From a04d0d278964c93b4829ec2e77f5f315abcba392 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 Jan 2010 19:42:38 -0800 Subject: Add missing permission checks. Make the tag relationship an associative array. --- modules/tag/helpers/tag_item_rest.php | 6 +++--- modules/tag/helpers/tag_items_rest.php | 8 ++++++-- 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'modules/tag/helpers') diff --git a/modules/tag/helpers/tag_item_rest.php b/modules/tag/helpers/tag_item_rest.php index 60d37437..672cec53 100644 --- a/modules/tag/helpers/tag_item_rest.php +++ b/modules/tag/helpers/tag_item_rest.php @@ -23,8 +23,8 @@ class tag_item_rest_Core { return array( "url" => $request->url, "members" => array( - rest::url("tag", $tag), - rest::url("item", $item))); + "tag" => rest::url("tag", $tag), + "item" => rest::url("item", $item))); } static function delete($request) { @@ -37,7 +37,7 @@ class tag_item_rest_Core { list ($tag_id, $item_id) = split(",", $tuple); $tag = ORM::factory("tag", $tag_id); $item = ORM::factory("item", $item_id); - if (!$tag->loaded() || !$item->loaded() || !$tag->has($item)) { + if (!$tag->loaded() || !$item->loaded() || !$tag->has($item) || !access::can("view", $item)) { throw new Kohana_404_Exception(); } diff --git a/modules/tag/helpers/tag_items_rest.php b/modules/tag/helpers/tag_items_rest.php index ef563ac6..18973ebb 100644 --- a/modules/tag/helpers/tag_items_rest.php +++ b/modules/tag/helpers/tag_items_rest.php @@ -37,12 +37,16 @@ class tag_items_rest_Core { $item = rest::resolve($request->params->item); access::required("view", $item); + if (!$tag->loaded()) { + throw new Kohana_404_Exception(); + } + tag::add($item, $tag->name); return array( "url" => rest::url("tag_item", $tag, $item), "members" => array( - rest::url("tag", $tag), - rest::url("item", $item))); + "tag" => rest::url("tag", $tag), + "item" => rest::url("item", $item))); } static function delete($request) { -- cgit v1.2.3