From 481ef823dd04daff736b5a98472322e28bd4e756 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 19:45:15 -0700 Subject: Add an advanced setting to allow developers to allow guest access to REST entities. --- modules/rest/helpers/rest.php | 7 ++++++- modules/rest/helpers/rest_installer.php | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'modules/rest/helpers') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 49999520..72927c71 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -39,7 +39,12 @@ class rest_Core { static function set_active_user($access_key) { if (empty($access_key)) { - throw new Rest_Exception("Forbidden", 403); + if (module::get_var("rest", "allow_guest_access")) { + identity::set_active_user(identity::guest()); + return; + } else { + throw new Rest_Exception("Forbidden", 403); + } } $key = ORM::factory("user_access_key") diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php index aeb9573e..c2694a29 100644 --- a/modules/rest/helpers/rest_installer.php +++ b/modules/rest/helpers/rest_installer.php @@ -28,7 +28,8 @@ class rest_installer { UNIQUE KEY(`access_key`), UNIQUE KEY(`user_id`)) DEFAULT CHARSET=utf8;"); - module::set_version("rest", 2); + module::set_var("rest", "allow_guest_access", false); + module::set_version("rest", 3); } static function upgrade($version) { @@ -37,6 +38,11 @@ class rest_installer { $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}"); module::set_version("rest", $version = 2); } + + if ($version == 2) { + module::set_var("rest", "allow_guest_access", false); + module::set_version("rest", $version = 3); + } } static function uninstall() { -- cgit v1.2.3 From fef5cf9865962ce9fed583752c0671a0a5e090cf Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 7 Jun 2010 07:09:39 -0700 Subject: If the identity provider changes then delete all the rest user_access_keys, as they are no longer valid. (i.e. all the related users have been deleted.) --- modules/rest/helpers/rest_event.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules/rest/helpers') diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index e4e53ef6..f23b9a58 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -29,6 +29,13 @@ class rest_event { ->execute(); } + + static function change_provider($new_provider) { + db::build() + ->delete("user_access_keys") + ->execute(); + } + /** * Called after a user has been added. Just add a remote access key * on every add. -- cgit v1.2.3 From 2c1e3800ef41f2aabd61b7d6d39751d2d157409e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 Jun 2010 14:57:39 -0700 Subject: Send back the REST API version as a header. It's on every request, which sucks, but it's totally unobtrusive because it's a header so that's ok. Decided that the current version is "3.0" although it will surely change before the final 3.0 release. Fixes ticket #1148 --- modules/rest/helpers/rest.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules/rest/helpers') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 72927c71..3229330a 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -18,9 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class rest_Core { + const API_VERSION = "3.0"; + static function reply($data=array()) { Session::instance()->abort_save(); + header("X-Gallery-API-Version: " . rest::API_VERSION); if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); if ($data) { -- cgit v1.2.3 From 57b53e6193cc6baf12bf58d8e528518a93bff03c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Jun 2010 20:21:10 -0700 Subject: Guard against relationships() not returning an array. --- modules/rest/helpers/rest.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/rest/helpers') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 3229330a..b382cb29 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -137,9 +137,9 @@ class rest_Core { foreach (glob(MODPATH . "{$module->name}/helpers/*_rest.php") as $filename) { $class = str_replace(".php", "", basename($filename)); if (method_exists($class, "relationships")) { - $results = array_merge( - $results, - call_user_func(array($class, "relationships"), $resource_type, $resource)); + if ($tmp = call_user_func(array($class, "relationships"), $resource_type, $resource)) { + $results = array_merge($results, $tmp); + } } } } -- cgit v1.2.3 From 9b788674275c843947d44934a50dd395b515737a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 18 Jun 2010 20:43:14 -0700 Subject: Simplify rest::get_access_key($user) to rest::access_key() that returns just the access key string for the active user. That's how we use the API, so keep it simple. --- modules/organize/controllers/organize.php | 2 +- modules/rest/controllers/rest.php | 3 +-- modules/rest/helpers/rest.php | 7 ++++--- modules/rest/tests/Rest_Controller_Test.php | 15 +++++---------- 4 files changed, 11 insertions(+), 16 deletions(-) (limited to 'modules/rest/helpers') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 732ac3f6..135a6fc9 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -39,7 +39,7 @@ class Organize_Controller extends Controller { $v = new View("organize_dialog.html"); $v->album = $album; $v->domain = $input->server("SERVER_NAME"); - $v->access_key = rest::get_access_key($user->id)->access_key; + $v->access_key = rest::access_key(); $v->file_filter = addslashes($file_filter); $v->sort_order = addslashes(json_encode($sort_order)); $v->sort_fields = addslashes(json_encode($sort_fields)); diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index acc4a7df..ccccc762 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -34,8 +34,7 @@ class Rest_Controller extends Controller { auth::login($user); - $key = rest::get_access_key($user->id); - rest::reply($key->access_key); + rest::reply(rest::access_key()); } public function __call($function, $args) { diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index b382cb29..0bad58f6 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -66,9 +66,9 @@ class rest_Core { identity::set_active_user($user); } - static function get_access_key($user_id) { + static function access_key() { $key = ORM::factory("user_access_key") - ->where("user_id", "=", $user_id) + ->where("user_id", "=", identity::active_user()->id) ->find(); if (!$key->loaded()) { @@ -76,7 +76,8 @@ class rest_Core { $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); $key->save(); } - return $key; + + return $key->access_key; } /** diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index fe83283d..0c8a4a98 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -21,8 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { public function setup() { $this->_save = array($_GET, $_POST, $_SERVER); - $key = rest::get_access_key(1); // admin user - $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key; + $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = rest::access_key(); } public function teardown() { @@ -83,11 +82,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "GET"; $_GET["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "get", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -96,11 +94,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "POST"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "post", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -110,11 +107,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "put", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -124,11 +120,10 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete"; $_POST["key"] = "value"; - $key = rest::get_access_key(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "delete", - "access_key" => $key->access_key, + "access_key" => rest::access_key(), "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } -- cgit v1.2.3 From fa404589d662bc4f304f05596b8cb563c715c3f2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 19 Jun 2010 10:24:26 -0700 Subject: Oops. Fix up a bad instance of $user in rest::access_key() introduced in my last change. --- modules/rest/helpers/rest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/rest/helpers') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 0bad58f6..bcb12d58 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -72,7 +72,7 @@ class rest_Core { ->find(); if (!$key->loaded()) { - $key->user_id = $user_id; + $key->user_id = identity::active_user()->id; $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key())); $key->save(); } -- cgit v1.2.3