From d388e4bb868602f293b73918981bee1de6176a24 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 19 Feb 2010 11:40:49 -0800 Subject: Refactor away the "display_all" construct in User_Profile_Controller. "display_all" is too coarse, and we should be letting event handlers make the appropriate decision on what to display and when. This duplicates some code, but it's now very clear in the event handlers what's getting shown. Throw a 404 if we try to view the user profile for a missing user. The only feature change in this should be that we now display the name, full name and website for a user to any other registered user, which makes sense since these are typically public fields. Don't show any of the edit buttons unless identity::is_writable() --- modules/gallery/controllers/user_profile.php | 16 +++++----- modules/gallery/helpers/gallery_event.php | 2 +- modules/gallery/views/user_profile.html.php | 4 +-- .../notification/helpers/notification_event.php | 36 +++++++++++++--------- modules/rest/helpers/rest_event.php | 28 +++++++++++------ 5 files changed, 51 insertions(+), 35 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index 05373466..b89bc358 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -21,21 +21,21 @@ class User_Profile_Controller extends Controller { public function show($id) { // If we get here, then we should have a user id other than guest. $user = identity::lookup_user($id); - $active_user = identity::active_user(); - $is_current_active = $active_user->id == $id; - $can_edit = $is_current_active && !$active_user->guest; - $display_all = $active_user->admin || $can_edit; + if (!$user) { + throw new Kohana_404_Exception(); + } $v = new Theme_View("page.html", "other", "profile"); $v->page_title = t("%name Profile", array("name" => $user->display_name())); $v->content = new View("user_profile.html"); - // @todo modify user_home to supply a link to their album, $v->content->user = $user; - $v->content->not_current = !$is_current_active; - $v->content->editable = identity::is_writable() && $can_edit; + $v->content->contactable = + !$user->guest && $user->id != identity::active_user()->id && $user->email; + $v->content->editable = + identity::is_writable() && !$user->guest && $user->id == identity::active_user()->id; - $event_data = (object)array("user" => $user, "display_all" => $display_all, "content" => array()); + $event_data = (object)array("user" => $user, "content" => array()); module::event("show_user_profile", $event_data); $v->content->info_parts = $event_data->content; diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index faf1c0c6..36f91142 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -413,7 +413,7 @@ class gallery_event_Core { $fields = array("name" => t("Name"), "locale" => t("Language Preference"), "email" => t("Email"), "full_name" => t("Full name"), "url" => "Web site"); - if (!$data->display_all) { + if (!$data->user->guest) { $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site"); } $v->user_profile_data = array(); diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php index 53e8dc1e..257bd7ca 100644 --- a/modules/gallery/views/user_profile.html.php +++ b/modules/gallery/views/user_profile.html.php @@ -12,18 +12,18 @@ + id}") ?>"> id}") ?>"> - id}") ?>"> - guest && $not_current && !empty($user->email)): ?> + id}") ?>"> diff --git a/modules/notification/helpers/notification_event.php b/modules/notification/helpers/notification_event.php index c8628ae4..19e8dedb 100644 --- a/modules/notification/helpers/notification_event.php +++ b/modules/notification/helpers/notification_event.php @@ -128,23 +128,31 @@ class notification_event_Core { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_notification.html"); - $view->subscriptions = array(); - foreach(ORM::factory("subscription") - ->where("user_id", "=", $data->user->id) - ->find_all() as $subscription) { - $item = ORM::factory("item") + // Guests don't see comment listings + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their comment listings + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_notification.html"); + $view->subscriptions = array(); + foreach(ORM::factory("subscription") + ->where("user_id", "=", $data->user->id) + ->find_all() as $subscription) { + $item = ORM::factory("item") ->where("id", "=", $subscription->item_id) ->find(); - if ($item->loaded()) { - $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title, - "url" => $item->url()); - } - } - if (count($view->subscriptions) > 0) { - $data->content[] = (object)array("title" => t("Watching"), "view" => $view); + if ($item->loaded()) { + $view->subscriptions[] = (object)array("id" => $subscription->id, "title" => $item->title, + "url" => $item->url()); } } + if (count($view->subscriptions) > 0) { + $data->content[] = (object)array("title" => t("Watching"), "view" => $view); + } } } \ No newline at end of file diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php index f9aa34e3..c46e65c4 100644 --- a/modules/rest/helpers/rest_event.php +++ b/modules/rest/helpers/rest_event.php @@ -76,19 +76,27 @@ class rest_event { } static function show_user_profile($data) { - if ($data->display_all) { - $view = new View("user_profile_rest.html"); - $key = ORM::factory("user_access_token") + // Guests can't see a REST key + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their own REST key + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_rest.html"); + $key = ORM::factory("user_access_token") ->where("user_id", "=", $data->user->id) ->find(); - if (!$key->loaded()) { - $key->user_id = $data->user->id; - $key->access_key = md5($data->user->name . rand()); - $key->save(); - } - $view->rest_key = $key->access_key; - $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); + if (!$key->loaded()) { + $key->user_id = $data->user->id; + $key->access_key = md5($data->user->name . rand()); + $key->save(); } + $view->rest_key = $key->access_key; + $data->content[] = (object)array("title" => t("Rest api"), "view" => $view); } } -- cgit v1.2.3 From 10c06989493bdded5f15880baadbc93c5d8ee296 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 19 Feb 2010 11:48:54 -0800 Subject: Correct the view_fillsize permission to view_full. In addition, change the name of the field containing the url to the fullsize image to file_url instead of fullzie_url --- modules/gallery/models/item.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index a64bcb49..d80e2bc4 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -930,11 +930,11 @@ class Item_Model extends ORM_MPTT { } unset($data["album_cover_item_id"]); - if (access::can("view_fillsize", $this) && $this->is_photo()) { - $data["fullsize_url"] = $this->abs_url(true); + if (access::can("view_full", $this) && $this->is_photo()) { + $data["file_url"] = $this->abs_url(true); } - if ($tmp = $this->resize_url(true) && $this->is_photo()) { + if ($tmp = $this->resize_url(true) && $this->is_photo()) { $data["resize_url"] = $tmp; } $data["thumb_url"] = $this->thumb_url(true); -- cgit v1.2.3 From 5fbc472300ce6b19a2694a5f91b1fe0b2cc470f3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 19 Feb 2010 11:54:03 -0800 Subject: Fix the resize_url and file_url in as_restful_array() --- modules/gallery/models/item.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index d80e2bc4..d747b84d 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -931,10 +931,10 @@ class Item_Model extends ORM_MPTT { unset($data["album_cover_item_id"]); if (access::can("view_full", $this) && $this->is_photo()) { - $data["file_url"] = $this->abs_url(true); + $data["file_url"] = $this->file_url(true); } - if ($tmp = $this->resize_url(true) && $this->is_photo()) { + if (($tmp = $this->resize_url(true)) && $this->is_photo()) { $data["resize_url"] = $tmp; } $data["thumb_url"] = $this->thumb_url(true); -- cgit v1.2.3 From f4fc245603fc8ec1bb9536356c8d4ab017153c08 Mon Sep 17 00:00:00 2001 From: Chad Kieffer Date: Sat, 20 Feb 2010 10:48:27 -0700 Subject: Add link to edit user group names. Closes ticket #1028. --- modules/user/views/admin_users_group.html.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index 6c6c341e..2362e42b 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,6 +1,8 @@

- name) ?> + id") ?>" + title=" $group->name))->for_html_attr() ?>" + class="g-dialog-link">name) ?> special): ?> id") ?>" title=" $group->name))->for_html_attr() ?>" -- cgit v1.2.3 From 1377b2c7b3110a132d4b2d748be72a6aafa537e6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 20 Feb 2010 10:24:29 -0800 Subject: When using rest::reply(), don't call var_export() if the response is empty. --- modules/rest/helpers/rest.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php index 3c53784d..1ee72aed 100644 --- a/modules/rest/helpers/rest.php +++ b/modules/rest/helpers/rest.php @@ -23,9 +23,13 @@ class rest_Core { if (Input::instance()->get("output") == "html") { header("Content-type: text/html"); - $html = preg_replace( - "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'\\1'", - var_export(!empty($data) ? $data : t("Empty response"), 1)); + if ($data) { + $html = preg_replace( + "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'\\1'", + var_export($data, 1)); + } else { + $html = t("Empty response"); + } print "
$html
"; } else { header("Content-type: application/json"); -- cgit v1.2.3