From e4ed7e983d227ad7c81557ce6e56cb404db686bd Mon Sep 17 00:00:00 2001 From: Florent Paterno Date: Mon, 1 Mar 2010 17:23:56 +0100 Subject: Fix bug #1015 : repeated ids are prohibited --- modules/gallery/helpers/gallery_event.php | 2 +- modules/organize/helpers/organize_event.php | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 36f91142..b9d3cb7c 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -383,7 +383,7 @@ class gallery_event_Core { ->id("delete") ->label($delete_title) ->css_class("ui-icon-trash") - ->css_id("g-quick-delete") + ->css_class("g-quick-delete") ->url(url::site("quick/form_delete/$item->id?csrf=$csrf&from_id=$theme_item->id&page_type=$page_type"))); } diff --git a/modules/organize/helpers/organize_event.php b/modules/organize/helpers/organize_event.php index 6aa6da81..2b36a60a 100644 --- a/modules/organize/helpers/organize_event.php +++ b/modules/organize/helpers/organize_event.php @@ -26,7 +26,7 @@ class organize_event_Core { ->append(Menu::factory("dialog") ->id("organize") ->label(t("Organize album")) - ->css_id("g-organize-link") + ->css_id("g-menu-organize-link") ->url(url::site("organize/dialog/{$item->id}"))); } } @@ -37,8 +37,7 @@ class organize_event_Core { ->append(Menu::factory("dialog") ->id("organize") ->label(t("Organize album")) - ->css_id("g-organize-link") - ->css_class("ui-icon-folder-open") + ->css_class("ui-icon-folder-open g-organize-link") ->url(url::site("organize/dialog/{$item->id}"))); } } -- cgit v1.2.3 From 05d345e16dd04a4c8c766ffeb35bf56ff2362cd9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 3 Mar 2010 10:17:48 -0800 Subject: Guests don't get access to the REST API. --- modules/rest/helpers/rest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index cd962057..7440350f 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -39,8 +39,7 @@ class rest_Core { static function set_active_user($access_token) { if (empty($access_token)) { - identity::set_active_user(identity::guest()); - return; + throw new Rest_Exception("Forbidden", 403); } $key = ORM::factory("user_access_token") -- cgit v1.2.3 From be580c9554602c02247fbc2f7401965b9ed00f0b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 5 Mar 2010 21:42:39 -0800 Subject: Update tests to reflect the fact that you have to be logged in to do anything. --- modules/rest/tests/Rest_Controller_Test.php | 32 ++++++++++++++++++----------- 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'modules') diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index a5c7dda6..21be8300 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -20,6 +20,9 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { public function setup() { $this->_save = array($_GET, $_POST, $_SERVER); + + $key = rest::get_access_token(1); // admin user + $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key; } public function teardown() { @@ -60,24 +63,26 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { } public function get_test() { + unset($_SERVER["HTTP_X_GALLERY_REQUEST_KEY"]); + $_SERVER["REQUEST_METHOD"] = "GET"; $_GET["key"] = "value"; - $this->assert_array_equal_to_json( - array("params" => array("key" => "value"), - "method" => "get", - "access_token" => null, - "url" => "http://./index.php/gallery_unit_test"), - test::call_and_capture(array(new Rest_Controller(), "mock"))); + try { + test::call_and_capture(array(new Rest_Controller(), "mock")); + } catch (Rest_Exception $e) { + $this->assert_same(403, $e->getCode()); + return; + } + + $this->assert_true(false, "Should be forbidden"); } public function get_with_access_key_test() { - $key = rest::get_access_token(1); // admin user - $_SERVER["REQUEST_METHOD"] = "GET"; - $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key; $_GET["key"] = "value"; + $key = rest::get_access_token(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "get", @@ -90,10 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["REQUEST_METHOD"] = "POST"; $_POST["key"] = "value"; + $key = rest::get_access_token(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "post", - "access_token" => null, + "access_token" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -103,10 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put"; $_POST["key"] = "value"; + $key = rest::get_access_token(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "put", - "access_token" => null, + "access_token" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } @@ -116,10 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete"; $_POST["key"] = "value"; + $key = rest::get_access_token(1); // admin user $this->assert_array_equal_to_json( array("params" => array("key" => "value"), "method" => "delete", - "access_token" => null, + "access_token" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock"))); } -- cgit v1.2.3