From c3c2b45280c461acc8a63ac9c73d054f9a109234 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 3 Mar 2010 10:15:34 -0800
Subject: Update the copyright to 2010.  It's only 3 months into the year :-)

---
 modules/rest/controllers/rest.php           | 2 +-
 modules/rest/helpers/rest.php               | 2 +-
 modules/rest/helpers/rest_event.php         | 2 +-
 modules/rest/helpers/rest_installer.php     | 2 +-
 modules/rest/libraries/Rest_Exception.php   | 2 +-
 modules/rest/models/user_access_token.php   | 2 +-
 modules/rest/tests/Rest_Controller_Test.php | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'modules/rest')

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index b8d9a889..eed54bd4 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 1ee72aed..cd962057 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index c46e65c4..91affe7a 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index 9fbc5b2e..f69f62d1 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/libraries/Rest_Exception.php b/modules/rest/libraries/Rest_Exception.php
index c3548b7e..505c2e7a 100644
--- a/modules/rest/libraries/Rest_Exception.php
+++ b/modules/rest/libraries/Rest_Exception.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_token.php
index 5669d8d1..44330768 100644
--- a/modules/rest/models/user_access_token.php
+++ b/modules/rest/models/user_access_token.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index 9f73bed9..a5c7dda6 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.");
 /**
  * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
+ * Copyright (C) 2000-2010 Bharat Mediratta
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
-- 
cgit v1.2.3


From 05d345e16dd04a4c8c766ffeb35bf56ff2362cd9 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 3 Mar 2010 10:17:48 -0800
Subject: Guests don't get access to the REST API.

---
 modules/rest/helpers/rest.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'modules/rest')

diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index cd962057..7440350f 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -39,8 +39,7 @@ class rest_Core {
 
   static function set_active_user($access_token) {
     if (empty($access_token)) {
-      identity::set_active_user(identity::guest());
-      return;
+      throw new Rest_Exception("Forbidden", 403);
     }
 
     $key = ORM::factory("user_access_token")
-- 
cgit v1.2.3


From be580c9554602c02247fbc2f7401965b9ed00f0b Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 5 Mar 2010 21:42:39 -0800
Subject: Update tests to reflect the fact that you have to be logged in to do
 anything.

---
 modules/rest/tests/Rest_Controller_Test.php | 32 ++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 12 deletions(-)

(limited to 'modules/rest')

diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index a5c7dda6..21be8300 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -20,6 +20,9 @@
 class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
+
+    $key = rest::get_access_token(1);  // admin user
+    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
   }
 
   public function teardown() {
@@ -60,24 +63,26 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
   }
 
   public function get_test() {
+    unset($_SERVER["HTTP_X_GALLERY_REQUEST_KEY"]);
+
     $_SERVER["REQUEST_METHOD"] = "GET";
     $_GET["key"] = "value";
 
-    $this->assert_array_equal_to_json(
-      array("params" => array("key" => "value"),
-            "method" => "get",
-            "access_token" => null,
-            "url" => "http://./index.php/gallery_unit_test"),
-      test::call_and_capture(array(new Rest_Controller(), "mock")));
+    try {
+      test::call_and_capture(array(new Rest_Controller(), "mock"));
+    } catch (Rest_Exception $e) {
+      $this->assert_same(403, $e->getCode());
+      return;
+    }
+
+    $this->assert_true(false, "Should be forbidden");
   }
 
   public function get_with_access_key_test() {
-    $key = rest::get_access_token(1);  // admin user
-
     $_SERVER["REQUEST_METHOD"] = "GET";
-    $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
     $_GET["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "get",
@@ -90,10 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "post",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -103,10 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "put",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
@@ -116,10 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
     $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
     $_POST["key"] = "value";
 
+    $key = rest::get_access_token(1);  // admin user
     $this->assert_array_equal_to_json(
       array("params" => array("key" => "value"),
             "method" => "delete",
-            "access_token" => null,
+            "access_token" => $key->access_key,
             "url" => "http://./index.php/gallery_unit_test"),
       test::call_and_capture(array(new Rest_Controller(), "mock")));
   }
-- 
cgit v1.2.3


From 13f5d3aa33616c650b84f504e11d1117769266d1 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 13 Mar 2010 23:11:33 -0800
Subject: Whitespace correction

---
 modules/rest/controllers/rest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/rest')

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index eed54bd4..9f9b9aff 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -36,7 +36,7 @@ class Rest_Controller extends Controller {
 
     $key = rest::get_access_token($user->id);
     rest::reply($key->access_key);
- }
+  }
 
   public function __call($function, $args) {
     $input = Input::instance();
-- 
cgit v1.2.3