Commit Graph
61 Commits
Author SHA1 Message Date
Bharat Mediratta 161a85d3f5 Enable profiling output in the HTML output for REST. Fixes #1535. 2010-12-16 20:37:44 -08:00
Bharat Mediratta cd48b89f31 Consolidate all the random code into a random helper that offers:
random::hash()
  random::string()
  random::percent()
  random::int()

So that we don't have lots of different ways to get random values all
over the code.  Follow-on to #1527.
2010-12-15 14:57:00 -08:00
Bharat Mediratta 45c63f4d11 Use mt_rand() instead of rand() since it provides better portability.
Fixes #1527.
2010-12-15 12:48:56 -08:00
Bharat Mediratta 554ca2e683 Take into account the core.url_suffix configuration setting when
parsing REST urls.  This fixes the problem that setting the url suffix
breaks REST.  Fixes #1500.
2010-11-22 22:01:11 -08:00
Bharat Mediratta 70c8572ea1 Make RENAME TABLE operations idempotent so that in case there's a
failure of some kind we can restart the upgrade and it'll continue.
Fixes ticket #1325.
2010-09-01 22:19:44 -07:00
Bharat Mediratta ff1d8aea2f We use UTF-8 everywhere. Fixes ticket #1285. 2010-08-15 01:59:54 -07:00
Bharat Mediratta a94bb19798 Force the charset to UTF-8 when viewing the HTML form of REST output. 2010-08-09 23:01:47 -07:00
Bharat Mediratta 541a084cc1 "REST api" --> "REST API". 2010-08-08 21:51:26 -07:00
Bharat Mediratta 0014745d4a Add a button to the user profile page to let you reset your REST API
key.  This is useful if you think it's been compromised in some way.
Fixes ticket #1226.
2010-08-08 21:49:30 -07:00
Bharat Mediratta d6f5a8a8d1 Add JSONP support. You must specify &output=jsonp?callback=<js_function>
Fixes ticket #1205.
2010-08-08 15:02:24 -07:00
Bharat Mediratta ded9ed4df8 Create a registry of REST resources and call it "registry".. Pretty
simple, actually.  Fixes ticket #1173.
2010-08-08 11:35:36 -07:00
Tim Almdal 48c2e73048 More patches as part of #1225. Change the 'core' modules to use the json::reply
method to set the content type header and encode the response as a json object
2010-07-23 23:05:39 -07:00
Bharat Mediratta fa404589d6 Oops. Fix up a bad instance of $user in rest::access_key() introduced
in my last change.
2010-06-19 10:24:26 -07:00
Bharat Mediratta 9b78867427 Simplify rest::get_access_key($user) to rest::access_key() that
returns just the access key string for the active user.  That's how we
use the API, so keep it simple.
2010-06-18 20:43:14 -07:00
Bharat Mediratta 57b53e6193 Guard against relationships() not returning an array. 2010-06-15 20:21:10 -07:00
Bharat Mediratta 2c1e3800ef Send back the REST API version as a header. It's on every request,
which sucks, but it's totally unobtrusive because it's a header so
that's ok.  Decided that the current version is "3.0" although it will
surely change before the final 3.0 release.

Fixes ticket #1148
2010-06-11 14:59:17 -07:00
Tim Almdal fef5cf9865 If the identity provider changes then delete all the rest user_access_keys, as they are no longer valid. (i.e. all the related users have been deleted.) 2010-06-07 07:09:39 -07:00
Bharat Mediratta 481ef823dd Add an advanced setting to allow developers to allow guest access to
REST entities.
2010-06-05 19:45:15 -07:00
Bharat Mediratta 668c12da1c Rest -> REST 2010-03-30 20:47:45 -07:00
Bharat Mediratta ca977dce51 Rename "access_token" to "access_key" in the code for consistency. 2010-03-30 14:01:40 -07:00
Bharat Mediratta 59b6cd30e6 Rename "user_access_tokens" table to "user_access_keys" as step 1 of a
multi step process to refer to REST access keys as "access_key"
everywhere.  Bump the rest module to version 2.
2010-03-30 13:53:14 -07:00
Bharat Mediratta 05d345e16d Guests don't get access to the REST API. 2010-03-03 10:17:48 -08:00
Bharat Mediratta c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Bharat Mediratta 1377b2c7b3 When using rest::reply(), don't call var_export() if the response is empty. 2010-02-20 10:24:29 -08:00
Bharat Mediratta d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Tim Almdal f37b93a7eb If the return object is empty still return the empty object in the json response. 2010-02-14 07:31:11 -08:00
Bharat Mediratta c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
2010-01-31 16:07:41 -08:00
Andy Staudacher 1470b99d1f Protect REST login controller from brute force attacks too.
And make the REST auth token less predictable by using a better source for randomness.
2010-01-30 21:42:57 -08:00
Bharat Mediratta dcba664f74 Use ? or & as appropriate when appending output=html. 2010-01-29 20:37:48 -08:00
Bharat Mediratta a95609849e Use var_export instead of print_r for better clarity. 2010-01-29 14:53:40 -08:00
Bharat Mediratta 1606961153 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev
Conflicts:
	modules/gallery/libraries/MY_ORM.php
2010-01-25 19:49:17 -08:00
Tim Almdal 865995305c Add the active notifications and rest api key to user profile page. 2010-01-24 20:14:01 -08:00
Bharat Mediratta a0c6d055d1 output_type --> output 2010-01-22 00:53:44 -08:00
Bharat Mediratta bcf1caad14 Reshape the rest code to be more consistent with regards to
relationships.  Now when you view a resource, it has 4 top level
elements:

url: the url of this resource
resource: array of key value pairs describing the resource
members: array of urls to members of this collection
relationships: array of array of members.

Relationships are a special type of collection that links two
different resources together.  To remove a relationship, just
DELETE its url.  To create a relationship, POST to its
collection.

Individual modules can add their own relationships to any
resource via a callback mechanism.

Example:
  Array(
    [url] => http://g3.com/rest/item/1
    [resource] => Array (
      [id] => 1
      [album_cover_item_id] => 4
      [captured] =>
      [created] => 1264056417
      [description] =>
      [height] =>
      ...
    )
    [members] => Array(
      [0] => http://g3.com/rest/item/2
      [1] => http://g3.com/rest/item/3
      [2] => http://g3.com/rest/item/4
      [3] => http://g3.com/rest/item/5
      ...
    )
    [relationships] => Array(
      [tags] => Array (
      [0] => http://g3.com/rest/tag_item/2,1
      [1] => http://g3.com/rest/tag_item/23,1
      )
    )
  )
2010-01-22 00:27:00 -08:00
Bharat Mediratta a0c9979418 whitespace. 2010-01-21 20:12:28 -08:00
Bharat Mediratta 3a26ace065 Improve robustness in resolve() against bad urls.. 2010-01-20 21:15:44 -08:00
Bharat Mediratta 5119d58e7f Move access key creation into a helper function. 2010-01-20 00:07:03 -08:00
Bharat Mediratta c65eca0607 Move rest::send_headers back into Rest_Exception. 2010-01-19 23:30:09 -08:00
Bharat Mediratta a774dc5447 Don't send headers if they're already sent. 2010-01-19 22:38:03 -08:00
Bharat Mediratta b8c09b6d87 Use an appropriate json content type 2010-01-19 19:31:24 -08:00
Bharat Mediratta c590fed132 Change rest::url() to take a module name and a resource. The module
does the rest.  This function is symmetrical to rest::resolve.
2010-01-19 01:33:57 -08:00
Bharat Mediratta 2c0b0aaebc Add rest::url() for convenience. 2010-01-19 00:35:32 -08:00
Bharat Mediratta 8fa9ba636b Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 2010-01-10 10:19:46 -08:00
Tim Almdal a11bf29507 Fix for ticket #972 and more. In Kohana 2.4, ORM::delete_all ignores any where
clauses and deletes all the entries in the table unless an array of id's are
passed as the parameter.  This fix used the Database_builder to specify any where
conditions. Thanks psvo for find the first one. :-)
2010-01-09 23:57:16 -08:00
Bharat Mediratta d43badb4ec Change url parsing in resolve() to ignore the query string. 2010-01-08 11:11:38 -08:00
Bharat Mediratta 3fffa18e65 Further progress on refining the REST server side code.
1) Deal in fully qualified URL resources through the rest
   interface.  All rest methods are now passed the complete url in
   request->url.

2) Create rest::resolve() which lets individual resource definition
   code convert a full url into the appropriate matching resource.
   Implement gallery_rest::resolve() and tag_rest::resolve()

3) Reimplement tag_rest's get() and post() methods.  They're much
   simpler now.

4) Implement the tags_rest helper which supports working with the
   entire tags collection.
2010-01-04 21:48:21 -08:00
Bharat Mediratta 0e3327bca7 Simplify the REST API code. Here's what I did:
1) Simplify gallery_rest to return flat models, no children and do no
   validation for now.
2) Flatten the REST replies and use HTTP codes to indicate
   success/failure instead of additional status messages.
3) Use the message and error code support in the base Exception class,
   instead of brewing our own in Rest_Exception.
4) Get rid of rest::success() and rest::fail() -- we only need
   rest::reply() since all failures are covered by throwing an
   exception.
5) Get rid of /rest/access_key and just use /rest for authentication.
6) Inline and simplify rest::normalize_request since we only use it once
7) Change rest::set_active_user to succeed or throw an exception
8) Extract Rest_Exception::sendHeaders into rest::send_headers()

Here's what's currently broken:
1) Data validation.  There currently is none
2) Logging.  That's gone too
3) image block and tag code is broken
4) Tests are broken
5) No movie support
2010-01-03 20:30:35 -08:00
Tim Almdal 5b9801092b Remove the Rest_Exception::trigger method. 2010-01-02 16:55:06 -08:00
Tim Almdal 28597ba533 Correct file structure tests, Have the tests delete the userid they create so as not to impact other tests. 2010-01-02 14:31:59 -08:00
Tim Almdal 4611eb2142 Move the set_active_user and normalize_request methods to rest.php helper 2009-12-31 12:32:54 -08:00