From fef5cf9865962ce9fed583752c0671a0a5e090cf Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 7 Jun 2010 07:09:39 -0700 Subject: If the identity provider changes then delete all the rest user_access_keys, as they are no longer valid. (i.e. all the related users have been deleted.) --- modules/rest/helpers/rest_event.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules') diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index e4e53ef6..f23b9a58 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -29,6 +29,13 @@ class rest_event { ->execute(); } + + static function change_provider($new_provider) { + db::build() + ->delete("user_access_keys") + ->execute(); + } + /** * Called after a user has been added. Just add a remote access key * on every add. -- cgit v1.2.3 From 5151f0b86526f619cb171a599f79a883addcf343 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 Jun 2010 22:18:09 -0700 Subject: Improve a comment. --- modules/gallery_unit_test/controllers/gallery_unit_test.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery_unit_test/controllers/gallery_unit_test.php b/modules/gallery_unit_test/controllers/gallery_unit_test.php index 80ee16d9..e241e1dd 100644 --- a/modules/gallery_unit_test/controllers/gallery_unit_test.php +++ b/modules/gallery_unit_test/controllers/gallery_unit_test.php @@ -89,7 +89,9 @@ class Gallery_Unit_Test_Controller extends Controller { } } - // Clean out the filesystem + // Clean out the filesystem. Note that this cleans out test/var/database.php, but that's ok + // because we technically don't need it anymore. If this is confusing, we could always + // arrange to preserve that one file. @system("rm -rf test/var"); @mkdir('test/var/logs', 0777, true); -- cgit v1.2.3 From 98fce83de5f772482382bfabdbcd94c25ecdbb1a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 Jun 2010 22:23:46 -0700 Subject: Add a "convert_ids" parameter to Item_Model::as_restful_array(), which we can turn on with a query parameter. --- modules/gallery/models/item.php | 20 ++++++++++++-------- modules/gallery/tests/Item_Model_Test.php | 12 ++++++++++++ 2 files changed, 24 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 409ed3cc..dfcbdd70 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -924,17 +924,21 @@ class Item_Model extends ORM_MPTT { /** * Same as ORM::as_array() but convert id fields into their RESTful form. */ - public function as_restful_array() { + public function as_restful_array($convert_ids=true) { // Convert item ids to rest URLs for consistency $data = $this->as_array(); - if ($tmp = $this->parent()) { - $data["parent"] = rest::url("item", $tmp); - } - unset($data["parent_id"]); - if ($tmp = $this->album_cover()) { - $data["album_cover"] = rest::url("item", $tmp); + + if ($convert_ids) { + if ($tmp = $this->parent()) { + $data["parent"] = rest::url("item", $tmp); + } + unset($data["parent_id"]); + + if ($tmp = $this->album_cover()) { + $data["album_cover"] = rest::url("item", $tmp); + } + unset($data["album_cover_item_id"]); } - unset($data["album_cover_item_id"]); if (access::can("view_full", $this) && $this->is_photo()) { $data["file_url"] = $this->file_url(true); diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 15aa2d8c..9d3f54f2 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -364,6 +364,18 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(!array_key_exists("album_cover_item_id", $result)); } + public function as_restful_array_with_ids_test() { + $album = test::random_album(); + $photo = test::random_photo($album); + $album->reload(); + + $result = $album->as_restful_array(false); + $this->assert_same(item::root()->id, $result["parent_id"]); + $this->assert_same($photo->id, $result["album_cover_item_id"]); + $this->assert_true(!array_key_exists("parent", $result)); + $this->assert_true(!array_key_exists("album_cover_item", $result)); + } + public function first_photo_becomes_album_cover() { $album = test::random_album(); $photo = test::random_photo($album); -- cgit v1.2.3 From 6425d41eddd44091b2d83ba3c3734cc6990ca581 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 Jun 2010 23:12:52 -0700 Subject: Add a "preserve_ids" global query parameter for REST requests that indicates that we shouldn't opportunistically convert ids into REST urls. --- modules/gallery/helpers/item_rest.php | 3 +- modules/gallery/helpers/items_rest.php | 14 ++++++---- modules/gallery/models/item.php | 7 +++-- modules/gallery/tests/Item_Model_Test.php | 4 +-- modules/gallery/tests/Item_Rest_Helper_Test.php | 21 ++++++++++---- modules/gallery/tests/Items_Rest_Helper_Test.php | 35 ++++++++++++++++-------- 6 files changed, 57 insertions(+), 27 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index c88f92d9..1d19d9f1 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -78,9 +78,10 @@ class item_rest_Core { } $orm->order_by($order_by); + $preserve_ids = isset($p->preserve_ids) ? (bool)$p->preserve_ids : false; $result = array( "url" => $request->url, - "entity" => $item->as_restful_array(), + "entity" => $item->as_restful_array($preserve_ids), "relationships" => rest::relationships("item", $item)); if ($item->is_album()) { $result["members"] = array(); diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index 9cca9a54..e9773745 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -36,6 +36,8 @@ class items_rest_Core { */ static function get($request) { $items = array(); + $preserve_ids = isset($request->params->preserve_ids) ? + (bool)$request->params->preserve_ids : false; if (isset($request->params->urls)) { foreach (json_decode($request->params->urls) as $url) { if (isset($request->params->type)) { @@ -45,10 +47,10 @@ class items_rest_Core { if (access::can("view", $item)) { if (isset($types)) { if (in_array($item->type, $types)) { - $items[] = items_rest::_format_restful_item($item); + $items[] = items_rest::_format_restful_item($item, $preserve_ids); } } else { - $items[] = items_rest::_format_restful_item($item); + $items[] = items_rest::_format_restful_item($item, $preserve_ids); } } } @@ -57,9 +59,9 @@ class items_rest_Core { if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } - $items[] = items_rest::_format_restful_item($item); + $items[] = items_rest::_format_restful_item($item, $preserve_ids); while (($item = $item->parent()) != null) { - array_unshift($items, items_rest::_format_restful_item($item)); + array_unshift($items, items_rest::_format_restful_item($item, $preserve_ids)); }; } @@ -74,9 +76,9 @@ class items_rest_Core { return $item; } - private static function _format_restful_item($item) { + private static function _format_restful_item($item, $preserve_ids) { $item_rest = array("url" => rest::url("item", $item), - "entity" => $item->as_restful_array(), + "entity" => $item->as_restful_array($preserve_ids), "relationships" => rest::relationships("item", $item)); if ($item->type == "album") { $members = array(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index dfcbdd70..f59caa65 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -923,12 +923,15 @@ class Item_Model extends ORM_MPTT { /** * Same as ORM::as_array() but convert id fields into their RESTful form. + * Convert any item ids into REST urls + * + * @param bool preserve_ids true if we should preserve ids */ - public function as_restful_array($convert_ids=true) { + public function as_restful_array($preserve_ids) { // Convert item ids to rest URLs for consistency $data = $this->as_array(); - if ($convert_ids) { + if (!$preserve_ids) { if ($tmp = $this->parent()) { $data["parent"] = rest::url("item", $tmp); } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 9d3f54f2..6c5882c4 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -357,7 +357,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo = test::random_photo($album); $album->reload(); - $result = $album->as_restful_array(); + $result = $album->as_restful_array(false); $this->assert_same(rest::url("item", item::root()), $result["parent"]); $this->assert_same(rest::url("item", $photo), $result["album_cover"]); $this->assert_true(!array_key_exists("parent_id", $result)); @@ -369,7 +369,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo = test::random_photo($album); $album->reload(); - $result = $album->as_restful_array(false); + $result = $album->as_restful_array(true); $this->assert_same(item::root()->id, $result["parent_id"]); $this->assert_same($photo->id, $result["album_cover_item_id"]); $this->assert_true(!array_key_exists("parent", $result)); diff --git a/modules/gallery/tests/Item_Rest_Helper_Test.php b/modules/gallery/tests/Item_Rest_Helper_Test.php index 0b5e0471..5a80d66b 100644 --- a/modules/gallery/tests/Item_Rest_Helper_Test.php +++ b/modules/gallery/tests/Item_Rest_Helper_Test.php @@ -28,6 +28,17 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal($album->id, $resolved->id); } + public function get_with_ids_test() { + $photo1 = test::random_photo(item::root()); + $request = new stdClass(); + $request->url = rest::url("item", $photo1); + $request->params = new stdClass(); + $request->params->preserve_ids = 1; + + $response = item_rest::get($request); + $this->assert_equal(item::root()->id, $response["entity"]["parent_id"]); // Spot check + } + public function get_scope_test() { $album1 = test::random_album(); $photo1 = test::random_photo($album1); @@ -41,7 +52,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params = new stdClass(); $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -56,7 +67,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->scope = "direct"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -71,7 +82,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->scope = "all"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -98,7 +109,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->name = "foo"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -121,7 +132,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->type = "album"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 94bf912a..3efd677d 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -34,13 +34,13 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(), + "entity" => $photo1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), "members" => array()))), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + "entity" => $album2->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -67,7 +67,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + "entity" => $album2->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -94,7 +94,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(), + "entity" => $photo1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), @@ -119,13 +119,13 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(), + "entity" => $photo1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), "members" => array()))), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + "entity" => $album2->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -146,7 +146,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $root = ORM::factory("item", 1); $restful_root = array( "url" => rest::url("item", $root), - "entity" => $root->as_restful_array(), + "entity" => $root->as_restful_array(false), "relationships" => rest::relationships("item", $root)); $restful_root["members"] = array(); foreach ($root->children() as $child) { @@ -155,12 +155,12 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); - $request->params->ancestor_for = rest::url("item", $photo2); + $request->params->ancestors_for = rest::url("item", $photo2); $this->assert_equal_array( array( $restful_root, array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(), + "entity" => $album1->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -170,7 +170,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { rest::url("item", $album2)), ), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(), + "entity" => $album2->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -178,11 +178,24 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { "members" => array( rest::url("item", $photo2))), array("url" => rest::url("item", $photo2), - "entity" => $photo2->as_restful_array(), + "entity" => $photo2->as_restful_array(false), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo2), "members" => array())))), items_rest::get($request)); } + + public function get_ancestor_with_ids_test() { + $album1 = test::random_album(); + $photo1 = test::random_photo($album1); + + $request = new stdClass(); + $request->params = new stdClass(); + $request->params->ancestors_for = rest::url("item", $photo1); + $request->params->preserve_ids = 1; + + $response = items_rest::get($request); + $this->assert_same(item::root()->id, $response[1]["entity"]["parent_id"]); // Spot check + } } -- cgit v1.2.3 From b40057283e1dfbb3bbb41a6dfc8ccc8e2111d810 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 8 Jun 2010 20:59:24 -0700 Subject: Add a "can_edit" field to the Item_Model's REST output. It's applicable to the current user. --- modules/gallery/models/item.php | 1 + modules/gallery/tests/Item_Model_Test.php | 13 +++++++++++++ 2 files changed, 14 insertions(+) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index f59caa65..a0866934 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -951,6 +951,7 @@ class Item_Model extends ORM_MPTT { $data["resize_url"] = $tmp; } $data["thumb_url"] = $this->thumb_url(true); + $data["can_edit"] = access::can("edit", $this); // Elide some internal-only data that is going to cause confusion in the client. foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 6c5882c4..3df6197d 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -18,6 +18,10 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Item_Model_Test extends Gallery_Unit_Test_Case { + public function teardown() { + identity::set_active_user(identity::admin_user()); + } + public function saving_sets_created_and_updated_dates_test() { $item = test::random_photo(); $this->assert_true(!empty($item->created)); @@ -376,6 +380,15 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(!array_key_exists("album_cover_item", $result)); } + public function as_restful_array_with_edit_bit_test() { + $response = item::root()->as_restful_array(true); + $this->assert_true($response["can_edit"]); + + identity::set_active_user(identity::guest()); + $response = item::root()->as_restful_array(true); + $this->assert_false($response["can_edit"]); + } + public function first_photo_becomes_album_cover() { $album = test::random_album(); $photo = test::random_photo($album); -- cgit v1.2.3 From 3dacafb7182dd915c4c6d4e7d75722976e231465 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 9 Jun 2010 20:49:32 -0700 Subject: Revert the "preserve_ids" global query parameter. We decided that it was a bad idea. This reverts commit 6425d41eddd44091b2d83ba3c3734cc6990ca581. --- modules/gallery/helpers/item_rest.php | 3 +- modules/gallery/helpers/items_rest.php | 14 ++++------ modules/gallery/models/item.php | 7 ++--- modules/gallery/tests/Item_Model_Test.php | 4 +-- modules/gallery/tests/Item_Rest_Helper_Test.php | 21 ++++---------- modules/gallery/tests/Items_Rest_Helper_Test.php | 35 ++++++++---------------- 6 files changed, 27 insertions(+), 57 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item_rest.php b/modules/gallery/helpers/item_rest.php index 1d19d9f1..c88f92d9 100644 --- a/modules/gallery/helpers/item_rest.php +++ b/modules/gallery/helpers/item_rest.php @@ -78,10 +78,9 @@ class item_rest_Core { } $orm->order_by($order_by); - $preserve_ids = isset($p->preserve_ids) ? (bool)$p->preserve_ids : false; $result = array( "url" => $request->url, - "entity" => $item->as_restful_array($preserve_ids), + "entity" => $item->as_restful_array(), "relationships" => rest::relationships("item", $item)); if ($item->is_album()) { $result["members"] = array(); diff --git a/modules/gallery/helpers/items_rest.php b/modules/gallery/helpers/items_rest.php index e9773745..9cca9a54 100644 --- a/modules/gallery/helpers/items_rest.php +++ b/modules/gallery/helpers/items_rest.php @@ -36,8 +36,6 @@ class items_rest_Core { */ static function get($request) { $items = array(); - $preserve_ids = isset($request->params->preserve_ids) ? - (bool)$request->params->preserve_ids : false; if (isset($request->params->urls)) { foreach (json_decode($request->params->urls) as $url) { if (isset($request->params->type)) { @@ -47,10 +45,10 @@ class items_rest_Core { if (access::can("view", $item)) { if (isset($types)) { if (in_array($item->type, $types)) { - $items[] = items_rest::_format_restful_item($item, $preserve_ids); + $items[] = items_rest::_format_restful_item($item); } } else { - $items[] = items_rest::_format_restful_item($item, $preserve_ids); + $items[] = items_rest::_format_restful_item($item); } } } @@ -59,9 +57,9 @@ class items_rest_Core { if (!access::can("view", $item)) { throw new Kohana_404_Exception(); } - $items[] = items_rest::_format_restful_item($item, $preserve_ids); + $items[] = items_rest::_format_restful_item($item); while (($item = $item->parent()) != null) { - array_unshift($items, items_rest::_format_restful_item($item, $preserve_ids)); + array_unshift($items, items_rest::_format_restful_item($item)); }; } @@ -76,9 +74,9 @@ class items_rest_Core { return $item; } - private static function _format_restful_item($item, $preserve_ids) { + private static function _format_restful_item($item) { $item_rest = array("url" => rest::url("item", $item), - "entity" => $item->as_restful_array($preserve_ids), + "entity" => $item->as_restful_array(), "relationships" => rest::relationships("item", $item)); if ($item->type == "album") { $members = array(); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index a0866934..009457c1 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -923,15 +923,12 @@ class Item_Model extends ORM_MPTT { /** * Same as ORM::as_array() but convert id fields into their RESTful form. - * Convert any item ids into REST urls - * - * @param bool preserve_ids true if we should preserve ids */ - public function as_restful_array($preserve_ids) { + public function as_restful_array($convert_ids=true) { // Convert item ids to rest URLs for consistency $data = $this->as_array(); - if (!$preserve_ids) { + if ($convert_ids) { if ($tmp = $this->parent()) { $data["parent"] = rest::url("item", $tmp); } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 3df6197d..f9e6a4e3 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -361,7 +361,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo = test::random_photo($album); $album->reload(); - $result = $album->as_restful_array(false); + $result = $album->as_restful_array(); $this->assert_same(rest::url("item", item::root()), $result["parent"]); $this->assert_same(rest::url("item", $photo), $result["album_cover"]); $this->assert_true(!array_key_exists("parent_id", $result)); @@ -373,7 +373,7 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo = test::random_photo($album); $album->reload(); - $result = $album->as_restful_array(true); + $result = $album->as_restful_array(false); $this->assert_same(item::root()->id, $result["parent_id"]); $this->assert_same($photo->id, $result["album_cover_item_id"]); $this->assert_true(!array_key_exists("parent", $result)); diff --git a/modules/gallery/tests/Item_Rest_Helper_Test.php b/modules/gallery/tests/Item_Rest_Helper_Test.php index 5a80d66b..0b5e0471 100644 --- a/modules/gallery/tests/Item_Rest_Helper_Test.php +++ b/modules/gallery/tests/Item_Rest_Helper_Test.php @@ -28,17 +28,6 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal($album->id, $resolved->id); } - public function get_with_ids_test() { - $photo1 = test::random_photo(item::root()); - $request = new stdClass(); - $request->url = rest::url("item", $photo1); - $request->params = new stdClass(); - $request->params->preserve_ids = 1; - - $response = item_rest::get($request); - $this->assert_equal(item::root()->id, $response["entity"]["parent_id"]); // Spot check - } - public function get_scope_test() { $album1 = test::random_album(); $photo1 = test::random_photo($album1); @@ -52,7 +41,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params = new stdClass(); $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -67,7 +56,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->scope = "direct"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -82,7 +71,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->scope = "all"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -109,7 +98,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->name = "foo"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -132,7 +121,7 @@ class Item_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request->params->type = "album"; $this->assert_equal_array( array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 3efd677d..94bf912a 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -34,13 +34,13 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(false), + "entity" => $photo1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), "members" => array()))), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(false), + "entity" => $album2->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -67,7 +67,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(false), + "entity" => $album2->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -94,7 +94,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(false), + "entity" => $photo1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), @@ -119,13 +119,13 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_equal_array( array( array("url" => rest::url("item", $photo1), - "entity" => $photo1->as_restful_array(false), + "entity" => $photo1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo1), "members" => array()))), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(false), + "entity" => $album2->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -146,7 +146,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $root = ORM::factory("item", 1); $restful_root = array( "url" => rest::url("item", $root), - "entity" => $root->as_restful_array(false), + "entity" => $root->as_restful_array(), "relationships" => rest::relationships("item", $root)); $restful_root["members"] = array(); foreach ($root->children() as $child) { @@ -155,12 +155,12 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); - $request->params->ancestors_for = rest::url("item", $photo2); + $request->params->ancestor_for = rest::url("item", $photo2); $this->assert_equal_array( array( $restful_root, array("url" => rest::url("item", $album1), - "entity" => $album1->as_restful_array(false), + "entity" => $album1->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album1), @@ -170,7 +170,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { rest::url("item", $album2)), ), array("url" => rest::url("item", $album2), - "entity" => $album2->as_restful_array(false), + "entity" => $album2->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $album2), @@ -178,24 +178,11 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { "members" => array( rest::url("item", $photo2))), array("url" => rest::url("item", $photo2), - "entity" => $photo2->as_restful_array(false), + "entity" => $photo2->as_restful_array(), "relationships" => array( "tags" => array( "url" => rest::url("item_tags", $photo2), "members" => array())))), items_rest::get($request)); } - - public function get_ancestor_with_ids_test() { - $album1 = test::random_album(); - $photo1 = test::random_photo($album1); - - $request = new stdClass(); - $request->params = new stdClass(); - $request->params->ancestors_for = rest::url("item", $photo1); - $request->params->preserve_ids = 1; - - $response = items_rest::get($request); - $this->assert_same(item::root()->id, $response[1]["entity"]["parent_id"]); // Spot check - } } -- cgit v1.2.3 From aff0f6eca85e1a9aec83e13c29746f58010a56f6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 9 Jun 2010 20:55:39 -0700 Subject: Fix get_ancestor_test() since the parameter was renamed to ancestors_for. --- modules/gallery/tests/Items_Rest_Helper_Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Items_Rest_Helper_Test.php b/modules/gallery/tests/Items_Rest_Helper_Test.php index 94bf912a..17e979a5 100644 --- a/modules/gallery/tests/Items_Rest_Helper_Test.php +++ b/modules/gallery/tests/Items_Rest_Helper_Test.php @@ -135,7 +135,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { items_rest::get($request)); } - public function get_ancestor_test() { + public function get_ancestors_test() { $album1 = test::random_album(); $photo1 = test::random_photo($album1); $album2 = test::random_album($album1); @@ -155,7 +155,7 @@ class Items_Rest_Helper_Test extends Gallery_Unit_Test_Case { $request = new stdClass(); $request->params = new stdClass(); - $request->params->ancestor_for = rest::url("item", $photo2); + $request->params->ancestors_for = rest::url("item", $photo2); $this->assert_equal_array( array( $restful_root, -- cgit v1.2.3 From 6556ca88339c78824f3de64c85a57e30a679431c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 9 Jun 2010 21:23:42 -0700 Subject: In GalleryCodeFilterIterator::accept(), ignore . and .., and stop caring about .svn --- modules/gallery/tests/Gallery_Filters.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php index 4e32553b..debbe846 100644 --- a/modules/gallery/tests/Gallery_Filters.php +++ b/modules/gallery/tests/Gallery_Filters.php @@ -28,8 +28,10 @@ class GalleryCodeFilterIterator extends FilterIterator { public function accept() { // Skip anything that we didn"t write $path_name = $this->getInnerIterator()->getPathName(); + $file_name = $this->getInnerIterator()->getFileName(); return !( - strpos($path_name, ".svn") || + $file_name == "." || + $file_name == ".." || strpos($path_name, DOCROOT . "test") !== false || strpos($path_name, DOCROOT . "var") !== false || strpos($path_name, MODPATH . "forge") !== false || -- cgit v1.2.3 From ab93767e4d39764f103545efb6ac64ff942eb187 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 9 Jun 2010 21:26:36 -0700 Subject: Update golden file --- modules/gallery/tests/xss_data.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 0a75d6f7..68dca9cb 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -4,6 +4,7 @@ modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY_ATTR urle modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text::alternate("g-even","g-odd") modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true)) modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) +modules/comment/views/admin_comments.html.php 5 DIRTY $form modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render() modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even") @@ -32,8 +33,8 @@ modules/comment/views/comment.mrss.php 29 DIRTY $child modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 18 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 24 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url() modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50) -- cgit v1.2.3 From 26d0af45eabe962c5366cb1e95de7e252b831796 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 9 Jun 2010 21:45:05 -0700 Subject: New version of EXIF gets ISO and Metering Mode right. Yay! --- modules/exif/tests/Exif_Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/exif/tests/Exif_Test.php b/modules/exif/tests/Exif_Test.php index cf5af851..404b6cde 100644 --- a/modules/exif/tests/Exif_Test.php +++ b/modules/exif/tests/Exif_Test.php @@ -33,8 +33,8 @@ class Exif_Test extends Gallery_Unit_Test_Case { array("caption" => "Exposure Time", "value" => "1/60 sec"), array("caption" => "Flash", "value" => "No Flash"), array("caption" => "Focal Length", "value" => "50 mm"), - array("caption" => "ISO", "value" => "6553700"), - array("caption" => "Metering Mode", "value" => "Multi-Segment"), + array("caption" => "ISO", "value" => "100"), + array("caption" => "Metering Mode", "value" => "Pattern"), array("caption" => "Date/Time", "value" => "2008:03:17 17:41:25"), array("caption" => "Copyright", "value" => "(C) 2008 - T. Almdal"), array("caption" => "Orientation", "value" => "1: Normal (0 deg)"), -- cgit v1.2.3 From 58b21e909d8ba628ddb8a19e732989821abb0283 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 10 Jun 2010 18:49:29 -0700 Subject: Change the pattern used to convert the file name to a title. Fixes ticket#1061 --- modules/gallery/helpers/item.php | 2 +- modules/gallery/tests/Item_Helper_Test.php | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php index bbbe1058..15bbe977 100644 --- a/modules/gallery/helpers/item.php +++ b/modules/gallery/helpers/item.php @@ -136,7 +136,7 @@ class item_Core { */ static function convert_filename_to_title($filename) { $title = strtr($filename, "_", " "); - $title = preg_replace("/\..*?$/", "", $title); + $title = preg_replace("/\..{3,4}$/", "", $title); $title = preg_replace("/ +/", " ", $title); return $title; } diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 4771b11a..00229973 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -41,6 +41,11 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { ORM::factory("item")->viewable()->where("id", "=", $item->id)->count_all()); } + public function convert_filename_to_title_test() { + $this->assert_equal("foo", item::convert_filename_to_title("foo.jpg")); + $this->assert_equal("foo.bar", item::convert_filename_to_title("foo.bar.jpg")); + } + public function convert_filename_to_slug_test() { $this->assert_equal("foo", item::convert_filename_to_slug("{[foo]}")); $this->assert_equal("foo-bar", item::convert_filename_to_slug("{[foo!@#!$@#^$@($!(@bar]}")); -- cgit v1.2.3 From 30f4e143e8fbec928661dcbe75898465e7eff29c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 08:15:25 -0700 Subject: Actually execute the database query that updates the album view count. Fixes ticket #1092. Thanks to shinta for pointing the way. --- modules/gallery/controllers/albums.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ea15418f..eaa09be5 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -73,8 +73,8 @@ class Albums_Controller extends Items_Controller { // We can't use math in ORM or the query builder, so do this by hand. It's important // that we do this with math, otherwise concurrent accesses will damage accuracy. - db::query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + db::query("UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id") + ->execute(); print $template; } -- cgit v1.2.3 From bb35aefffbc287efc9823abd4b0e451b86c37378 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 12:36:23 -0700 Subject: Fix for ticket #797 When load a file is uploaded using a dialog box and the jquery plugin ajaxForm, the ajaxForm plugin uses an hidden iFrame element to send the multi-part form and this is where the response goes. The ajaxForm plugin then retrieves the document body and parses the result as a json string. If the file uploads properly everything is fine, but if it fails Gallery3 return the input form with the the error fields highlighted as part of the json response. As this response is returned to a hidden iframe, the browser attempts to manipulate it and all hell breaks loose. We lose the trailing brace, we start getting escaping of form tags. When the ajaxForm plugin retrieves the iFrame body its no longer a valid json frame and the parsing fails and the user sees no indication that it failed. --- lib/gallery.dialog.js | 3 ++- modules/watermark/controllers/admin_watermarks.php | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 3587108c..f280a525 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -114,7 +114,8 @@ }, success: function(data) { if (data.form) { - $("#g-dialog form").replaceWith(data.form); + var formData = unescape(data.form); + $("#g-dialog form").replaceWith(formData); $("#g-dialog form :submit").removeClass("ui-state-disabled") .attr("disabled", null); self._ajaxify_dialog(); diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index d26919d5..18b463ca 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -124,7 +124,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/watermarks"))); } else { - print json_encode(array("result" => "error", "form" => (string) $form)); + print json_encode(array("result" => "error", "form" => rawurlencode((string) $form))); } } -- cgit v1.2.3 From 2c1e3800ef41f2aabd61b7d6d39751d2d157409e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 Jun 2010 14:57:39 -0700 Subject: Send back the REST API version as a header. It's on every request, which sucks, but it's totally unobtrusive because it's a header so that's ok. Decided that the current version is "3.0" although it will surely change before the final 3.0 release. Fixes ticket #1148 --- modules/rest/helpers/rest.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 72927c71..3229330a 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -18,9 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class rest_Core { + const API_VERSION = "3.0"; + static function reply($data=array()) { Session::instance()->abort_save(); + header("X-Gallery-API-Version: " . rest::API_VERSION); if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); if ($data) { -- cgit v1.2.3 From bbbb35675acefc6b0b1b78dea9fd3a983189d772 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 15:40:54 -0700 Subject: Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url. --- modules/gallery/controllers/logout.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 967dad49..fdbadf1b 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -22,13 +22,16 @@ class Logout_Controller extends Controller { access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { - $item = url::get_item_from_uri($continue_url); + $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4); + $item = url::get_item_from_uri($components[3]); if (access::can("view", $item)) { // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: $continue_url"); + header("Location: {$item->relative_url()}"); } else { url::redirect(item::root()->abs_url()); } + } else { + url::redirect(item::root()->abs_url()); } } } \ No newline at end of file -- cgit v1.2.3 From 41c18929cd23cf142df75ec9f9666102c593fcae Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 15:54:08 -0700 Subject: Remove the duplicate query when searching as pointed out by joe7 on ticket #844 --- modules/search/helpers/search.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 22f83218..24c4ed2b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -42,7 +42,7 @@ class search_Core { $data = $db->query($query); $count = $db->query("SELECT FOUND_ROWS() as c")->current()->c; - return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query))); + return array($count, new ORM_Iterator(ORM::factory("item"), $data)); } /** -- cgit v1.2.3 From cb01f4017d70a7d73273052b424e8b78b794bc1c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 11 Jun 2010 16:37:45 -0700 Subject: Fix for ticket #1118. The item validation was flagging duplicate slugs as errors. There was already code in the item save to insure that any duplicates were made unique, so this patch removes the validation as unnecessary. --- modules/gallery/models/item.php | 7 ------- 1 file changed, 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 009457c1..a4f264bb 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -767,13 +767,6 @@ class Item_Model extends ORM_MPTT { public function valid_slug(Validation $v, $field) { if (preg_match("/[^A-Za-z0-9-_]/", $this->slug)) { $v->add_error("slug", "not_url_safe"); - } else if (db::build() - ->from("items") - ->where("parent_id", "=", $this->parent_id) - ->where("id", "<>", $this->id) - ->where("slug", "=", $this->slug) - ->count_records()) { - $v->add_error("slug", "conflict"); } } -- cgit v1.2.3 From a4586bc0c01fac6e86163fd119aaa64d95fb5e8e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 13:05:40 -0700 Subject: Revert "Fix for ticket #1118. The item validation was flagging duplicate slugs as errors. There was already code in the item save to insure that any" This introduces a bug where you can create two items with the same slug. This reverts commit cb01f4017d70a7d73273052b424e8b78b794bc1c. --- modules/gallery/models/item.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index a4f264bb..009457c1 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -767,6 +767,13 @@ class Item_Model extends ORM_MPTT { public function valid_slug(Validation $v, $field) { if (preg_match("/[^A-Za-z0-9-_]/", $this->slug)) { $v->add_error("slug", "not_url_safe"); + } else if (db::build() + ->from("items") + ->where("parent_id", "=", $this->parent_id) + ->where("id", "<>", $this->id) + ->where("slug", "=", $this->slug) + ->count_records()) { + $v->add_error("slug", "conflict"); } } -- cgit v1.2.3 From 63d95087bf0f24d4e880843cd2841906c6f91b38 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 13:35:12 -0700 Subject: Stop trying to parse the continue url in the logout controller because it requires us to reproduce a bunch of complex routing logic. Instead, just have the logout link generating code generate a link that's visible to guests. --- modules/gallery/controllers/logout.php | 12 ++---------- modules/gallery/helpers/gallery_event.php | 13 ++++++++++++- 2 files changed, 14 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index fdbadf1b..9caafec8 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -22,16 +22,8 @@ class Logout_Controller extends Controller { access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { - $components = explode("/", parse_url($continue_url, PHP_URL_PATH), 4); - $item = url::get_item_from_uri($components[3]); - if (access::can("view", $item)) { - // Don't use url::redirect() because it'll call url::site() and munge the continue url. - header("Location: {$item->relative_url()}"); - } else { - url::redirect(item::root()->abs_url()); - } - } else { - url::redirect(item::root()->abs_url()); + url::redirect($continue_url); } + url::redirect(item::root()->abs_url()); } } \ No newline at end of file diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index ae7131ae..1b688843 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -157,11 +157,22 @@ class gallery_event_Core { ->view("login_current_user.html") ->url(user_profile::url($user->id)) ->label($user->display_name())); + + if (isset($theme->item)) { + if (access::user_can(identity::guest(), "view", $theme->item)) { + $continue_url = $theme->item->abs_url(); + } else { + $continue_url = item::root()->abs_url(); + } + } else { + $continue_url = url::abs_current(); + } + $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode(url::abs_current()))) + urlencode($continue_url))) ->label(t("Logout"))); } } -- cgit v1.2.3 From b61b50604bfffc25a395df3a1aedf84d3c557ff4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:09:16 -0700 Subject: Push the continue url into the form for consistency with other login/continue code. --- modules/gallery/controllers/admin.php | 2 +- modules/gallery/controllers/reauthenticate.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 787a2138..0aeaa876 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -78,7 +78,7 @@ class Admin_Controller extends Controller { private static function _prompt_for_reauth($controller_name, $args) { if (request::method() == "get" && !request::is_ajax()) { // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); + Session::instance()->set("continue_url", url::abs_current(true)); } url::redirect("reauthenticate"); } diff --git a/modules/gallery/controllers/reauthenticate.php b/modules/gallery/controllers/reauthenticate.php index 3503d80a..acb27f6a 100644 --- a/modules/gallery/controllers/reauthenticate.php +++ b/modules/gallery/controllers/reauthenticate.php @@ -37,8 +37,7 @@ class Reauthenticate_Controller extends Controller { if ($valid) { message::success(t("Successfully re-authenticated!")); module::event("user_auth", $user); - $continue_url = Session::instance()->get_once("continue_url", "admin"); - url::redirect($continue_url); + url::redirect($form->continue_url->value); } else { $name = $user->name; log::warning("user", t("Failed re-authentication for %name", array("name" => $name))); @@ -59,6 +58,7 @@ class Reauthenticate_Controller extends Controller { private static function _form() { $form = new Forge("reauthenticate/auth", "", "post", array("id" => "g-reauthenticate-form")); $form->set_attr('class', "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url", "admin")); $group = $form->group("reauthenticate")->label(t("Re-authenticate")); $group->password("password")->label(t("Password"))->id("g-password")->class(null) ->callback("auth::validate_too_many_failed_auth_attempts") -- cgit v1.2.3 From c026da85cdbac9e9566045f8de2718cae985f0ec Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:10:34 -0700 Subject: Use "continue_url" instead of "continue" for consistency with the reauth code. --- modules/gallery/controllers/logout.php | 2 +- modules/gallery/helpers/gallery_event.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index 9caafec8..20fa8074 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -21,7 +21,7 @@ class Logout_Controller extends Controller { public function index() { access::verify_csrf(); auth::logout(); - if ($continue_url = Input::instance()->get("continue")) { + if ($continue_url = Input::instance()->get("continue_url")) { url::redirect($continue_url); } url::redirect(item::root()->abs_url()); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 1b688843..55db47ce 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -171,7 +171,7 @@ class gallery_event_Core { $menu->append(Menu::factory("link") ->id("user_menu_logout") ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . + ->url(url::site("logout?csrf=$csrf&continue_url=" . urlencode($continue_url))) ->label(t("Logout"))); } -- cgit v1.2.3 From dceecabbf1b736604ceb2e08e803b12c99dc4509 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:16:47 -0700 Subject: Make login/logout continuation url code consistent. Where necessary, we specify the continue_url in the session, but we store it in the login form so that we can propagate it across the session creation that happens at login time. --- modules/gallery/controllers/login.php | 4 ++-- modules/gallery/helpers/auth.php | 1 + modules/gallery/libraries/MY_Kohana_Exception.php | 4 +--- 3 files changed, 4 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 40125476..19335d88 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -44,10 +44,10 @@ class Login_Controller extends Controller { public function auth_html() { access::verify_csrf(); - $continue_url = Session::instance()->get("continue_url", null); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect($continue_url ? $continue_url : item::root()->abs_url()); + url::redirect($form->continue_url->value ? $form->continue_url_value : + item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); diff --git a/modules/gallery/helpers/auth.php b/modules/gallery/helpers/auth.php index 1a9fe869..48b5fc32 100644 --- a/modules/gallery/helpers/auth.php +++ b/modules/gallery/helpers/auth.php @@ -21,6 +21,7 @@ class auth_Core { static function get_login_form($url) { $form = new Forge($url, "", "post", array("id" => "g-login-form")); $form->set_attr("class", "g-narrow"); + $form->hidden("continue_url")->value(Session::instance()->get("continue_url")); $group = $form->group("login")->label(t("Login")); $group->input("name")->label(t("Username"))->id("g-username")->class(null) ->callback("auth::validate_too_many_failed_logins") diff --git a/modules/gallery/libraries/MY_Kohana_Exception.php b/modules/gallery/libraries/MY_Kohana_Exception.php index e7ebdb1f..df7557ae 100644 --- a/modules/gallery/libraries/MY_Kohana_Exception.php +++ b/modules/gallery/libraries/MY_Kohana_Exception.php @@ -59,7 +59,7 @@ class Kohana_Exception extends Kohana_Exception_Core { private static function _show_themed_error_page(Exception $e) { // Create a text version of the exception $error = Kohana_Exception::text($e); - + // Add this exception to the log Kohana_Log::add('error', $error); @@ -83,8 +83,6 @@ class Kohana_Exception extends Kohana_Exception_Core { if ($view->content->is_guest) { $view->content->login_form = new View("login_ajax.html"); $view->content->login_form->form = auth::get_login_form("login/auth_html"); - // Avoid anti-phishing protection by passing the url as session variable. - Session::instance()->set("continue_url", url::current(true)); } } else { $view->page_title = t("Dang... Something went wrong!"); -- cgit v1.2.3 From 87f8b6ff0a76f51183f14515723a8345f7c14fa6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:28:03 -0700 Subject: Bounce the user to the login page if they try to get to part of the admin site as a guest. Also, theme the login/html page. --- modules/gallery/controllers/admin.php | 7 ++++++- modules/gallery/controllers/login.php | 9 ++++++--- 2 files changed, 12 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php index 0aeaa876..c460f58c 100644 --- a/modules/gallery/controllers/admin.php +++ b/modules/gallery/controllers/admin.php @@ -22,7 +22,12 @@ class Admin_Controller extends Controller { public function __construct($theme=null) { if (!identity::active_user()->admin) { - access::forbidden(); + if (identity::active_user()->guest) { + Session::instance()->set("continue_url", url::abs_current(true)); + url::redirect("login"); + } else { + access::forbidden(); + } } parent::__construct(); diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 19335d88..2b60316b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -38,7 +38,10 @@ class Login_Controller extends Controller { } public function html() { - print auth::get_login_form("login/auth_html"); + $view = new Theme_View("page.html", "other", "login"); + $view->page_title = t("Login"); + $view->content = auth::get_login_form("login/auth_html"); + print $view; } public function auth_html() { @@ -46,8 +49,8 @@ class Login_Controller extends Controller { list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { - url::redirect($form->continue_url->value ? $form->continue_url_value : - item::root()->abs_url()); + $continue_url = $form->continue_url->value; + url::redirect($continue_url ? $continue_url : item::root()->abs_url()); } else { $view = new Theme_View("page.html", "other", "login"); $view->page_title = t("Log in to Gallery"); -- cgit v1.2.3 From db0966a9bce0396b0c98f3532bca8613f77cdb05 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Jun 2010 15:39:38 -0700 Subject: Fix up some indentation and comment style. --- modules/gallery/js/l10n_client.js | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) (limited to 'modules') diff --git a/modules/gallery/js/l10n_client.js b/modules/gallery/js/l10n_client.js index a1170e2d..a1b970e7 100644 --- a/modules/gallery/js/l10n_client.js +++ b/modules/gallery/js/l10n_client.js @@ -60,25 +60,21 @@ jQuery.extend(Gallery, { $('#l10n-client').height('22em').removeClass('hidden'); //$('#l10n-client').slideUp(); $('#g-minimize-l10n').text("_"); - /* - * This CSS clashes with Gallery's CSS, probably due to - * YUI's grid / floats. - if(!$.browser.msie) { - $('body').css('border-bottom', '22em solid #fff'); - } - */ + // This CSS clashes with Gallery's CSS, probably due to + // YUI's grid / floats. + // if(!$.browser.msie) { + // $('body').css('border-bottom', '22em solid #fff'); + // } $.cookie('Gallery_l10n_client', '1', {expires: 7, path: '/'}); break; case 0: $('#l10n-client-string-select, #l10n-client-string-editor, #l10n-client .labels .label').hide(); $('#l10n-client').height('2em').addClass('hidden'); // TODO: Localize this message - $('#g-minimize-l10n').text(MSG_TRANSLATE_TEXT); - /* - if(!$.browser.msie) { - $('body').css('border-bottom', '0px'); - } - */ + $('#g-minimize-l10n').text(MSG_TRANSLATE_TEXT); + // if(!$.browser.msie) { + // $('body').css('border-bottom', '0px'); + // } $.cookie('Gallery_l10n_client', '0', {expires: 7, path: '/'}); break; } -- cgit v1.2.3 From 6f443a819b360a89c53004d3bf860fcedd88ae2e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Jun 2010 20:49:50 -0700 Subject: Change single to double quotes. --- modules/gallery/helpers/site_status.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/site_status.php b/modules/gallery/helpers/site_status.php index 759eb382..13c42dda 100644 --- a/modules/gallery/helpers/site_status.php +++ b/modules/gallery/helpers/site_status.php @@ -100,7 +100,7 @@ class site_status_Core { } $buf = array(); foreach (ORM::factory("message")->find_all() as $msg) { - $value = str_replace('__CSRF__', access::csrf_token(), $msg->value); + $value = str_replace("__CSRF__", access::csrf_token(), $msg->value); $buf[] = "
  • severity) . "\">$value
    • "; } -- cgit v1.2.3 From 793780daa7665f7f86994235c4263fcb63554eb8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Jun 2010 20:51:11 -0700 Subject: Replace __CSRF__ with the actual csrf token. --- modules/gallery/helpers/message.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/gallery/helpers/message.php b/modules/gallery/helpers/message.php index 047eb2c7..1f69e2a9 100644 --- a/modules/gallery/helpers/message.php +++ b/modules/gallery/helpers/message.php @@ -78,6 +78,7 @@ class message_Core { $messages = Session::instance()->get_once("messages", array()); foreach ($messages as $msg) { + $msg[0] = str_replace("__CSRF__", access::csrf_token(), $msg[0]); $buf[] = "
  • $msg[0]
    • "; } if ($buf) { -- cgit v1.2.3