stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-12 00:45:21 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev

Browse Source 
Conflicts:
	modules/gallery/controllers/rest.php
This commit is contained in:
Bharat Mediratta
2009-11-25 13:40:47 -08:00
parent 2e420522ec dc67cf6481
commit f50dbd992d
27 changed files with 69 additions and 894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
modules/comment/controllers/comments.php
View File

@@ -17,49 +17,12 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Comments_Controller extends REST_Controller {
protected $resource_type = "comment";
/**
* Display comments based on criteria.
* @see REST_Controller::_index()
*/
public function _index() {
$item = ORM::factory("item", $this->input->get('item_id'));
access::required("view", $item);
$comments = ORM::factory("comment")
->where("item_id", $item->id)
->where("state", "published")
->orderby("created", "DESC")
->find_all();
switch (rest::output_format()) {
case "json":
foreach ($comments as $comment) {
$data[] = array(
"id" => $comment->id,
"author_name" => html::clean($comment->author_name()),
"created" => $comment->created,
"text" => nl2br(html::purify($comment->text)));
}
print json_encode($data);
break;
case "html":
$view = new Theme_View("comments.html", "other", "comment");
$view->comments = $comments;
print $view;
break;
}
}
class Comments_Controller extends Controller {
/**
* Add a new comment to the collection.
* @see REST_Controller::_create($resource)
*/
public function _create($comment) {
$item = ORM::factory("item", $this->input->post("item_id"));
public function create($id) {
$item = ORM::factory("item", $id);
access::required("view", $item);
$form = comment::get_add_form($item);
@@ -96,105 +59,27 @@ class Comments_Controller extends REST_Controller {
}
$form->add_comment->text->value("");
print json_encode(
array("result" => "success",
"resource" => ($comment->state == "published"
? url::site("comments/{$comment->id}")
: null),
"form" => $form->__toString()));
} else {
print json_encode(
array("result" => "error",
"form" => $form->__toString()));
}
}
/**
* Display an existing comment.
* @todo Set proper Content-Type in a central place (REST_Controller::dispatch?).
* @see REST_Controller::_show($resource)
*/
public function _show($comment) {
$item = ORM::factory("item", $comment->item_id);
access::required("view", $item);
if ($comment->state != "published") {
return;
}
if (rest::output_format() == "json") {
print json_encode(
array("result" => "success",
"data" => array(
"id" => $comment->id,
"author_name" => html::clean($comment->author_name()),
"created" => $comment->created,
"text" => nl2br(html::purify($comment->text)))));
} else {
$view = new Theme_View("comment.html", "other", "comment-fragment");
$view->comment = $comment;
print $view;
}
}
/**
* Change an existing comment.
* @see REST_Controller::_update($resource)
*/
public function _update($comment) {
$item = ORM::factory("item", $comment->item_id);
access::required("view", $item);
access::required("edit", $item);
$form = comment::get_edit_form($comment);
if ($form->validate()) {
$comment->guest_name = $form->edit_comment->inputs["name"]->value;
$comment->guest_email = $form->edit_comment->email->value;
$comment->url = $form->edit_comment->url->value;
$comment->text = $form->edit_comment->text->value;
$comment->save();
print json_encode(
array("result" => "success",
"resource" => url::site("comments/{$comment->id}")));
"view" => $view->__toString(),
"form" => $form->__toString()));
} else {
print json_encode(
array("result" => "error",
"html" => $form->__toString()));
"form" => $form->__toString()));
}
}
/**
* Delete existing comment.
* @see REST_Controller::_delete($resource)
*/
public function _delete($comment) {
$item = ORM::factory("item", $comment->item_id);
access::required("view", $item);
access::required("edit", $item);
$comment->delete();
print json_encode(array("result" => "success"));
}
/**
* Present a form for adding a new comment to this item or editing an existing comment.
* @see REST_Controller::form_add($resource)
*/
public function _form_add($item_id) {
public function form_add($item_id) {
$item = ORM::factory("item", $item_id);
access::required("view", $item);
print comment::get_add_form($item);
}
/**
* Present a form for editing an existing comment.
* @see REST_Controller::form_edit($resource)
*/
public function _form_edit($comment) {
if (!identity::active_user()->admin) {
access::forbidden();
}
print comment::get_edit_form($comment);
}
}

26
modules/comment/helpers/comment.php
View File

@@ -65,7 +65,7 @@ class comment_Core {
}
static function get_add_form($item) {
$form = new Forge("comments", "", "post", array("id" => "g-comment-form"));
$form = new Forge("comments/create/{$item->id}", "", "post", array("id" => "g-comment-form"));
$group = $form->group("add_comment")->label(t("Add comment"));
$group->input("name") ->label(t("Name")) ->id("g-author");
$group->input("email") ->label(t("Email (hidden)")) ->id("g-email");
@@ -87,29 +87,5 @@ class comment_Core {
return $form;
}
static function get_edit_form($comment) {
$form = new Forge("comments/{$comment->id}?_method=put", "", "post",
array("id" => "g-edit-comment-form"));
$group = $form->group("edit_comment")->label(t("Edit comment"));
$group->input("name") ->label(t("Author")) ->id("g-author");
$group->input("email") ->label(t("Email (hidden)")) ->id("g-email");
$group->input("url") ->label(t("Website (hidden)"))->id("g-url");
$group->textarea("text")->label(t("Comment")) ->id("g-text");
$group->submit("")->value(t("Edit"));
$group->text = $comment->text;
$author = $comment->author();
if ($author->guest) {
$group->inputs["name"]->value = $comment->guest_name;
$group->email = $comment->guest_email;
$group->url = $comment->guest_url;
} else {
$group->inputs["name"]->value($author->full_name)->disabled("disabled");
$group->email->value($author->email)->disabled("disabled");
$group->url->value($author->url)->disabled("disabled");
}
return $form;
}
}

21
modules/comment/js/comment.js
View File

@@ -28,17 +28,16 @@ function ajaxify_comment_form() {
$("#g-comments form").ajaxForm({
dataType: "json",
success: function(data) {
if (data.form) {
$("#g-comments form").replaceWith(data.form);
ajaxify_comment_form();
}
if (data.result == "success" && data.resource) {
$.get(data.resource, function(data, textStatus) {
$("#g-comments .g-block-content ul:first").append("<li>"+data+"</li>");
$("#g-comments .g-block-content ul:first li:last").effect("highlight", {color: "#cfc"}, 8000);
$("#g-comment-form").hide(2000).remove();
$("#g-no-comments-yet").hide(2000);
});
if (data.result == "success") {
$("#g-comments #g-comment-detail ul").append(data.view);
$("#g-comments #g-comment-detail ul li:last").effect("highlight", {color: "#cfc"}, 8000);
$("#g-comment-form").hide(2000).remove();
$("#g-no-comments-yet").hide(2000);
} else {
if (data.form) {
$("#g-comments form").replaceWith(data.form);
ajaxify_comment_form();
}
}
}
});

4
modules/comment/views/comment.html.php
View File

@@ -8,9 +8,9 @@
width="40"
height="40" />
</a>
<?= t("on %date_time, %author_name said",
<?= t("on %date_time, <a href=\"#\">%name</a> said",
array("date_time" => gallery::date_time($comment->created),
"author_name" => html::clean($comment->author_name()))) ?>
"name" => html::clean($comment->author_name()))) ?>
</p>
<div>
<?= nl2br(html::purify($comment->text)) ?>

91
modules/gallery/controllers/albums.php
View File

@@ -18,10 +18,6 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Albums_Controller extends Items_Controller {
/**
* @see REST_Controller::_show($resource)
*/
public function _show($album) {
$page_size = module::get_var("gallery", "page_size", 9);
if (!access::can("view", $album)) {
@@ -83,27 +79,9 @@ class Albums_Controller extends Items_Controller {
print $template;
}
/**
* @see REST_Controller::_create($resource)
*/
public function _create($album) {
public function create($parent_id) {
access::verify_csrf();
access::required("view", $album);
access::required("add", $album);
switch ($this->input->post("type")) {
case "album":
return $this->_create_album($album);
case "photo":
return $this->_create_photo($album);
default:
access::forbidden();
}
}
private function _create_album($album) {
$album = ORM::factory("item", $parent_id);
access::required("view", $album);
access::required("add", $album);
@@ -124,8 +102,7 @@ class Albums_Controller extends Items_Controller {
print json_encode(
array("result" => "success",
"location" => $new_album->url(),
"resource" => $new_album->url()));
"location" => $new_album->url()));
} else {
print json_encode(
array(
@@ -134,43 +111,9 @@ class Albums_Controller extends Items_Controller {
}
}
private function _create_photo($album) {
access::required("view", $album);
access::required("add", $album);
// If we set the content type as JSON, it triggers saving the result as
// a document in the browser (well, in Chrome at least).
// @todo figure out why and fix this.
$form = photo::get_add_form($album);
if ($form->validate()) {
$photo = photo::create(
$album,
$this->input->post("file"),
$_FILES["file"]["name"],
$this->input->post("title", $this->input->post("name")),
$this->input->post("description"),
identity::active_user()->id);
log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
message::success(t("Added photo %photo_title",
array("photo_title" => html::purify($photo->title))));
print json_encode(
array("result" => "success",
"resource" => $photo->url(),
"location" => $photo->url()));
} else {
print json_encode(
array("result" => "error",
"form" => $form->__toString()));
}
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($album) {
public function update($album_id) {
access::verify_csrf();
$album = ORM::factory("item", $album_id);
access::required("view", $album);
access::required("edit", $album);
@@ -230,32 +173,16 @@ class Albums_Controller extends Items_Controller {
}
}
/**
* @see REST_Controller::_form_add($parameters)
*/
public function _form_add($album_id) {
public function form_add($album_id) {
$album = ORM::factory("item", $album_id);
access::required("view", $album);
access::required("add", $album);
switch ($this->input->get("type")) {
case "album":
print album::get_add_form($album);
break;
case "photo":
print photo::get_add_form($album);
break;
default:
kohana::show_404();
}
print album::get_add_form($album);
}
/**
* @see REST_Controller::_form_add($parameters)
*/
public function _form_edit($album) {
public function form_edit($album_id) {
$album = ORM::factory("item", $album_id);
access::required("view", $album);
access::required("edit", $album);

12
modules/gallery/controllers/items.php
View File

@@ -17,14 +17,16 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Items_Controller extends REST_Controller {
protected $resource_type = "item";
public function _show($item) {
class Items_Controller extends Controller {
public function __call($function, $args) {
$item = ORM::factory("item", (int)$function);
if (!$item->loaded) {
return Kohana::show_404();
}
// Redirect to the more specific resource type, since it will render
// differently. We could also just delegate here, but it feels more appropriate
// to have a single canonical resource mapping.
access::required("view", $item);
return url::redirect($item->abs_url());
return $this->_show($item);
}
}

16
modules/gallery/controllers/movies.php
View File

@@ -18,10 +18,6 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Movies_Controller extends Items_Controller {
/**
* @see REST_Controller::_show($resource)
*/
public function _show($movie) {
access::required("view", $movie);
@@ -53,11 +49,9 @@ class Movies_Controller extends Items_Controller {
print $template;
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($movie) {
public function update($movie_id) {
access::verify_csrf();
$movie = ORM::factory("item", $movie_id);
access::required("view", $movie);
access::required("edit", $movie);
@@ -120,10 +114,8 @@ class Movies_Controller extends Items_Controller {
}
}
/**
* @see REST_Controller::_form_edit($resource)
*/
public function _form_edit($movie) {
public function form_edit($movie_id) {
$movie = ORM::factory("item", $movie_id);
access::required("view", $movie);
access::required("edit", $movie);
print movie::get_edit_form($movie);

17
modules/gallery/controllers/photos.php
View File

@@ -18,10 +18,6 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Photos_Controller extends Items_Controller {
/**
* @see REST_Controller::_show($resource)
*/
public function _show($photo) {
access::required("view", $photo);
@@ -53,12 +49,9 @@ class Photos_Controller extends Items_Controller {
print $template;
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($photo) {
public function update($photo_id) {
access::verify_csrf();
$photo = ORM::factory("item", $photo_id);
access::required("view", $photo);
access::required("edit", $photo);
@@ -125,10 +118,8 @@ class Photos_Controller extends Items_Controller {
}
}
/**
* @see REST_Controller::_form_edit($resource)
*/
public function _form_edit($photo) {
public function form_edit($photo_id) {
$photo = ORM::factory("item", $photo_id);
access::required("view", $photo);
access::required("edit", $photo);

183
modules/gallery/controllers/rest.php
View File

@@ -1,183 +0,0 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/**
* This abstract controller makes it easy to create a RESTful controller. To use it, create a
* subclass which defines the resource type and implements get/post/put/delete methods, like this:
*
* class Comment_Controller extends REST_Controller {
* protected $resource_type = "comment"; // this tells REST which model to use
*
* public function _index() {
* // Handle GET request to /controller
* }
*
* public function _show(ORM $comment) {
* // Handle GET request to /comments/{comment_id}
* }
*
* public function _update(ORM $comment) {
* // Handle PUT request to /comments/{comment_id}
* }
*
* public function _create(ORM $comment) {
* // Handle POST request to /comments
* }
*
* public function _delete(ORM $comment) {
* // Handle DELETE request to /comments/{comments_id}
* }
*
* public function _form_add($parameters) {
* // Handle GET request to /form/add/comments
* // Show a form for creating a new comment
* }
*
* public function _form_edit(ORM $comment) {
* // Handle GET request to /form/edit/comments
* // Show a form for editing an existing comment
* }
*
* A request to http://example.com/gallery3/comments/3 will result in a call to
* REST_Controller::__call(3) which will load up the comment associated with id 3. If there's
* no such comment, it returns a 404. Otherwise, it will then delegate to
* Comment_Controller::get() with the ORM instance as an argument.
*/
class REST_Controller extends Controller {
protected $resource_type = null;
public function __construct() {
if ($this->resource_type == null) {
throw new Exception("@todo ERROR_MISSING_RESOURCE_TYPE");
}
parent::__construct();
}
/**
* Handle dispatching for all REST controllers.
*/
public function __call($function, $args) {
// If no parameter was provided after the controller name (eg "/albums") then $function will
// be set to "index". Otherwise, $function is the first parameter, and $args are all
// subsequent parameters.
$request_method = rest::request_method();
if ($function == "index" && $request_method == "get") {
return $this->_index();
}
$resource = ORM::factory($this->resource_type, (int)$function);
if (!$resource->loaded() && $request_method != "post") {
return Kohana::show_404();
}
switch ($request_method) {
case "get":
return $this->_show($resource);
case "put":
access::verify_csrf();
return $this->_update($resource);
case "delete":
access::verify_csrf();
return $this->_delete($resource);
case "post":
access::verify_csrf();
return $this->_create($resource);
}
}
/* We're editing an existing item, load it from the database. */
public function form_edit($resource_id) {
if ($this->resource_type == null) {
throw new Exception("@todo ERROR_MISSING_RESOURCE_TYPE");
}
$resource = ORM::factory($this->resource_type, $resource_id);
if (!$resource->loaded()) {
return Kohana::show_404();
}
// Security checks must be performed in _form_edit
return $this->_form_edit($resource);
}
/* We're adding a new item, pass along any additional parameters. */
public function form_add($parameters) {
// Security checks must be performed in _form_add
return $this->_form_add($parameters);
}
/**
* Perform a GET request on the controller root
* (e.g. http://www.example.com/gallery3/comments)
*/
public function _index() {
throw new Exception("@todo _create NOT IMPLEMENTED");
}
/**
* Perform a POST request on this resource
* @param ORM $resource the instance of this resource type
*/
public function _create($resource) {
throw new Exception("@todo _create NOT IMPLEMENTED");
}
/**
* Perform a GET request on this resource
* @param ORM $resource the instance of this resource type
*/
public function _show($resource) {
throw new Exception("@todo _show NOT IMPLEMENTED");
}
/**
* Perform a PUT request on this resource
* @param ORM $resource the instance of this resource type
*/
public function _update($resource) {
throw new Exception("@todo _update NOT IMPLEMENTED");
}
/**
* Perform a DELETE request on this resource
* @param ORM $resource the instance of this resource type
*/
public function _delete($resource) {
throw new Exception("@todo _delete NOT IMPLEMENTED");
}
/**
* Present a form for adding a new resource
* @param string part of the URI after the controller name
*/
public function _form_add($parameter) {
throw new Exception("@todo _form_add NOT IMPLEMENTED");
}
/**
* Present a form for editing an existing resource
* @param ORM $resource the resource container for instances of this resource type
*/
public function _form_edit($resource) {
throw new Exception("@todo _form_edit NOT IMPLEMENTED");
}
}

4
modules/gallery/helpers/album.php
View File

@@ -92,7 +92,7 @@ class album_Core {
}
static function get_add_form($parent) {
$form = new Forge("albums/{$parent->id}", "", "post", array("id" => "g-add-album-form"));
$form = new Forge("albums/create/{$parent->id}", "", "post", array("id" => "g-add-album-form"));
$group = $form->group("add_album")
->label(t("Add an album to %album_title", array("album_title" => $parent->title)));
$group->input("title")->label(t("Title"));
@@ -114,7 +114,7 @@ class album_Core {
}
static function get_edit_form($parent) {
$form = new Forge("albums/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
$form = new Forge("albums/update/{$parent->id}", "", "post", array("id" => "g-edit-album-form"));
$form->hidden("_method")->value("put");
$group = $form->group("edit_item")->label(t("Edit Album"));

2
modules/gallery/helpers/movie.php
View File

@@ -129,7 +129,7 @@ class movie_Core {
}
static function get_edit_form($movie) {
$form = new Forge("movies/$movie->id", "", "post", array("id" => "g-edit-movie-form"));
$form = new Forge("movies/update/$movie->id", "", "post", array("id" => "g-edit-movie-form"));
$form->hidden("_method")->value("put");
$group = $form->group("edit_item")->label(t("Edit Movie"));
$group->input("title")->label(t("Title"))->value($movie->title);

21
modules/gallery/helpers/photo.php
View File

@@ -137,27 +137,8 @@ class photo_Core {
return $photo;
}
static function get_add_form($parent) {
$form = new Forge("albums/{$parent->id}", "", "post", array("id" => "g-add-photo-form"));
$group = $form->group("add_photo")->label(
t("Add Photo to %album_title", array("album_title" => $parent->title)));
$group->input("title")->label(t("Title"));
$group->textarea("description")->label(t("Description"));
$group->input("name")->label(t("Filename"));
$group->input("slug")->label(t("Internet Address"))->value($photo->slug)
->callback("item::validate_url_safe")
->error_messages(
"not_url_safe",
t("The internet address should contain only letters, numbers, hyphens and underscores"));
$group->upload("file")->label(t("File"))->rules("required|allow[jpg,png,gif,flv,mp4]");
$group->hidden("type")->value("photo");
$group->submit("")->value(t("Upload"));
$form->add_rules_from(ORM::factory("item"));
return $form;
}
static function get_edit_form($photo) {
$form = new Forge("photos/$photo->id", "", "post", array("id" => "g-edit-photo-form"));
$form = new Forge("photos/update/$photo->id", "", "post", array("id" => "g-edit-photo-form"));
$form->hidden("_method")->value("put");
$group = $form->group("edit_item")->label(t("Edit Photo"));
$group->input("title")->label(t("Title"))->value($photo->title);

116
modules/gallery/helpers/rest.php
View File

@@ -1,116 +0,0 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class rest_Core {
const OK = "200 OK";
const CREATED = "201 Created";
const ACCEPTED = "202 Accepted";
const NO_CONTENT = "204 No Content";
const RESET_CONTENT = "205 Reset Content";
const PARTIAL_CONTENT = "206 Partial Content";
const MOVED_PERMANENTLY = "301 Moved Permanently";
const FOUND = "302 Found";
const SEE_OTHER = "303 See Other";
const NOT_MODIFIED = "304 Not Modified";
const TEMPORARY_REDIRECT = "307 Temporary Redirect";
const BAD_REQUEST = "400 Bad Request";
const UNAUTHORIZED = "401 Unauthorized";
const FORBIDDEN = "403 Forbidden";
const NOT_FOUND = "404 Not Found";
const METHOD_NOT_ALLOWED = "405 Method Not Allowed";
const NOT_ACCEPTABLE = "406 Not Acceptable";
const CONFLICT = "409 Conflict";
const GONE = "410 Gone";
const LENGTH_REQUIRED = "411 Length Required";
const PRECONDITION_FAILED = "412 Precondition Failed";
const UNSUPPORTED_MEDIA_TYPE = "415 Unsupported Media Type";
const EXPECTATION_FAILED = "417 Expectation Failed";
const INTERNAL_SERVER_ERROR = "500 Internal Server Error";
const SERVICE_UNAVAILABLE = "503 Service Unavailable";
const XML = "application/xml";
const ATOM = "application/atom+xml";
const RSS = "application/rss+xml";
const JSON = "application/json";
const HTML = "text/html";
/**
* We're expecting to run in an environment that only supports GET/POST, so expect to tunnel
* PUT and DELETE through POST.
*
* Returns the HTTP request method taking into consideration PUT/DELETE tunneling.
* @return string HTTP request method
*/
static function request_method() {
if (request::method() == "get") {
return "get";
} else {
$input = Input::instance();
switch (strtolower($input->post("_method", $input->get("_method", request::method())))) {
case "put": return "put";
case "delete": return "delete";
default: return "post";
}
}
}
/**
* Choose an output format based on what the client prefers to accept.
* @return string "html", "xml" or "json"
*/
static function output_format() {
// Pick a format, but let it be overridden.
$input = Input::instance();
$fmt = $input->get(
"_format", $input->post(
"_format", request::preferred_accept(
array("xhtml", "html", "xml", "json"))));
// Some browsers (Chrome!) prefer xhtml over html, but we'll normalize this to html for now.
if ($fmt == "xhtml") {
$fmt = "html";
}
return $fmt;
}
/**
* Set HTTP response code.
* @param string Use one of the status code constants defined in this class.
*/
static function http_status($status_code) {
header("HTTP/1.1 " . $status_code);
}
/**
* Set HTTP Location header.
* @param string URL
*/
static function http_location($url) {
header("Location: " . $url);
}
/**
* Set HTTP Content-Type header.
* @param string content type
*/
static function http_content_type($type) {
header("Content-Type: " . $type);
}
}

3
modules/gallery/tests/Albums_Controller_Test.php
View File

@@ -48,7 +48,8 @@ class Albums_Controller_Test extends Unit_Test_Case {
access::allow(identity::everybody(), "edit", $root);
ob_start();
$controller->_update($this->_album);
$controller->update($this->_album->id);
$this->_album->reload();
$results = ob_get_contents();
ob_end_clean();

16
modules/gallery/tests/Controller_Auth_Test.php
View File

@@ -18,11 +18,6 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Controller_Auth_Test extends Unit_Test_Case {
static $rest_methods = array("_index", "_show", "_form_edit", "_form_add", "_create",
"_update", "_delete");
static $rest_methods_with_csrf_check = array("_update", "_delete", "_create");
public function find_missing_auth_test() {
$found = array();
$controllers = explode("\n", `git ls-files '*/*/controllers/*.php'`);
@@ -46,7 +41,6 @@ class Controller_Auth_Test extends Unit_Test_Case {
}
$is_admin_controller = false;
$is_rest_controller = false;
$open_braces = 0;
$function = null;
@@ -64,7 +58,6 @@ class Controller_Auth_Test extends Unit_Test_Case {
$function = null;
} else if ($open_braces == 0) {
$is_admin_controller = false;
$is_rest_controller = false;
}
} else if ($token == "{") {
$open_braces++;
@@ -75,8 +68,6 @@ class Controller_Auth_Test extends Unit_Test_Case {
if ($open_braces == 0 && $token[0] == T_EXTENDS) {
if (self::_token_matches(array(T_STRING, "Admin_Controller"), $tokens, $token_number + 1)) {
$is_admin_controller = true;
} else if (self::_token_matches(array(T_STRING, "REST_Controller"), $tokens, $token_number + 1)) {
$is_rest_controller = true;
}
} else if ($open_braces == 1 && $token[0] == T_FUNCTION) {
$line = $token[2];
@@ -101,13 +92,8 @@ class Controller_Auth_Test extends Unit_Test_Case {
$is_rss_feed = $name == "feed" && strpos(basename($controller), "_rss.php");
if ((!$is_static || $is_rss_feed) &&
(!$is_private ||
($is_rest_controller && in_array($name, self::$rest_methods)))) {
if ((!$is_static || $is_rss_feed) && !$is_private) {
$function = self::_function($name, $line, $is_admin_controller);
if ($is_rest_controller && in_array($name, self::$rest_methods_with_csrf_check)) {
$function->checks_csrf(true);
}
}
}

1
modules/gallery/tests/Database_Test.php
View File

@@ -138,7 +138,6 @@ class Database_For_Test extends Database {
public function query($sql = '') {
if (!empty($sql)) {
print " query($sql)\n";
$sql = $this->add_table_prefixes($sql);
}
return $sql;

3
modules/gallery/tests/Photos_Controller_Test.php
View File

@@ -44,7 +44,8 @@ class Photos_Controller_Test extends Unit_Test_Case {
access::allow(identity::everybody(), "edit", $root);
ob_start();
$controller->_update($photo);
$controller->update($photo->id);
$photo->reload();
$results = ob_get_contents();
ob_end_clean();

197
modules/gallery/tests/REST_Controller_Test.php
View File

@@ -1,197 +0,0 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class REST_Controller_Test extends Unit_Test_Case {
public function setup() {
$this->_post = $_POST;
$this->mock_controller = new Mock_RESTful_Controller("mock");
$this->mock_not_loaded_controller = new Mock_RESTful_Controller("mock_not_loaded");
$_POST = array();
}
public function teardown() {
$_POST = $this->_post;
}
public function dispatch_index_test() {
$_SERVER["REQUEST_METHOD"] = "GET";
$_POST["_method"] = "";
$this->mock_controller->__call("index", "");
$this->assert_equal("index", $this->mock_controller->method_called);
}
public function dispatch_show_test() {
$_SERVER["REQUEST_METHOD"] = "GET";
$_POST["_method"] = "";
$this->mock_controller->__call("3", "");
$this->assert_equal("show", $this->mock_controller->method_called);
$this->assert_equal("Mock_Model", get_class($this->mock_controller->resource));
}
public function dispatch_update_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "PUT";
$_POST["csrf"] = access::csrf_token();
$this->mock_controller->__call("3", "");
$this->assert_equal("update", $this->mock_controller->method_called);
$this->assert_equal("Mock_Model", get_class($this->mock_controller->resource));
}
public function dispatch_update_fails_without_csrf_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "PUT";
try {
$this->mock_controller->__call("3", "");
$this->assert_false(true, "this should fail with a forbidden exception");
} catch (Exception $e) {
// pass
}
}
public function dispatch_delete_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "DELETE";
$_POST["csrf"] = access::csrf_token();
$this->mock_controller->__call("3", "");
$this->assert_equal("delete", $this->mock_controller->method_called);
$this->assert_equal("Mock_Model", get_class($this->mock_controller->resource));
}
public function dispatch_delete_fails_without_csrf_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "DELETE";
try {
$this->mock_controller->__call("3", "");
$this->assert_false(true, "this should fail with a forbidden exception");
} catch (Exception $e) {
// pass
}
}
public function dispatch_404_test() {
/* The dispatcher should throw a 404 if the resource isn't loaded and the method isn't POST. */
$methods = array(
array("GET", ""),
array("POST", "PUT"),
array("POST", "DELETE"));
foreach ($methods as $method) {
$_SERVER["REQUEST_METHOD"] = $method[0];
$_POST["_method"] = $method[1];
$exception_caught = false;
try {
$this->mock_not_loaded_controller->__call(rand(), "");
} catch (Kohana_404_Exception $e) {
$exception_caught = true;
}
$this->assert_true($exception_caught, "$method[0], $method[1]");
}
}
public function dispatch_create_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "";
$_POST["csrf"] = access::csrf_token();
$this->mock_not_loaded_controller->__call("", "");
$this->assert_equal("create", $this->mock_not_loaded_controller->method_called);
$this->assert_equal(
"Mock_Not_Loaded_Model", get_class($this->mock_not_loaded_controller->resource));
}
public function dispatch_create_fails_without_csrf_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["_method"] = "";
try {
$this->mock_not_loaded_controller->__call("", "");
$this->assert_false(true, "this should fail with a forbidden exception");
} catch (Exception $e) {
// pass
}
}
public function dispatch_form_test_add() {
$this->mock_controller->form_add("args");
$this->assert_equal("form_add", $this->mock_controller->method_called);
$this->assert_equal("args", $this->mock_controller->resource);
}
public function dispatch_form_test_edit() {
$this->mock_controller->form_edit("1");
$this->assert_equal("form_edit", $this->mock_controller->method_called);
$this->assert_equal("Mock_Model", get_class($this->mock_controller->resource));
}
public function routes_test() {
$this->assert_equal("mock/form_add/args", router::routed_uri("form/add/mock/args"));
$this->assert_equal("mock/form_edit/args", router::routed_uri("form/edit/mock/args"));
$this->assert_equal(null, router::routed_uri("rest/args"));
}
}
class Mock_RESTful_Controller extends REST_Controller {
public $method_called;
public $resource;
public function __construct($type) {
$this->resource_type = $type;
parent::__construct();
}
public function _index() {
$this->method_called = "index";
}
public function _create($resource) {
$this->method_called = "create";
$this->resource = $resource;
}
public function _show($resource) {
$this->method_called = "show";
$this->resource = $resource;
}
public function _update($resource) {
$this->method_called = "update";
$this->resource = $resource;
}
public function _delete($resource) {
$this->method_called = "delete";
$this->resource = $resource;
}
public function _form_add($args) {
$this->method_called = "form_add";
$this->resource = $args;
}
public function _form_edit($resource) {
$this->method_called = "form_edit";
$this->resource = $resource;
}
}
class Mock_Model {
public $loaded = true;
}
class Mock_Not_Loaded_Model {
public $loaded = false;
}

45
modules/gallery/tests/REST_Helper_Test.php
View File

@@ -1,45 +0,0 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2009 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class REST_Helper_Test extends Unit_Test_Case {
public function setup() {
$this->_post = $_POST;
}
public function teardown() {
$_POST = $this->_post;
}
public function request_method_test() {
foreach (array("GET", "POST") as $method) {
foreach (array("", "PUT", "DELETE") as $tunnel) {
if ($method == "GET") {
$expected = "GET";
} else {
$expected = $tunnel == "" ? $method : $tunnel;
}
$_SERVER["REQUEST_METHOD"] = $method;
$_POST["_method"] = $tunnel;
$this->assert_equal(strtolower(rest::request_method()), strtolower($expected),
"Request method: {$method}, tunneled: {$tunnel}");
}
}
}
}

16
modules/gallery/tests/controller_auth_data.txt
View File

@@ -1,11 +1,9 @@
modules/comment/controllers/admin_comments.php queue DIRTY_CSRF
modules/comment/controllers/comments.php _index DIRTY_CSRF
modules/comment/helpers/comment_rss.php feed DIRTY_AUTH
modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH
modules/digibug/controllers/digibug.php close_window DIRTY_AUTH
modules/gallery/controllers/admin.php __call DIRTY_AUTH
modules/gallery/controllers/albums.php _show DIRTY_CSRF
modules/gallery/controllers/albums.php _form_add DIRTY_CSRF
modules/gallery/controllers/combined.php javascript DIRTY_AUTH
modules/gallery/controllers/combined.php css DIRTY_AUTH
modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH
@@ -15,17 +13,6 @@ modules/gallery/controllers/login.php html
modules/gallery/controllers/login.php auth_html DIRTY_AUTH
modules/gallery/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH
modules/gallery/controllers/maintenance.php index DIRTY_AUTH
modules/gallery/controllers/rest.php __construct DIRTY_AUTH
modules/gallery/controllers/rest.php __call DIRTY_AUTH
modules/gallery/controllers/rest.php form_edit DIRTY_AUTH
modules/gallery/controllers/rest.php form_add DIRTY_AUTH
modules/gallery/controllers/rest.php _index DIRTY_AUTH
modules/gallery/controllers/rest.php _create DIRTY_AUTH
modules/gallery/controllers/rest.php _show DIRTY_AUTH
modules/gallery/controllers/rest.php _update DIRTY_AUTH
modules/gallery/controllers/rest.php _delete DIRTY_AUTH
modules/gallery/controllers/rest.php _form_add DIRTY_AUTH
modules/gallery/controllers/rest.php _form_edit DIRTY_AUTH
modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH
modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH
modules/gallery/controllers/upgrader.php index DIRTY_AUTH
@@ -35,6 +22,7 @@ modules/search/controllers/search.php index
modules/server_add/controllers/admin_server_add.php autocomplete DIRTY_CSRF
modules/server_add/controllers/server_add.php children DIRTY_CSRF
modules/tag/controllers/admin_tags.php index DIRTY_CSRF
modules/tag/controllers/tags.php _show DIRTY_CSRF|DIRTY_AUTH
modules/tag/controllers/tags.php show DIRTY_CSRF|DIRTY_AUTH
modules/tag/controllers/tags.php autocomplete DIRTY_CSRF|DIRTY_AUTH
modules/user/controllers/password.php reset DIRTY_AUTH
modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH

4
modules/gallery/tests/xss_data.txt
View File

@@ -298,8 +298,8 @@ modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY_JS url::s
modules/server_add/views/server_add_tree_dialog.html.php 21 DIRTY $tree
modules/tag/views/admin_tags.html.php 45 DIRTY_ATTR $tag->id
modules/tag/views/admin_tags.html.php 46 DIRTY $tag->count
modules/tag/views/tag_block.html.php 27 DIRTY $cloud
modules/tag/views/tag_block.html.php 29 DIRTY $form
modules/tag/views/tag_block.html.php 25 DIRTY $cloud
modules/tag/views/tag_block.html.php 27 DIRTY $form
modules/tag/views/tag_cloud.html.php 4 DIRTY_ATTR (int)(($tag->count/$max_count)*7)
modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count
modules/tag/views/tag_cloud.html.php 6 DIRTY_JS $tag->url()

2
modules/rss/controllers/rss.php
View File

@@ -62,7 +62,7 @@ class Rss_Controller extends Controller {
url::abs_site(str_replace("&", "&amp;", url::merge(array("page" => $page + 1))));
}
rest::http_content_type(rest::RSS);
header("Content-Type: application/rss+xml");
print $view;
}
}

2
modules/rss/helpers/rss.php
View File

@@ -31,6 +31,6 @@ class rss_Core {
*/
static function feed_link($uri) {
$url = url::site("rss/feed/$uri");
return "<link rel=\"alternate\" type=\"" . rest::RSS . "\" href=\"$url\" />";
return "<link rel=\"alternate\" type=\"application/rss+xml\" href=\"$url\" />";
}
}

24
modules/tag/controllers/tags.php
View File

@@ -17,10 +17,9 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Tags_Controller extends REST_Controller {
protected $resource_type = "tag";
public function _show($tag) {
class Tags_Controller extends Controller {
public function show($tag_id) {
$tag = ORM::factory("tag", $tag_id);
$page_size = module::get_var("gallery", "page_size", 9);
$page = (int) $this->input->get("page", "1");
$children_count = $tag->items_count();
@@ -47,15 +46,15 @@ class Tags_Controller extends REST_Controller {
print $template;
}
public function _index() {
public function index() {
// Far from perfection, but at least require view permission for the root album
$album = ORM::factory("item", 1);
access::required("view", $album);
print tag::cloud(30);
}
public function _create($tag) {
$item = ORM::factory("item", $this->input->post("item_id"));
public function create($item_id) {
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
@@ -70,8 +69,7 @@ class Tags_Controller extends REST_Controller {
print json_encode(
array("result" => "success",
"resource" => url::site("tags/{$tag->id}"),
"form" => tag::get_add_form($item)->__toString()));
"cloud" => tag::cloud(30)->__toString()));
} else {
print json_encode(
array("result" => "error",
@@ -79,14 +77,6 @@ class Tags_Controller extends REST_Controller {
}
}
public function _form_add($item_id) {
$item = ORM::factory("item", $item_id);
access::required("view", $item);
access::required("edit", $item);
return tag::get_add_form($item);
}
public function autocomplete() {
$tags = array();
$tag_parts = preg_split("#,#", $this->input->get("q"));

2
modules/tag/helpers/tag.php
View File

@@ -101,7 +101,7 @@ class tag_Core {
}
static function get_add_form($item) {
$form = new Forge("tags", "", "post", array("id" => "g-add-tag-form", "class" => "g-short-form"));
$form = new Forge("tags/create/{$item->id}", "", "post", array("id" => "g-add-tag-form", "class" => "g-short-form"));
$label = $item->is_album() ?
t("Add tag to album") :
($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie"));

2
modules/tag/models/tag.php
View File

@@ -110,7 +110,7 @@ class Tag_Model extends ORM {
* @param string $query the query string (eg "page=3")
*/
public function url($query=null) {
$url = url::site("tags/$this->id");
$url = url::site("tags/show/$this->id");
if ($query) {
$url .= "?$query";
}

4
modules/tag/views/tag_block.html.php
View File

@@ -14,9 +14,7 @@
dataType: "json",
success: function(data) {
if (data.result == "success") {
$.get($("#g-tag-cloud").attr("ref"), function(data, textStatus) {
$("#g-tag-cloud").html(data);
});
$("#g-tag-cloud").html(data.cloud);
}
$("#g-add-tag-form").resetForm();
}