From 04b90c3bdef9b2f4daf8bffc1e814b0bac9912f4 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 15 May 2010 23:42:55 -0700 Subject: Remove the item id from the rest/gallery/items url as that was inconsistent. Add the query parameter ancestors_for= to provide a restful way to retrieve the ancestors of an item. (cherry picked from commit e9c8a8ae532e785ab95e6b43864c93b485785d6c) Conflicts: modules/gallery/helpers/items_rest.php --- modules/gallery/helpers/items_rest.php | 60 ++++++++++--- modules/gallery/tests/Items_Rest_Helper_Test.php | 103 +++++++++++++++++++++++ 2 files changed, 149 insertions(+), 14 deletions(-) create mode 100644 modules/gallery/tests/Items_Rest_Helper_Test.php (limited to 'modules') diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 5d8e80b2..4f50e434 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -18,28 +18,60 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class items_rest_Core { + /** + * To retrieve a collection of items, you can specify the following query parameters to specify the + * type of the collection. If both are specified, then the url parameter is used and the + * ancestor_for is ignored. + * + * urls=url1,url2,url3 + * return items that match the specified urls. Typically used to return the member detail + * + * ancestor_for=url + * return the ancestors of the specified item + */ static function get($request) { - $items = array(); - if (isset($request->params->url)) { - foreach (json_decode($request->params->url) as $url) { + if (isset($request->params->urls)) { + foreach (json_decode($request->params->urls) as $url) { $item = rest::resolve($url); if (access::can("view", $item)) { - $item_rest = array("url" => $url, - "entity" => $item->as_restful_array(), - "relationship" => rest::relationships("item", $item)); - if ($item->type == "album") { - $members = array(); - foreach ($item->children() as $child) { - $members[] = rest::url("item", $child); - } - $item_rest["members"] = $members; - } - $items[] = $item_rest; + $items[] = items_rest::format_restful_item($item); } } + } else if (isset($request->params->ancestor_for)) { + $item = rest::resolve($request->params->ancestor_for); + if (!access::can("view", $item)) { + throw new Kohana_404_Exception(); + } + $items[] = items_rest::format_restful_item($item); + while (($item = $item->parent()) != null) { + array_unshift($items, items_rest::format_restful_item($item)); + }; } return $items; } + + static function resolve($id) { + $item = ORM::factory("item", $id); + if (!access::can("view", $item)) { + throw new Kohana_404_Exception(); + } + return $item; + } + + private static function format_restful_item($item) { + $item_rest = array("url" => rest::url("item", $item), + "entity" => $item->as_restful_array(), + "relationships" => rest::relationships("item", $item)); + if ($item->type == "album") { + $members = array(); + foreach ($item->children() as $child) { + $members[] = rest::url("item", $child); + } + $item_rest["members"] = $members; + } + + return $item_rest; + } } diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php new file mode 100644 index 00000000..cd01ae0c --- /dev/null +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -0,0 +1,103 @@ +reload(); + $album2->reload(); + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->urls = json_encode(array( + rest::url("item", $photo1), + rest::url("item", $album2))); + $this->assert_equal_array( + array( + array("url" => rest::url("item", $photo1), + "entity" => $photo1->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $photo1), + "members" => array()))), + array("url" => rest::url("item", $album2), + "entity" => $album2->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $album2), + "members" => array())), + "members" => array( + rest::url("item", $photo2)))), + items_rest::get($request)); + } + + public function get_ancestor_test() { + $album1 = test::random_album(); + $photo1 = test::random_photo($album1); + $album2 = test::random_album($album1); + $photo2 = test::random_photo($album2); + $album1->reload(); + $album2->reload(); + + $root = ORM::factory("item", 1); + $restful_root = array( + "url" => rest::url("item", $root), + "entity" => $root->as_restful_array(), + "relationships" => rest::relationships("item", $root)); + $restful_root["members"] = array(); + foreach ($root->children() as $child) { + $restful_root["members"][] = rest::url("item", $child); + } + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->ancestor_for = rest::url("item", $photo2); + $this->assert_equal_array( + array( + $restful_root, + array("url" => rest::url("item", $album1), + "entity" => $album1->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $album1), + "members" => array())), + "members" => array( + rest::url("item", $photo1), + rest::url("item", $album2)), + ), + array("url" => rest::url("item", $album2), + "entity" => $album2->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $album2), + "members" => array())), + "members" => array( + rest::url("item", $photo2))), + array("url" => rest::url("item", $photo2), + "entity" => $photo2->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $photo2), + "members" => array())))), + items_rest::get($request)); + } +} -- cgit v1.2.3 From a600185b605a37ca1b60cb6d9814d5441f54cd88 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 10 May 2010 06:31:38 -0700 Subject: Allow the use of the type query parameter to filter the results of a rest/gallery/items?urls=... request. This allows the client to pass the entire list of member urls and have the rest server filter the results based on the specified types. (cherry picked from commit 3fe10b15cf9359b66452c24965df575203e8af8e) --- modules/gallery/helpers/items_rest.php | 22 ++++-- modules/gallery/tests/Items_Rest_Helper_Test.php | 85 ++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 4f50e434..32597a65 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -19,23 +19,37 @@ */ class items_rest_Core { /** - * To retrieve a collection of items, you can specify the following query parameters to specify the - * type of the collection. If both are specified, then the url parameter is used and the - * ancestor_for is ignored. + * To retrieve a collection of items, you can specify the following query parameters to specify + * the type of the collection. If both are specified, then the url parameter is used and the + * ancestor_for is ignored. Specifying the "type" parameter with the urls parameter, will + * filter the results based on the specified type. Using the type parameter with the + * ancestor_for parameter makes no sense and will be ignored. * * urls=url1,url2,url3 * return items that match the specified urls. Typically used to return the member detail * * ancestor_for=url * return the ancestors of the specified item + * + * type= + * limit the type to types in this list. eg, "type=photo,movie" */ static function get($request) { $items = array(); if (isset($request->params->urls)) { foreach (json_decode($request->params->urls) as $url) { + if (isset($request->params->type)) { + $types = explode(",", $request->params->type); + } $item = rest::resolve($url); if (access::can("view", $item)) { - $items[] = items_rest::format_restful_item($item); + if (isset($types)) { + if (in_array($item->type, $types)) { + $items[] = items_rest::format_restful_item($item); + } + } else { + $items[] = items_rest::format_restful_item($item); + } } } } else if (isset($request->params->ancestor_for)) { diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index cd01ae0c..94bf912a 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -50,6 +50,91 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { items_rest::get($request)); } + public function get_url_filter_album_test() { + $album1 = test::random_album(); + $photo1 = test::random_photo($album1); + $album2 = test::random_album($album1); + $photo2 = test::random_photo($album2); + $album1->reload(); + $album2->reload(); + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->urls = json_encode(array( + rest::url("item", $photo1), + rest::url("item", $album2))); + $request->params->type = "album"; + $this->assert_equal_array( + array( + array("url" => rest::url("item", $album2), + "entity" => $album2->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $album2), + "members" => array())), + "members" => array( + rest::url("item", $photo2)))), + items_rest::get($request)); + } + + public function get_url_filter_photo_test() { + $album1 = test::random_album(); + $photo1 = test::random_photo($album1); + $album2 = test::random_album($album1); + $photo2 = test::random_photo($album2); + $album1->reload(); + $album2->reload(); + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->urls = json_encode(array( + rest::url("item", $photo1), + rest::url("item", $album2))); + $request->params->type = "photo"; + $this->assert_equal_array( + array( + array("url" => rest::url("item", $photo1), + "entity" => $photo1->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $photo1), + "members" => array())))), + items_rest::get($request)); + } + + public function get_url_filter_albums_photos_test() { + $album1 = test::random_album(); + $photo1 = test::random_photo($album1); + $album2 = test::random_album($album1); + $photo2 = test::random_photo($album2); + $album1->reload(); + $album2->reload(); + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->urls = json_encode(array( + rest::url("item", $photo1), + rest::url("item", $album2))); + $request->params->type = "photo,album"; + $this->assert_equal_array( + array( + array("url" => rest::url("item", $photo1), + "entity" => $photo1->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $photo1), + "members" => array()))), + array("url" => rest::url("item", $album2), + "entity" => $album2->as_restful_array(), + "relationships" => array( + "tags" => array( + "url" => rest::url("item_tags", $album2), + "members" => array())), + "members" => array( + rest::url("item", $photo2)))), + items_rest::get($request)); + } + public function get_ancestor_test() { $album1 = test::random_album(); $photo1 = test::random_photo($album1); -- cgit v1.2.3 From 686da5a3e069d180e198fcc8dc3e2ed422f725b9 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 18 May 2010 06:16:47 -0700 Subject: Save the item before updating the order of the children. Also always increment the weight count (even if it is equal to the weight of the current child) --- modules/gallery/helpers/item_rest.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 36d2ca62..298c2f4a 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -126,18 +126,19 @@ class item_rest_Core { } } } + $item->save(); - $weight = 0; if (isset($request->params->members)) { + $weight = 0; foreach ($request->params->members as $url) { $child = rest::resolve($url); if ($child->parent_id == $item->id && $child->weight != $weight) { - $child->weight = $weight++; + $child->weight = $weight; $child->save(); } + $weight++; } } - $item->save(); } static function post($request) { -- cgit v1.2.3 From ed1905d3f94847a64656e52858de8c363c001df7 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 4 Jun 2010 11:22:51 -0700 Subject: Change the name of the private format_restful_item to _format_restful_item so that the File_Structure_Test will pass. --- modules/gallery/helpers/items_rest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 32597a65..32f6c036 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -45,10 +45,10 @@ class items_rest_Core { if (access::can("view", $item)) { if (isset($types)) { if (in_array($item->type, $types)) { - $items[] = items_rest::format_restful_item($item); + $items[] = items_rest::_format_restful_item($item); } } else { - $items[] = items_rest::format_restful_item($item); + $items[] = items_rest::_format_restful_item($item); } } } @@ -57,9 +57,9 @@ class items_rest_Core { if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } - $items[] = items_rest::format_restful_item($item); + $items[] = items_rest::_format_restful_item($item); while (($item = $item->parent()) != null) { - array_unshift($items, items_rest::format_restful_item($item)); + array_unshift($items, items_rest::_format_restful_item($item)); }; } @@ -74,7 +74,7 @@ class items_rest_Core { return $item; } - private static function format_restful_item($item) { + private static function _format_restful_item($item) { $item_rest = array("url" => rest::url("item", $item), "entity" => $item->as_restful_array(), "relationships" => rest::relationships("item", $item)); -- cgit v1.2.3 From fd437aec2bbd3e65b330b0790af970ca7e078636 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 4 Jun 2010 13:58:49 -0700 Subject: Correct XSS Security Test golden file for recent changes. Update the controller_auth data file for the rename of admin_comments to admin_manage_comments. --- modules/gallery/tests/controller_auth_data.txt | 2 +- modules/gallery/tests/xss_data.txt | 37 +++++++++++++------------- 2 files changed, 19 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 0aa26057..94e7a07f 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,4 +1,4 @@ -modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/comment/controllers/admin_manage_comments.php queue DIRTY_CSRF modules/comment/helpers/comment_rss.php feed DIRTY_AUTH modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/digibug/controllers/digibug.php close_window DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index afad9e13..0a75d6f7 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -4,21 +4,21 @@ modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urle modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) -modules/comment/views/admin_comments.html.php 43 DIRTY $menu->render() -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR $comment->id -modules/comment/views/admin_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/comment/views/admin_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) -modules/comment/views/admin_comments.html.php 123 DIRTY_JS $item->url() -modules/comment/views/admin_comments.html.php 125 DIRTY_ATTR $item->thumb_url() -modules/comment/views/admin_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) -modules/comment/views/admin_comments.html.php 135 DIRTY gallery::date($comment->created) -modules/comment/views/admin_comments.html.php 142 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 151 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 160 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 169 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 176 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 184 DIRTY_JS $comment->id -modules/comment/views/admin_comments.html.php 197 DIRTY $pager +modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render() +modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id +modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/comment/views/admin_manage_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/admin_manage_comments.html.php 123 DIRTY_JS $item->url() +modules/comment/views/admin_manage_comments.html.php 125 DIRTY_ATTR $item->thumb_url() +modules/comment/views/admin_manage_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) +modules/comment/views/admin_manage_comments.html.php 135 DIRTY gallery::date($comment->created) +modules/comment/views/admin_manage_comments.html.php 142 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 151 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 160 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 169 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 176 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 184 DIRTY_JS $comment->id +modules/comment/views/admin_manage_comments.html.php 197 DIRTY $pager modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id; modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri @@ -175,7 +175,7 @@ modules/gallery/views/move_tree.html.php 15 DIRTY_JS $child modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) modules/gallery/views/movieplayer.html.php 5 DIRTY_JS $attrs["id"] modules/gallery/views/movieplayer.html.php 7 DIRTY_JS url::abs_file("lib/flowplayer.swf") -modules/gallery/views/movieplayer.html.php 13 DIRTY_JS url::abs_file("lib/flowplayer.h264streaming.swf") +modules/gallery/views/movieplayer.html.php 14 DIRTY_JS url::abs_file("lib/flowplayer.pseudostreaming.swf") modules/gallery/views/permissions_browse.html.php 3 DIRTY_JS url::site("permissions/form/__ITEM__") modules/gallery/views/permissions_browse.html.php 16 DIRTY_JS url::site("permissions/change/__CMD__/__GROUP__/__PERM__/__ITEM__?csrf=$csrf") modules/gallery/views/permissions_browse.html.php 43 DIRTY_ATTR $parent->id @@ -320,7 +320,6 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url -themes/admin_wind/views/admin.html.php 9 DIRTY $page_title themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url() themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head() themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top() @@ -363,7 +362,7 @@ themes/wind/views/dynamic.html.php 16 DIRTY_ATTR $chi themes/wind/views/dynamic.html.php 17 DIRTY_ATTR $child->thumb_height themes/wind/views/dynamic.html.php 29 DIRTY $theme->paginator() themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() -themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-movie-id-{$item->id}")) +themes/wind/views/movie.html.php 8 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) themes/wind/views/page.html.php 9 DIRTY $page_title themes/wind/views/page.html.php 33 DIRTY_JS $theme->url() themes/wind/views/page.html.php 42 DIRTY $new_width @@ -384,4 +383,4 @@ themes/wind/views/photo.html.php 8 DIRTY_JS $theme themes/wind/views/photo.html.php 8 DIRTY_JS $theme->item()->height themes/wind/views/photo.html.php 18 DIRTY $theme->paginator() themes/wind/views/photo.html.php 23 DIRTY_JS $item->file_url() -themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-photo-id-{$item->id}","class"=>"g-resize")) +themes/wind/views/photo.html.php 25 DIRTY $item->resize_img(array("id"=>"g-item-id-{$item->id}","class"=>"g-resize")) -- cgit v1.2.3 From 481ef823dd04daff736b5a98472322e28bd4e756 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 19:45:15 -0700 Subject: Add an advanced setting to allow developers to allow guest access to REST entities. --- modules/rest/helpers/rest.php | 7 ++++++- modules/rest/helpers/rest_installer.php | 8 +++++++- modules/rest/module.info | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 49999520..72927c71 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -39,7 +39,12 @@ class rest_Core { static function set_active_user($access_key) { if (empty($access_key)) { - throw new Rest_Exception("Forbidden", 403); + if (module::get_var("rest", "allow_guest_access")) { + identity::set_active_user(identity::guest()); + return; + } else { + throw new Rest_Exception("Forbidden", 403); + } } $key = ORM::factory("user_access_key") diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php index aeb9573e..c2694a29 100644 --- a/modules/rest/helpers/rest_installer.php +++ b/modules/rest/helpers/rest_installer.php @@ -28,7 +28,8 @@ class rest_installer { UNIQUE KEY(`access_key`), UNIQUE KEY(`user_id`)) DEFAULT CHARSET=utf8;"); - module::set_version("rest", 2); + module::set_var("rest", "allow_guest_access", false); + module::set_version("rest", 3); } static function upgrade($version) { @@ -37,6 +38,11 @@ class rest_installer { $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}"); module::set_version("rest", $version = 2); } + + if ($version == 2) { + module::set_var("rest", "allow_guest_access", false); + module::set_version("rest", $version = 3); + } } static function uninstall() { diff --git a/modules/rest/module.info b/modules/rest/module.info index 3ab7e165..4b6b5464 100644 --- a/modules/rest/module.info +++ b/modules/rest/module.info @@ -1,4 +1,4 @@ name = "REST Access Module" description = "The RESTful implementation/interface to Gallery3" -version = 2 +version = 3 -- cgit v1.2.3 From 0350cf3cd85d0ca89d3a9fb1385d43350d3df9aa Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 22:50:20 -0700 Subject: Fix a comment typo. --- modules/gallery/helpers/module.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 18d65ed5..12cec38c 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -215,7 +215,7 @@ class module_Core { } } - // Now the module is upgraded so deactivate it, but we can'it deactivae gallery or the + // Now the module is upgraded so deactivate it, but we can't deactivate gallery or the // current identity provider. $identity_provider = module::get_var("gallery", "identity_provider", "user"); if (!in_array($module_name, array("gallery", $identity_provider)) ) { -- cgit v1.2.3 From 10895ca5298dc71410cfd87fe8a28c4f976c2234 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 23:04:23 -0700 Subject: Undo the change added in e4eedbce2298535540cb651d75ba6f1bf42cf02b which deactivates modules on upgrade. No idea why we did that, but it breaks upgrading because it deactivates any module that's been upgraded. --- modules/gallery/helpers/module.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 12cec38c..5134c7b3 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -214,13 +214,6 @@ class module_Core { throw new Exception("@todo UNKNOWN_MODULE"); } } - - // Now the module is upgraded so deactivate it, but we can't deactivate gallery or the - // current identity provider. - $identity_provider = module::get_var("gallery", "identity_provider", "user"); - if (!in_array($module_name, array("gallery", $identity_provider)) ) { - self::deactivate($module_name); - } module::load_modules(); $version_after = module::get_version($module_name); -- cgit v1.2.3 From 87fde3f360d557d48241d09cae4f25949e748d4f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 23:35:32 -0700 Subject: Create a UI under Admin > Settings > Comments where you can limit comments only to registered users. It's simplistic, but is better than adding a permission since generally this setting will be used Gallery-wide. Fixes ticket #1002 --- modules/comment/controllers/admin_comments.php | 52 ++++++++++++++++++++++++++ modules/comment/controllers/comments.php | 6 +++ modules/comment/helpers/comment.php | 5 +++ modules/comment/helpers/comment_event.php | 2 - modules/comment/helpers/comment_installer.php | 8 +++- modules/comment/module.info | 2 +- modules/comment/views/admin_comments.html.php | 7 ++++ modules/comment/views/comments.html.php | 5 ++- 8 files changed, 82 insertions(+), 5 deletions(-) create mode 100644 modules/comment/controllers/admin_comments.php create mode 100644 modules/comment/views/admin_comments.html.php (limited to 'modules') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php new file mode 100644 index 00000000..fda3873c --- /dev/null +++ b/modules/comment/controllers/admin_comments.php @@ -0,0 +1,52 @@ +page_title = t("Comment settings"); + $view->content = new View("admin_comments.html"); + $view->content->form = $this->_get_admin_form(); + print $view; + } + + public function save() { + access::verify_csrf(); + $form = $this->_get_admin_form(); + $form->validate(); + module::set_var("comment", "access_permissions", + $form->comment_settings->access_permissions->value); + message::success(t("Comment settings updated")); + url::redirect("admin/comments"); + } + + private function _get_admin_form() { + $form = new Forge("admin/comments/save", "", "post", + array("id" => "g-comments-admin-form")); + $comment_settings = $form->group("comment_settings")->label(t("Permissions")); + $comment_settings->dropdown("access_permissions") + ->label(t("Who can leave comments?")) + ->options(array("everybody" => t("Everybody"), + "registered_users" => t("Only registered users"))) + ->selected(module::get_var("comment", "access_permissions")); + $comment_settings->submit("save")->value(t("Save")); + return $form; + } +} + diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 465b1bcd..c42ad24e 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -24,6 +24,9 @@ class Comments_Controller extends Controller { public function create($id) { $item = ORM::factory("item", $id); access::required("view", $item); + if (!comment::can_comment()) { + access::forbidden(); + } $form = comment::get_add_form($item); try { @@ -69,6 +72,9 @@ class Comments_Controller extends Controller { public function form_add($item_id) { $item = ORM::factory("item", $item_id); access::required("view", $item); + if (!comment::can_comment()) { + access::forbidden(); + } print comment::prefill_add_form(comment::get_add_form($item)); } diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 94b14d0d..92a286c7 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -60,5 +60,10 @@ class comment_Core { } return $form; } + + static function can_comment() { + return !identity::active_user()->guest || + module::get_var("comment", "access_permissions") == "everybody"; + } } diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index 25fd4171..33d4cd05 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -51,13 +51,11 @@ class comment_event_Core { } static function admin_menu($menu, $theme) { - /* $menu->get("settings_menu") ->append(Menu::factory("link") ->id("comment") ->label(t("Comments")) ->url(url::site("admin/comments"))); - */ $menu->get("content_menu") ->append(Menu::factory("link") diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index 9ca47f1a..7a32bf67 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -47,7 +47,8 @@ class comment_installer { DEFAULT CHARSET=utf8;"); module::set_var("comment", "spam_caught", 0); - module::set_version("comment", 2); + module::set_var("comment", "access_permissions", "everybody"); + module::set_version("comment", 3); } static function upgrade($version) { @@ -56,6 +57,11 @@ class comment_installer { $db->query("ALTER TABLE {comments} CHANGE `state` `state` varchar(15) default 'unpublished'"); module::set_version("comment", 2); } + + if ($version == 2) { + module::set_var("comment", "access_permissions", "everybody"); + module::set_version("comment", 3); + } } static function uninstall() { diff --git a/modules/comment/module.info b/modules/comment/module.info index c371cf27..cd34f140 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -1,3 +1,3 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." -version = 2 +version = 3 diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php new file mode 100644 index 00000000..dc6985b2 --- /dev/null +++ b/modules/comment/views/admin_comments.html.php @@ -0,0 +1,7 @@ + +
+

+
+ +
+
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index e4322e08..9a608a43 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -1,9 +1,12 @@ - id}") ?>#comment-form" id="g-add-comment" + +id}") ?>#comment-form" id="g-add-comment" class="g-button ui-corner-all ui-icon-left ui-state-default"> + +
count()): ?>

-- cgit v1.2.3 From 4e56176f35fe624d2d3a587636a4a45ea387be09 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Jun 2010 23:47:47 -0700 Subject: item::random_query() doesn't need to take a "where" clause because it's returning a query, so the caller can add the where clause himself. This makes for a cleaner API. --- modules/gallery/helpers/item.php | 5 +---- modules/image_block/helpers/image_block_block.php | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index 43c93225..bbbe1058 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -209,17 +209,14 @@ class item_Core { /** * Return a query to get a random Item_Model, with optional filters - * - * @param array (optional) where tuple */ - static function random_query($where=null) { + static function random_query() { // Pick a random number and find the item that's got nearest smaller number. // This approach works best when the random numbers in the system are roughly evenly // distributed so this is going to be more efficient with larger data sets. return ORM::factory("item") ->viewable() ->where("rand_key", "<", ((float)mt_rand()) / (float)mt_getrandmax()) - ->merge_where($where) ->order_by("rand_key", "DESC"); } } \ No newline at end of file diff --git a/modules/image_block/helpers/image_block_block.php b/modules/image_block/helpers/image_block_block.php index 51ccc4a0..da6e8782 100644 --- a/modules/image_block/helpers/image_block_block.php +++ b/modules/image_block/helpers/image_block_block.php @@ -31,7 +31,7 @@ class image_block_block_Core { // @todo Consider another fallback if further optimizations are necessary. $attempts = 0; do { - $item = item::random_query(array(array("type", "!=", "album")))->find_all(1)->current(); + $item = item::random_query()->where("type", "!=", "album")->find_all(1)->current(); } while (!$item && $attempts++ < 3); if ($item && $item->loaded()) { $block = new Block(); -- cgit v1.2.3 From e1d3b0295d0f6d098a7b5563aa1f5b6af247319f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 6 Jun 2010 12:42:16 -0700 Subject: Change "ancestor_for" to "ancestors_for" for consistency. --- modules/gallery/helpers/items_rest.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 32f6c036..9cca9a54 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -21,14 +21,14 @@ class items_rest_Core { /** * To retrieve a collection of items, you can specify the following query parameters to specify * the type of the collection. If both are specified, then the url parameter is used and the - * ancestor_for is ignored. Specifying the "type" parameter with the urls parameter, will + * ancestors_for is ignored. Specifying the "type" parameter with the urls parameter, will * filter the results based on the specified type. Using the type parameter with the - * ancestor_for parameter makes no sense and will be ignored. + * ancestors_for parameter makes no sense and will be ignored. * * urls=url1,url2,url3 * return items that match the specified urls. Typically used to return the member detail * - * ancestor_for=url + * ancestors_for=url * return the ancestors of the specified item * * type= @@ -52,8 +52,8 @@ class items_rest_Core { } } } - } else if (isset($request->params->ancestor_for)) { - $item = rest::resolve($request->params->ancestor_for); + } else if (isset($request->params->ancestors_for)) { + $item = rest::resolve($request->params->ancestors_for); if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } -- cgit v1.2.3 From aeee88031fed7029c3320800d237b69993e8b6d4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 6 Jun 2010 13:06:08 -0700 Subject: Fix an unused variable caused by converting straight query params to $entity based params. --- modules/gallery/helpers/item_rest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 298c2f4a..c88f92d9 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -152,7 +152,7 @@ class item_rest_Core { $item->type = "album"; $item->parent_id = $parent->id; $item->name = $entity->name; - $item->title = isset($entity->title) ? $entity->title : $name; + $item->title = isset($entity->title) ? $entity->title : $entity->name; $item->description = isset($entity->description) ? $entity->description : null; $item->slug = isset($entity->slug) ? $entity->slug : null; $item->save(); -- cgit v1.2.3