From ed5b07b335d8bd1520f3b54bf28272f853bbfbfb Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 23 Jan 2010 21:38:01 -0800
Subject: Create a user profile page that is used as a landing page when
 referencing a user in messages or pages. Partial fix for ticket #889 and a
 fix for #931.

---
 modules/gallery/controllers/user_profile.php | 80 ++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 modules/gallery/controllers/user_profile.php

(limited to 'modules/gallery/controllers/user_profile.php')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
new file mode 100644
index 00000000..808531da
--- /dev/null
+++ b/modules/gallery/controllers/user_profile.php
@@ -0,0 +1,80 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class User_Profile_Controller extends Controller {
+  public function show($id) {
+    // If we get here, then we should have a user id other than guest.
+    $user = identity::lookup_user($id);
+    $active_user = identity::active_user();
+    $is_current_active = $active_user->id == $id;
+    $display_all =  $active_user->admin || ($is_current_active && !$active_user->guest);
+
+    $v = new Theme_View("page.html", "other", "profile");
+    $v->page_title = t("%name Profile", array("name" => $user->display_name()));
+    $v->content = new View("user_profile.html");
+
+    // @todo modify user_home to supply a link to their album,
+    // @todo add list of watches
+    // @todo add all comments
+    // @todo add rest api key
+    $v->content->user = $user;
+    $v->content->height = 250;
+    $v->content->not_current = !$is_current_active;
+    $v->content->editable = identity::is_writable() && $display_all;
+    $v->content->return = SafeString::of(Input::instance()->get("return"));
+
+    $fields = array("name" => t("Name"), "locale" => t("Locale"), "email" => t("Email"),
+                    "full_name" => t("Full name"), "url" => "Web site");
+    if (!$display_all) {
+      $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
+    }
+    $v->content->fields = array();
+    foreach ($fields as $field => $label) {
+      if (!empty($user->$field)) {
+        $v->content->fields[(string)$label->for_html()] = $user->$field;
+      }
+    }
+
+    print $v;
+  }
+
+  public function contact($id) {
+    $user = identity::lookup_user($id);
+    print user_profile::get_contact_form($user);
+  }
+
+  public function send($id) {
+    $user = identity::lookup_user($id);
+    $form = user_profile::get_contact_form($user);
+    if ($form->validate()) {
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject($form->message->subject->value)
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->reply_to($form->message->reply_to->value)
+        ->message($form->message->message->value)
+        ->send();
+      message::success(t("Sent message to %user_name", array("user_name" => $user->display_name())));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error", "form" => (string)$form));
+    }
+  }
+}
-- 
cgit v1.2.3


From 7c06e21ec443a46bd78bc9e99d8284283ff85c59 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 24 Jan 2010 15:27:33 -0800
Subject: Refactor creating the user profile page content into the the event
 module.  The show_user_profile is used to provide content to the user profile
 page.  Add the list of the users comments to the profile page.

---
 modules/comment/helpers/comment_event.php          | 12 +++++++
 .../comment/views/user_profile_comments.html.php   | 20 ++++++++++++
 modules/gallery/controllers/user_profile.php       | 17 +++-------
 modules/gallery/helpers/gallery_event.php          | 18 +++++++++++
 modules/gallery/views/user_profile.html.php        | 37 +++++++++-------------
 modules/gallery/views/user_profile_info.html.php   |  9 ++++++
 6 files changed, 78 insertions(+), 35 deletions(-)
 create mode 100644 modules/comment/views/user_profile_comments.html.php
 create mode 100644 modules/gallery/views/user_profile_info.html.php

(limited to 'modules/gallery/controllers/user_profile.php')

diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php
index bd336cda..12e8d73f 100644
--- a/modules/comment/helpers/comment_event.php
+++ b/modules/comment/helpers/comment_event.php
@@ -76,4 +76,16 @@ class comment_event_Core {
       $data[] = $row->text;
     }
   }
+
+  static function show_user_profile($data) {
+    $view = new View("user_profile_comments.html");
+    $view->comments = ORM::factory("comment")
+      ->order_by("created", "DESC")
+      ->where("state", "=", "published")
+      ->where("author_id", "=", $data->user->id)
+      ->find_all();
+    if ($view->comments->count()) {
+      $data->content[] = (object)array("title" => t("Comments"), "view" => $view);
+    }
+  }
 }
diff --git a/modules/comment/views/user_profile_comments.html.php b/modules/comment/views/user_profile_comments.html.php
new file mode 100644
index 00000000..a2a641ba
--- /dev/null
+++ b/modules/comment/views/user_profile_comments.html.php
@@ -0,0 +1,20 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-comment-detail">
+<ul>
+  <? foreach ($comments as $comment): ?>
+  <li id="g-comment-<?= $comment->id ?>">
+    <p class="g-author">
+      <?= t('on %date for %title ',
+            array("date" => date("Y-M-d H:i:s", $comment->created),
+                  "title" => $comment->item()->title)); ?>
+      <a href="<?= $comment->item()->url() ?>">
+        <?= $comment->item()->thumb_img(array(), 50) ?>
+      </a>
+    </p>
+    <div>
+      <?= nl2br(html::purify($comment->text)) ?>
+    </div>
+  </li>
+  <? endforeach ?>
+</ul>
+</div>
diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 808531da..6159894d 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -31,25 +31,16 @@ class User_Profile_Controller extends Controller {
 
     // @todo modify user_home to supply a link to their album,
     // @todo add list of watches
-    // @todo add all comments
     // @todo add rest api key
     $v->content->user = $user;
-    $v->content->height = 250;
     $v->content->not_current = !$is_current_active;
     $v->content->editable = identity::is_writable() && $display_all;
     $v->content->return = SafeString::of(Input::instance()->get("return"));
 
-    $fields = array("name" => t("Name"), "locale" => t("Locale"), "email" => t("Email"),
-                    "full_name" => t("Full name"), "url" => "Web site");
-    if (!$display_all) {
-      $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
-    }
-    $v->content->fields = array();
-    foreach ($fields as $field => $label) {
-      if (!empty($user->$field)) {
-        $v->content->fields[(string)$label->for_html()] = $user->$field;
-      }
-    }
+    $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
+    module::event("show_user_profile", $event_data);
+    Kohana_Log::add("error", Kohana::debug($event_data));
+    $v->content->info_parts = $event_data->content;
 
     print $v;
   }
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 29940ac6..6b70513a 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -377,4 +377,22 @@ class gallery_event_Core {
       }
     }
   }
+
+  static function show_user_profile($data) {
+    $v = new View("user_profile_info.html");
+
+    $fields = array("name" => t("Name"), "locale" => t("Locale"), "email" => t("Email"),
+                    "full_name" => t("Full name"), "url" => "Web site");
+    if (!$data->display_all) {
+      $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
+    }
+    $v->fields = array();
+    foreach ($fields as $field => $label) {
+      if (!empty($data->user->$field)) {
+        $v->fields[(string)$label->for_html()] = $data->user->$field;
+      }
+    }
+    $data->content[] = (object)array("title" => t("User information"), "view" => $v);
+
+  }
 }
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index e7ce56b3..bcfa5346 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -1,9 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <style>
-  #g-user-profile #g-profile-buttons {
-    bottom: 0;
-    position: absolute;
-    right: 0;
+  #g-user-profile div {
+    margin-top: 1em;
   }
 
   #g-user-profile fieldset {
@@ -25,30 +23,25 @@
   }
 
 </style>
-<script>
-  $("#g-user-profile").ready(function() {
-                                           //$("#g-profile-return").click(function(event) {
-    //  window.location = <?= $return->for_js() ?>;
-                                           //});
-  });
-</script>
-<div id="g-user-profile" style="height: <?= $height ?>px">
-  <h1 style="display: none"><?= t("%name Profile", array("name" => $user->display_name())) ?></h1>
+<div id="g-user-profile">
+  <h1>
+    <a href="#">
+      <img src="<?= $user->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
+           alt="<?= html::clean_attribute($user->display_name()) ?>"
+           class="g-avatar" width="40" height="40" />
+    </a>
+    <?= t("%name Profile", array("name" => $user->display_name())) ?>
+  </h1>
+  <? foreach ($info_parts as $info): ?>
   <div>
     <fieldset>
-    <label><?= t("User information") ?></label>
+    <label><?= $info->title ?></label>
     <div>
-    <table>
-    <? foreach ($fields as $field => $value): ?>
-    <tr>
-      <td><?= $field ?></td>
-      <td><?= $value ?></td>
-    </tr>
-    <? endforeach ?>
-    </table>
+    <?= $info->view ?>
     </div>
     </fieldset>
   </div>
+  <? endforeach ?>
   <div id="g-profile-buttons" class="ui-helper-clearfix g-right">
     <? if (!$user->guest && $not_current && !empty($user->email)): ?>
     <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link"
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
new file mode 100644
index 00000000..2a2549c8
--- /dev/null
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -0,0 +1,9 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<table>
+  <? foreach ($fields as $field => $value): ?>
+  <tr>
+    <td><?= $field ?></td>
+    <td><?= $value ?></td>
+  </tr>
+  <? endforeach ?>
+</table>
-- 
cgit v1.2.3


From 26eb000637fb83c04919e1e18c67b1441db76da6 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 24 Jan 2010 15:49:02 -0800
Subject: add CSRF protection to the user profile send method.

---
 modules/gallery/controllers/user_profile.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/gallery/controllers/user_profile.php')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 6159894d..3a7e0200 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -51,6 +51,7 @@ class User_Profile_Controller extends Controller {
   }
 
   public function send($id) {
+    access::verify_csrf();
     $user = identity::lookup_user($id);
     $form = user_profile::get_contact_form($user);
     if ($form->validate()) {
-- 
cgit v1.2.3


From 865995305cbd709db4f8587d73e7178a277a8d8b Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 24 Jan 2010 20:14:01 -0800
Subject: Add the active notifications and rest api key to user profile page.

---
 modules/gallery/controllers/user_profile.php        |  3 ---
 modules/notification/helpers/notification_event.php | 21 +++++++++++++++++++++
 .../views/user_profile_notification.html.php        | 12 ++++++++++++
 modules/rest/helpers/rest_event.php                 | 17 +++++++++++++++++
 modules/rest/views/user_profile_rest.html.php       |  8 ++++++++
 5 files changed, 58 insertions(+), 3 deletions(-)
 create mode 100644 modules/notification/views/user_profile_notification.html.php
 create mode 100644 modules/rest/views/user_profile_rest.html.php

(limited to 'modules/gallery/controllers/user_profile.php')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 3a7e0200..53c76a48 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -30,8 +30,6 @@ class User_Profile_Controller extends Controller {
     $v->content = new View("user_profile.html");
 
     // @todo modify user_home to supply a link to their album,
-    // @todo add list of watches
-    // @todo add rest api key
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
     $v->content->editable = identity::is_writable() && $display_all;
@@ -39,7 +37,6 @@ class User_Profile_Controller extends Controller {
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
-    Kohana_Log::add("error", Kohana::debug($event_data));
     $v->content->info_parts = $event_data->content;
 
     print $v;
diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php
index edbf6e39..c8628ae4 100644
--- a/modules/notification/helpers/notification_event.php
+++ b/modules/notification/helpers/notification_event.php
@@ -126,4 +126,25 @@ class notification_event_Core {
       }
     }
   }
+
+  static function show_user_profile($data) {
+    if ($data->display_all) {
+      $view = new View("user_profile_notification.html");
+      $view->subscriptions = array();
+      foreach(ORM::factory("subscription")
+              ->where("user_id", "=", $data->user->id)
+              ->find_all() as $subscription) {
+        $item = ORM::factory("item")
+          ->where("id", "=", $subscription->item_id)
+          ->find();
+        if ($item->loaded()) {
+          $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title,
+                                                 "url" => $item->url());
+        }
+      }
+      if (count($view->subscriptions) > 0) {
+        $data->content[] = (object)array("title" => t("Watching"), "view" => $view);
+      }
+    }
+  }
 }
\ No newline at end of file
diff --git a/modules/notification/views/user_profile_notification.html.php b/modules/notification/views/user_profile_notification.html.php
new file mode 100644
index 00000000..8864f0c7
--- /dev/null
+++ b/modules/notification/views/user_profile_notification.html.php
@@ -0,0 +1,12 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-notification-detail">
+<ul>
+  <? foreach ($subscriptions as $subscription): ?>
+  <li id="g-watch-<?= $subscription->id ?>">
+    <a href="<?= $subscription->url ?>">
+      <?= html::purify($subscription->title) ?>
+    </a>
+  </li>
+  <? endforeach ?>
+</ul>
+</div>
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index 860c8e41..f9aa34e3 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -74,4 +74,21 @@ class rest_event {
       ->class("g-form-static")
       ->label(t("Remote access key"));
   }
+
+  static function show_user_profile($data) {
+    if ($data->display_all) {
+      $view = new View("user_profile_rest.html");
+      $key = ORM::factory("user_access_token")
+        ->where("user_id", "=", $data->user->id)
+        ->find();
+
+      if (!$key->loaded()) {
+        $key->user_id = $data->user->id;
+        $key->access_key = md5($data->user->name . rand());
+        $key->save();
+      }
+      $view->rest_key = $key->access_key;
+      $data->content[] = (object)array("title" => t("Rest api"), "view" => $view);
+    }
+  }
 }
diff --git a/modules/rest/views/user_profile_rest.html.php b/modules/rest/views/user_profile_rest.html.php
new file mode 100644
index 00000000..3807817e
--- /dev/null
+++ b/modules/rest/views/user_profile_rest.html.php
@@ -0,0 +1,8 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<div id="g-rest-detail">
+<ul>
+  <li id="g-rest-key">
+  <p><b><?= t("Key") ?></b>:<?= $rest_key ?></p>
+  </li>
+</ul>
+</div>
-- 
cgit v1.2.3


From 6023f2bb46598f9da096d63f7ab1dfb914eab6f7 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Mon, 25 Jan 2010 08:10:28 -0800
Subject: Remove the return url and change the return button on the user
 profile page to use javascript to return to the previous page.

---
 modules/gallery/controllers/user_profile.php |  1 -
 modules/gallery/helpers/user_profile.php     |  3 +--
 modules/gallery/views/user_profile.html.php  | 10 ++++++++--
 3 files changed, 9 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/controllers/user_profile.php')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index 53c76a48..a0e6619e 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -33,7 +33,6 @@ class User_Profile_Controller extends Controller {
     $v->content->user = $user;
     $v->content->not_current = !$is_current_active;
     $v->content->editable = identity::is_writable() && $display_all;
-    $v->content->return = SafeString::of(Input::instance()->get("return"));
 
     $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array());
     module::event("show_user_profile", $event_data);
diff --git a/modules/gallery/helpers/user_profile.php b/modules/gallery/helpers/user_profile.php
index 018e1bd1..95a994bc 100644
--- a/modules/gallery/helpers/user_profile.php
+++ b/modules/gallery/helpers/user_profile.php
@@ -24,8 +24,7 @@ class user_profile_Core {
    * @return url for the profile display
    */
   static function url($user_id) {
-    $return_url = urlencode(url::abs_current());
-    return url::site("user_profile/show/{$user_id}?return=$return_url");
+    return url::site("user_profile/show/{$user_id}");
   }
 
   static function get_contact_form($user) {
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index bcfa5346..708b1613 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -21,8 +21,14 @@
     border: none;
     padding: 0;
   }
-
 </style>
+<script>
+  $(document).ready(function() {
+    $("#g-profile-return").click(function(event) {
+      history.go(-1);
+    })
+  });
+</script>
 <div id="g-user-profile">
   <h1>
     <a href="#">
@@ -55,7 +61,7 @@
     </a>
     <? endif ?>
 
-    <a class="g-button ui-icon-right ui-state-default ui-corner-all" href="<?= $return->for_html_attr() ?>">
+    <a id="g-profile-return" class="g-button ui-icon-right ui-state-default ui-corner-all" href="#">
       <?= t("Return") ?>
     </a>
   </div>
-- 
cgit v1.2.3