="g-block"> - <h1> <?= t("Tag Admin") ?> </h1> + <h1> <?= t("Manage tags") ?> </h1> <div class="g-block-content"> <table id="g-tag-admin"> |