1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2008 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Item_Controller extends Controller {
public function dispatch($id) {
// @todo this needs security checks
$item = ORM::factory("item")->where("id", $id)->find();
if (empty($item->id)) {
return Kohana::show_404();
}
/**
* We're expecting to run in an environment that only supports GET/POST, so expect to tunnel
* PUT/DELETE through POST.
*/
if (request::method() == 'get') {
$this->get($item);
if (Session::instance()->get("use_profiler", false)) {
$profiler = new Profiler();
print $profiler->render();
}
return;
}
switch ($this->input->post('__action')) {
case 'put':
return $this->put($item);
case 'delete':
return $this->delete($item);
default:
return $this->post($item);
}
}
public function get($item) {
// Redirect to the more specific resource type, since it will render
// differently. We could also just delegate here, but it feels more appropriate
// to have a single canonical resource mapping.
return url::redirect("{$item->type}/$item->id");
}
public function put($item) {
// @todo Productionize this code
// 1) Add security checks
// 2) Support owner_ids properly
switch ($this->input->post('type')) {
case 'album':
$new_item = album::create(
$item->id, $this->input->post('name'), $this->input->post('title'),
$this->input->post('description'));
break;
case 'photo':
$new_item = photo::create(
$item->id, $_FILES['file']['tmp_name'], $_FILES['file']['name'],
$this->input->post('title'), $this->input->post('description'));
break;
}
print url::redirect("{$new_item->type}/{$new_item->id}");
return;
}
public function delete($item) {
// @todo Production this code
// 1) Add security checks
$parent = $item->parent();
if ($parent->id) {
$item->delete();
}
url::redirect("{$parent->type}/{$parent->id}");
}
public function post($item) {
// @todo Productionize this
// 1) Figure out how to do the right validation here. Validate the form input and apply it to
// the model as appropriate.
// 2) Figure out how to dispatch according to the needs of the client. Ajax requests from
// jeditable will want the changed field back, and possibly the whole item in json.
//
// For now let's establish a simple protocol where the client passes in a __return parameter
// that specifies which field it wants back from the item. Later on we can expand that to
// include a data format, etc.
// These fields are safe to change
foreach ($this->input->post() as $key => $value) {
switch ($key) {
case "title":
case "description":
$item->$key = $value;
break;
}
}
// @todo Support additional fields
// These fields require additional work if you change them
// parent_id, owner_id
$item->save();
print $item->{$this->input->post('__return')};
}
}
|
