From 5467e21e8b9941a2b64aa093c0cf0f591ef5ca82 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 13 Mar 2010 08:16:37 -0800 Subject: Changes to support updating the child elements within an album. In this change the urls of the children are sent up asan array of post fields children[0].... children[n]. If an existing child is not included it is deleted. Including a url to an child in another album will move the child. Changing the order of the children will respect the order of the children, if the sort column is 'weight' --- modules/rest/controllers/rest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index eed54bd4..7a9e3b0b 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -46,7 +46,7 @@ class Rest_Controller extends Controller { $request->params = (object) $input->get(); break; - case "post": + default: $request->params = (object) $input->post(); if (isset($_FILES["file"])) { $request->file = upload::save("file"); -- cgit v1.2.3 From 7b35091b47f0b1ed2677795885553c07fd7bf168 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 21 Mar 2010 20:45:22 -0700 Subject: If the access token is not set, then look in the post data. --- modules/rest/controllers/rest.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 3db5e9b1..13594763 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -41,6 +41,7 @@ class Rest_Controller extends Controller { public function __call($function, $args) { $input = Input::instance(); $request = new stdClass(); + switch ($method = strtolower($input->server("REQUEST_METHOD"))) { case "get": $request->params = (object) $input->get(); @@ -56,6 +57,11 @@ class Rest_Controller extends Controller { $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); + + if (empty($request->access_token) && !empty($request->params->access_token)) { + $request->access_token = $request->params->access_token; + } + $request->url = url::abs_current(true); rest::set_active_user($request->access_token); -- cgit v1.2.3 From 9bb4c954bbc10e71a695b57f7e8979a140f4873f Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 7 Apr 2010 08:07:41 -0700 Subject: Merge bharat_dev rest implementation --- modules/gallery/helpers/item_rest.php | 135 ++++++++++++--------------------- modules/gallery/models/item.php | 2 +- modules/rest/controllers/rest.php | 7 ++ modules/tag/helpers/item_tags_rest.php | 5 +- modules/tag/helpers/tag_item_rest.php | 2 +- modules/tag/helpers/tag_items_rest.php | 4 +- modules/tag/helpers/tag_rest.php | 27 +++---- modules/tag/helpers/tags_rest.php | 6 +- 8 files changed, 77 insertions(+), 111 deletions(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 32b9c620..f52713b8 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -70,8 +70,14 @@ class item_rest_Core { $orm->where("type", "IN", explode(",", $p->type)); } - // Respect the requested ordering - $orm->order_by($item->sort_column, $item->sort_order); + // Apply the item's sort order, using id as the tie breaker. + // See Item_Model::children() + $order_by = array($item->sort_column => $item->sort_order); + if ($item->sort_column != "id") { + $order_by["id"] = "ASC"; + } + $orm->order_by($order_by); + $members = array(); foreach ($orm->find_all() as $child) { $members[] = rest::url("item", $child); @@ -88,126 +94,81 @@ class item_rest_Core { $item = rest::resolve($request->url); access::required("edit", $item); - $params = $request->params; - - $sort_order_changed_to_weight = false; - // Start the batch - batch::start(); - - // Only change fields from a whitelist. - foreach (array("album_cover", "captured", "description", - "height", "mime_type", "name", "parent", "rand_key", "resize_dirty", - "resize_height", "resize_width", "slug", "sort_column", "sort_order", - "thumb_dirty", "thumb_height", "thumb_width", "title", "view_count", - "weight", "width") as $key) { - if (property_exists($request->params, $key)) { + if ($entity = $request->params->entity) { + // Only change fields from a whitelist. + foreach (array("album_cover", "captured", "description", + "height", "mime_type", "name", "parent", "rand_key", "resize_dirty", + "resize_height", "resize_width", "slug", "sort_column", "sort_order", + "thumb_dirty", "thumb_height", "thumb_width", "title", "view_count", + "width") as $key) { switch ($key) { case "album_cover": - $album_cover_item = rest::resolve($request->params->album_cover); - access::required("view", $album_cover_item); - $item->album_cover_item_id = $album_cover_item->id; + if (property_exists($entity, "album_cover")) { + $album_cover_item = rest::resolve($entity->album_cover); + access::required("view", $album_cover_item); + $item->album_cover_item_id = $album_cover_item->id; + } break; - case "sort_column": - if ($request->params->sort_column == "weight" && $item->sort_column != "weight") { - $sort_order_changed_to_weight = true; - $item->sort_column = "weight"; + case "parent": + if (property_exists($entity, "parent")) { + $parent = rest::resolve($entity->parent); + access::required("edit", $parent); + $item->parent_id = $parent->id; } break; - case "parent": - $parent = rest::resolve($request->params->parent); - access::required("edit", $parent); - $item->parent_id = $parent->id; - break; default: - $item->$key = $request->params->$key; + if (property_exists($entity, $key)) { + $item->$key = $entity->$key; + } } } } - $item->save(); - // If children are supplied, then update the children based on that client tells us. - // if the sort order changed, then update the weights if there are no children to be updated - if (property_exists($request->params, "children")) { - // Map the existing children by their restful urls - $children = array(); - foreach ($item->children() as $child) { - $children[rest::url("item", $child)] = $child; - } - $update_weight = $item->sort_column == "weight"; - $weight = $item->sort_order == "ASC" ? -1 : $request->params->url->length; - $weight_increment = $item->sort_order == "ASC" ? 1 : -1; - - foreach($request->params->children as $url) { - if (isset($children[$url])) { - $child = $children[$url]; - unset($children[$url]); - } else { - $child = rest::resolve($url); - $child->parent_id = $item->id; + $weight = 0; + if (isset($request->params->members)) { + foreach ($request->params->members as $url) { + $child = rest::resolve($url); + if ($child->parent_id == $item->id && $child->weight != $weight) { + $child->weight = $weight++; + $child->save(); } - $child->save(); - if ($update_weight) { - $weight += $weight_increment; - db::build() - ->update("items") - ->set("weight", $weight) - ->where("id", "=", $child->id) - ->execute(); - } - } - // Anything left in the mapping needs to be deleted - foreach ($children as $child) { - $child->delete(); - } - } else if ($sort_order_changed_to_weight) { - $weight = $item->sort_order == "ASC" ? -1 : $request->params->url->length; - $weight_increment = $item->sort_order == "ASC" ? 1 : -1; - foreach ($item->children() as $child) { - // Do this directly in the database to avoid sending notifications - $weight += $weight_increment; - db::build() - ->update("items") - ->set("weight", $weight) - ->where("id", "=", $child->id) - ->execute(); } } - - batch::stop(); + $item->save(); } static function post($request) { $parent = rest::resolve($request->url); access::required("edit", $parent); - $params = $request->params; + $entity = $request->params->entity; $item = ORM::factory("item"); - switch ($params->type) { + switch ($entity->type) { case "album": $item->type = "album"; $item->parent_id = $parent->id; - $item->name = $params->name; - $item->title = isset($params->title) ? $params->title : $name; - $item->description = isset($params->description) ? $params->description : null; - $item->slug = isset($params->slug) ? $params->slug : null; + $item->name = $entity->name; + $item->title = isset($entity->title) ? $entity->title : $name; + $item->description = isset($entity->description) ? $entity->description : null; + $item->slug = isset($entity->slug) ? $entity->slug : null; $item->save(); break; case "photo": case "movie": - $item->type = $params->type; + $item->type = $entity->type; $item->parent_id = $parent->id; $item->set_data_file($request->file); - $item->name = $params->name; - $item->title = isset($params->title) ? $params->title : $params->name; - $item->description = isset($params->description) ? $params->description : null; - $item->slug = isset($params->slug) ? $params->slug : null; + $item->name = $entity->name; + $item->title = isset($entity->title) ? $entity->title : $entity->name; + $item->description = isset($entity->description) ? $entity->description : null; + $item->slug = isset($entity->slug) ? $entity->slug : null; $item->save(); break; default: - throw new Rest_Exception("Invalid type: $params->type", 400); + throw new Rest_Exception("Invalid type: $entity->type", 400); } return array("url" => rest::url("item", $item)); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 1026264f..7fc37325 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -947,7 +947,7 @@ class Item_Model extends ORM_MPTT { // Elide some internal-only data that is going to cause confusion in the client. foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", - "thumb_dirty", "resize_dirty") as $key) { + "thumb_dirty", "resize_dirty", "weight") as $key) { unset($data[$key]); } return $data; diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 410eeece..38f28171 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -55,6 +55,13 @@ class Rest_Controller extends Controller { break; } + if (isset($request->params->entity)) { + $request->params->entity = json_decode($request->params->entity); + } + if (isset($request->params->members)) { + $request->params->members = json_decode($request->params->members); + } + $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); diff --git a/modules/tag/helpers/item_tags_rest.php b/modules/tag/helpers/item_tags_rest.php index 8a1b1e8b..02c79e5d 100644 --- a/modules/tag/helpers/item_tags_rest.php +++ b/modules/tag/helpers/item_tags_rest.php @@ -31,8 +31,8 @@ class item_tags_rest_Core { } static function post($request) { - $tag = rest::resolve($request->params->tag); - $item = rest::resolve($request->params->item); + $tag = rest::resolve($request->params->entity->tag); + $item = rest::resolve($request->params->entity->item); access::required("view", $item); tag::add($item, $tag->name); @@ -45,6 +45,7 @@ class item_tags_rest_Core { static function delete($request) { list ($tag, $item) = rest::resolve($request->url); + access::required("edit", $item); $tag->remove($item); $tag->save(); } diff --git a/modules/tag/helpers/tag_item_rest.php b/modules/tag/helpers/tag_item_rest.php index bce00a9f..17cb726e 100644 --- a/modules/tag/helpers/tag_item_rest.php +++ b/modules/tag/helpers/tag_item_rest.php @@ -22,7 +22,7 @@ class tag_item_rest_Core { list ($tag, $item) = rest::resolve($request->url); return array( "url" => $request->url, - "members" => array( + "entity" => array( "tag" => rest::url("tag", $tag), "item" => rest::url("item", $item))); } diff --git a/modules/tag/helpers/tag_items_rest.php b/modules/tag/helpers/tag_items_rest.php index 003c7c95..848c2cd3 100644 --- a/modules/tag/helpers/tag_items_rest.php +++ b/modules/tag/helpers/tag_items_rest.php @@ -33,8 +33,8 @@ class tag_items_rest_Core { } static function post($request) { - $tag = rest::resolve($request->params->tag); - $item = rest::resolve($request->params->item); + $tag = rest::resolve($request->params->entity->tag); + $item = rest::resolve($request->params->entity->item); access::required("view", $item); if (!$tag->loaded()) { diff --git a/modules/tag/helpers/tag_rest.php b/modules/tag/helpers/tag_rest.php index f30706bd..e0b7bd87 100644 --- a/modules/tag/helpers/tag_rest.php +++ b/modules/tag/helpers/tag_rest.php @@ -36,28 +36,25 @@ class tag_rest_Core { "members" => $tag_items))); } - static function post($request) { - if (empty($request->params->url)) { - throw new Rest_Exception("Bad request", 400); - } - - $tag = rest::resolve($request->url); - $item = rest::resolve($request->params->url); - access::required("edit", $item); - - tag::add($item, $tag->name); - return array("url" => rest::url("tag_item", $tag, $item)); - } - static function put($request) { + // Who can we allow to edit a tag name? If we allow anybody to do it then any logged in + // user can rename all your tags to something offensive. Right now limit renaming to admins. + if (!identity::active_user()->admin) { + access::forbidden(); + } $tag = rest::resolve($request->url); - if (isset($request->params->name)) { - $tag->name = $request->params->name; + if (isset($request->params->entity->name)) { + $tag->name = $request->params->entity->name; $tag->save(); } } static function delete($request) { + // Restrict deleting tags to admins. Otherwise, a logged in user can do great harm to an + // install. + if (!identity::active_user()->admin) { + access::forbidden(); + } $tag = rest::resolve($request->url); $tag->delete(); } diff --git a/modules/tag/helpers/tags_rest.php b/modules/tag/helpers/tags_rest.php index 82826d8e..434e774a 100644 --- a/modules/tag/helpers/tags_rest.php +++ b/modules/tag/helpers/tags_rest.php @@ -40,13 +40,13 @@ class tags_rest_Core { } } - if (empty($request->params->name)) { + if (empty($request->params->entity->name)) { throw new Rest_Exception("Bad Request", 400); } - $tag = ORM::factory("tag")->where("name", "=", $request->params->name)->find(); + $tag = ORM::factory("tag")->where("name", "=", $request->params->entity->name)->find(); if (!$tag->loaded()) { - $tag->name = $request->params->name; + $tag->name = $request->params->entity->name; $tag->count = 0; $tag->save(); } -- cgit v1.2.3 From d5b80f29444e03aadc1130ab1624a09c0689fb93 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 8 Jun 2010 14:35:35 -0700 Subject: Don't use the standard error formatting for exceptions that have occurred as part of a REST request. Format the exception as a json encoded text string so the client can extract the fault information if they so choose. --- modules/gallery/helpers/item_rest.php | 2 +- modules/rest/controllers/rest.php | 102 ++++++++++++++++++++++------------ 2 files changed, 66 insertions(+), 38 deletions(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index f99afbc2..763e586f 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -161,7 +161,7 @@ class item_rest_Core { case "photo": case "movie": if (empty($request->file)) { - throw new Rest_Exception("Bad Request: Upload failed", 400); + throw new Rest_Exception("file: Upload failed", 400); } $item->type = $entity->type; $item->parent_id = $parent->id; diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 38f28171..6392838f 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -39,54 +39,82 @@ class Rest_Controller extends Controller { } public function __call($function, $args) { - $input = Input::instance(); - $request = new stdClass(); - - switch ($method = strtolower($input->server("REQUEST_METHOD"))) { - case "get": - $request->params = (object) $input->get(); - break; - - default: - $request->params = (object) $input->post(); - if (isset($_FILES["file"])) { - $request->file = upload::save("file"); + try { + $input = Input::instance(); + $request = new stdClass(); + + switch ($method = strtolower($input->server("REQUEST_METHOD"))) { + case "get": + $request->params = (object) $input->get(); + break; + + default: + $request->params = (object) $input->post(); + if (isset($_FILES["file"])) { + $request->file = upload::save("file"); + } + break; } - break; - } - if (isset($request->params->entity)) { - $request->params->entity = json_decode($request->params->entity); - } - if (isset($request->params->members)) { - $request->params->members = json_decode($request->params->members); - } + if (isset($request->params->entity)) { + $request->params->entity = json_decode($request->params->entity); + } + if (isset($request->params->members)) { + $request->params->members = json_decode($request->params->members); + } - $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); - $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); + $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method)); + $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); - if (empty($request->access_key) && !empty($request->params->access_key)) { - $request->access_key = $request->params->access_key; - } + if (empty($request->access_key) && !empty($request->params->access_key)) { + $request->access_key = $request->params->access_key; + } + + $request->url = url::abs_current(true); - $request->url = url::abs_current(true); + rest::set_active_user($request->access_key); - rest::set_active_user($request->access_key); + $handler_class = "{$function}_rest"; + $handler_method = $request->method; - $handler_class = "{$function}_rest"; - $handler_method = $request->method; + if (!method_exists($handler_class, $handler_method)) { + throw new Rest_Exception("Bad Request", 400); + } - if (!method_exists($handler_class, $handler_method)) { - throw new Rest_Exception("Bad Request", 400); + $response = call_user_func(array($handler_class, $handler_method), $request); + } catch (Exception $e) { + $response = $this->_format_exception_response($e); } - try { - rest::reply(call_user_func(array($handler_class, $handler_method), $request)); - } catch (ORM_Validation_Exception $e) { - foreach ($e->validation->errors() as $key => $value) { - $msgs[] = "$key: $value"; + rest::reply($response); + } + + private function _format_exception_response($e) { + // Add this exception to the log + Kohana_Log::add('error', Kohana_Exception::text($e)); + + $e->sendHeaders(); + + $rest_exception = array(); + if ($e instanceof ORM_Validation_Exception) { + $detail_response = true; + $rest_exception["code"] = 400; + $rest_exception["message"] = t("Validation errors"); + $rest_exception["fields"] = $e->validation->errors; + } else if ($e instanceof Rest_Exception) { + $rest_exception["code"] = $e->getCode(); + if ($e->getMessage() != "Bad Request") { + $rest_exception["message"] = "Bad Request"; + $rest_exception["fields"] = array("type", $e->getMessage()); + } else { + $rest_exception["message"] = $e->getMessage(); } - throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400); + header("HTTP/1.1 400 Bad Request"); + } else { + $rest_exception["code"] = 500; + $rest_exception["message"] = t("Remote server call failed. Please contact the Adminstrator."); } + + return $rest_exception; } } \ No newline at end of file -- cgit v1.2.3 From 30849d10b151582fff67fd41fef1177396e47996 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 10 Jun 2010 08:18:15 -0700 Subject: Tweak the error response for rest requests to make it easier for the client to extract error information. --- modules/rest/controllers/rest.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 6392838f..3e364bff 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -93,28 +93,30 @@ class Rest_Controller extends Controller { // Add this exception to the log Kohana_Log::add('error', Kohana_Exception::text($e)); - $e->sendHeaders(); - $rest_exception = array(); if ($e instanceof ORM_Validation_Exception) { $detail_response = true; $rest_exception["code"] = 400; - $rest_exception["message"] = t("Validation errors"); - $rest_exception["fields"] = $e->validation->errors; + $rest_exception["message"] = "Validation errors"; + $rest_exception["fields"] = $e->validation->errors(); } else if ($e instanceof Rest_Exception) { $rest_exception["code"] = $e->getCode(); if ($e->getMessage() != "Bad Request") { $rest_exception["message"] = "Bad Request"; $rest_exception["fields"] = array("type", $e->getMessage()); - } else { + } else { $rest_exception["message"] = $e->getMessage(); } - header("HTTP/1.1 400 Bad Request"); } else { $rest_exception["code"] = 500; $rest_exception["message"] = t("Remote server call failed. Please contact the Adminstrator."); } + if (!headers_sent()) { + header($rest_exception["code"] == 500 ? "HTTP/1.1 500 Internal Server Error" : + "HTTP/1.1 400 Bad Request"); + } + return $rest_exception; } } \ No newline at end of file -- cgit v1.2.3 From 295a42e0f1d5bf5ba1a6a11fe7e222da59dae40b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 18 Jun 2010 20:20:05 -0700 Subject: change single to double quotes. --- modules/rest/controllers/rest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 3e364bff..acc4a7df 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -91,7 +91,7 @@ class Rest_Controller extends Controller { private function _format_exception_response($e) { // Add this exception to the log - Kohana_Log::add('error', Kohana_Exception::text($e)); + Kohana_Log::add("error", Kohana_Exception::text($e)); $rest_exception = array(); if ($e instanceof ORM_Validation_Exception) { -- cgit v1.2.3 From 9b788674275c843947d44934a50dd395b515737a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 18 Jun 2010 20:43:14 -0700 Subject: Simplify rest::get_access_key($user) to rest::access_key() that returns just the access key string for the active user. That's how we use the API, so keep it simple. --- modules/organize/controllers/organize.php | 2 +- modules/rest/controllers/rest.php | 3 +-- modules/rest/helpers/rest.php | 7 ++++--- modules/rest/tests/Rest_Controller_Test.php | 15 +++++---------- 4 files changed, 11 insertions(+), 16 deletions(-) (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 732ac3f6..135a6fc9 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -39,7 +39,7 @@ class Organize_Controller extends Controller { $v = new View("organize_dialog.html"); $v->album = $album; $v->domain = $input->server("SERVER_NAME"); - $v->access_key = rest::get_access_key($user->id)->access_key; + $v->access_key = rest::access_key(); $v->file_filter = addslashes($file_filter); $v->sort_order = addslashes(json_encode($sort_order)); $v->sort_fields = addslashes(json_encode($sort_fields)); diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index acc4a7df..ccccc762 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -34,8 +34,7 @@ class Rest_Controller extends Controller { auth::login($user); - $key = rest::get_access_key($user->id); - rest::reply($key->access_key); + rest::reply(rest::access_key()); } public function __call($function, $args) { diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index b382cb29..0bad58f6 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -66,9 +66,9 @@ class rest_Core { identity::set_active_user($user); } - static function get_access_key($user_id) { + static function access_key() { $key = ORM::factory("user_access_key") - ->where("user_id", "=", $user_id) + ->where("user_id", "=", identity::active_user()->id) ->find(); if (!$key->loaded()) { @@ -76,7 +76,8 @@ class rest_Core { $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); $key->save(); } - return $key; + + return $key->access_key; } /** diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index fe83283d..0c8a4a98 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -21,8 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { public function setup() { $this->_save = array($_GET, $_POST, $_SERVER); - $key = rest::get_access_key(1); // admin user - $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key; + $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = rest::access_key(); } public function teardown() { @@ -83,11 +82,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "GET"; $_GET["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "get", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -96,11 +94,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "POST"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "post", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -110,11 +107,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "put", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -124,11 +120,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "delete", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } -- cgit v1.2.3 From 456d54ea2dccbe55a2efd89ecb4bde29fb91b619 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 19 Jun 2010 13:53:22 -0700 Subject: Throw exceptions as appropriate, but allow the Kohana exception handling framework to handle the exception and delegate to our template, which will JSON encode the response. --- modules/rest/controllers/rest.php | 41 +++++-------------------------- modules/rest/libraries/Rest_Exception.php | 11 +++++++-- modules/rest/views/error_rest.php | 2 ++ 3 files changed, 17 insertions(+), 37 deletions(-) create mode 100644 modules/rest/views/error_rest.php (limited to 'modules/rest/controllers/rest.php') diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index ccccc762..f8a46515 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -81,41 +81,12 @@ class Rest_Controller extends Controller { } $response = call_user_func(array($handler_class, $handler_method), $request); - } catch (Exception $e) { - $response = $this->_format_exception_response($e); + rest::reply($response); + } catch (ORM_Validation_Exception $e) { + // Note: this is totally insufficient because it doesn't take into account localization. We + // either need to map the result values to localized strings in the application code, or every + // client needs its own l10n string set. + throw new Rest_Exception("Bad Request", 400, $e->validation->errors()); } - - rest::reply($response); - } - - private function _format_exception_response($e) { - // Add this exception to the log - Kohana_Log::add("error", Kohana_Exception::text($e)); - - $rest_exception = array(); - if ($e instanceof ORM_Validation_Exception) { - $detail_response = true; - $rest_exception["code"] = 400; - $rest_exception["message"] = "Validation errors"; - $rest_exception["fields"] = $e->validation->errors(); - } else if ($e instanceof Rest_Exception) { - $rest_exception["code"] = $e->getCode(); - if ($e->getMessage() != "Bad Request") { - $rest_exception["message"] = "Bad Request"; - $rest_exception["fields"] = array("type", $e->getMessage()); - } else { - $rest_exception["message"] = $e->getMessage(); - } - } else { - $rest_exception["code"] = 500; - $rest_exception["message"] = t("Remote server call failed. Please contact the Adminstrator."); - } - - if (!headers_sent()) { - header($rest_exception["code"] == 500 ? "HTTP/1.1 500 Internal Server Error" : - "HTTP/1.1 400 Bad Request"); - } - - return $rest_exception; } } \ No newline at end of file diff --git a/modules/rest/libraries/Rest_Exception.php b/modules/rest/libraries/Rest_Exception.php index aa5b3281..c5baec63 100644 --- a/modules/rest/libraries/Rest_Exception.php +++ b/modules/rest/libraries/Rest_Exception.php @@ -18,13 +18,20 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Rest_Exception_Core extends Kohana_Exception { - public function __construct($message, $code) { + var $response = array(); + + public function __construct($message, $code, $response) { parent::__construct($message, null, $code); + $this->response = $response; } public function sendHeaders() { if (!headers_sent()) { - header("HTTP/1.1 " . $this->getCode() . "Bad Request"); + header("HTTP/1.1 " . $this->getCode() . " " . $this->getMessage()); } } + + public function getTemplate() { + return "error_rest"; + } } \ No newline at end of file diff --git a/modules/rest/views/error_rest.php b/modules/rest/views/error_rest.php new file mode 100644 index 00000000..c018378e --- /dev/null +++ b/modules/rest/views/error_rest.php @@ -0,0 +1,2 @@ + +response) ?> \ No newline at end of file -- cgit v1.2.3