Commit Graph

73 Commits

Author SHA1 Message Date
Tim Almdal
f2ed1eeab2 Merge branch 'master' into talmdal_dev
Conflicts:
	modules/rest/controllers/rest.php
2010-03-31 07:14:06 -07:00
Bharat Mediratta
ca977dce51 Rename "access_token" to "access_key" in the code for consistency. 2010-03-30 14:01:40 -07:00
Bharat Mediratta
59b6cd30e6 Rename "user_access_tokens" table to "user_access_keys" as step 1 of a
multi step process to refer to REST access keys as "access_key"
everywhere.  Bump the rest module to version 2.
2010-03-30 13:53:14 -07:00
Tim Almdal
7b35091b47 If the access token is not set, then look in the post data. 2010-03-21 20:45:22 -07:00
Tim Almdal
48b8b4f689 Merge branch 'master' into talmdal_dev 2010-03-13 23:11:53 -08:00
Tim Almdal
13f5d3aa33 Whitespace correction 2010-03-13 23:11:33 -08:00
Tim Almdal
5467e21e8b Changes to support updating the child elements within an album. In this change the urls of the children are sent up asan array of post fields children[0].... children[n]. If an existing child is not included it is deleted. Including a url to an child in another album will move the child. Changing the order of the children will respect the order of the children, if the sort column is 'weight' 2010-03-13 08:39:06 -08:00
Bharat Mediratta
9314533048 Update tests to reflect the fact that you have to be logged in to do anything. 2010-03-13 08:39:05 -08:00
Bharat Mediratta
c69f5f4906 Guests don't get access to the REST API. 2010-03-13 08:39:05 -08:00
Bharat Mediratta
be580c9554 Update tests to reflect the fact that you have to be logged in to do anything. 2010-03-05 21:42:39 -08:00
Bharat Mediratta
05d345e16d Guests don't get access to the REST API. 2010-03-03 10:17:48 -08:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Tim Almdal
7d7da6eb0a Remove redundant print statement. rest::reply() does the print so having the extra print statement could lead to problems. 2010-02-24 11:49:53 -08:00
Bharat Mediratta
1377b2c7b3 When using rest::reply(), don't call var_export() if the response is empty. 2010-02-20 10:24:29 -08:00
Bharat Mediratta
d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Tim Almdal
f37b93a7eb If the return object is empty still return the empty object in the json response. 2010-02-14 07:31:11 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
2010-02-07 08:45:10 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
2010-01-31 16:07:41 -08:00
Bharat Mediratta
d92ee7954e Refactory auth::too_many_failed_logins() out of
auth::validate_too_many_failed_logins() to conceptually separate the
two.
2010-01-30 23:15:18 -08:00
Andy Staudacher
1470b99d1f Protect REST login controller from brute force attacks too.
And make the REST auth token less predictable by using a better source for randomness.
2010-01-30 21:42:57 -08:00
Bharat Mediratta
dcba664f74 Use ? or & as appropriate when appending output=html. 2010-01-29 20:37:48 -08:00
Bharat Mediratta
a95609849e Use var_export instead of print_r for better clarity. 2010-01-29 14:53:40 -08:00
Tim Almdal
cedbc82dcc Do all the html::clean|purify calls in the views and not the controller. Also clean the subject line and email message body of the contact user email. 2010-01-28 07:44:58 -08:00
Bharat Mediratta
1606961153 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev
Conflicts:
	modules/gallery/libraries/MY_ORM.php
2010-01-25 19:49:17 -08:00
Tim Almdal
865995305c Add the active notifications and rest api key to user profile page. 2010-01-24 20:14:01 -08:00
Bharat Mediratta
a609694018 Update tests for recent REST changes. 2010-01-23 12:13:14 -08:00
Bharat Mediratta
a0c6d055d1 output_type --> output 2010-01-22 00:53:44 -08:00
Bharat Mediratta
bcf1caad14 Reshape the rest code to be more consistent with regards to
relationships.  Now when you view a resource, it has 4 top level
elements:

url: the url of this resource
resource: array of key value pairs describing the resource
members: array of urls to members of this collection
relationships: array of array of members.

Relationships are a special type of collection that links two
different resources together.  To remove a relationship, just
DELETE its url.  To create a relationship, POST to its
collection.

Individual modules can add their own relationships to any
resource via a callback mechanism.

Example:
  Array(
    [url] => http://g3.com/rest/item/1
    [resource] => Array (
      [id] => 1
      [album_cover_item_id] => 4
      [captured] =>
      [created] => 1264056417
      [description] =>
      [height] =>
      ...
    )
    [members] => Array(
      [0] => http://g3.com/rest/item/2
      [1] => http://g3.com/rest/item/3
      [2] => http://g3.com/rest/item/4
      [3] => http://g3.com/rest/item/5
      ...
    )
    [relationships] => Array(
      [tags] => Array (
      [0] => http://g3.com/rest/tag_item/2,1
      [1] => http://g3.com/rest/tag_item/23,1
      )
    )
  )
2010-01-22 00:27:00 -08:00
Bharat Mediratta
a0c9979418 whitespace. 2010-01-21 20:12:28 -08:00
Bharat Mediratta
3a26ace065 Improve robustness in resolve() against bad urls.. 2010-01-20 21:15:44 -08:00
Bharat Mediratta
5f83da41e4 Rewrite the tests to be simpler and more direct. 2010-01-20 00:08:13 -08:00
Bharat Mediratta
5119d58e7f Move access key creation into a helper function. 2010-01-20 00:07:03 -08:00
Bharat Mediratta
b09450cf5d Let the Rest_Controller functions throw a Rest_Exception since
the Kohana framework will handle it properly.
2010-01-19 23:30:22 -08:00
Bharat Mediratta
c65eca0607 Move rest::send_headers back into Rest_Exception. 2010-01-19 23:30:09 -08:00
Bharat Mediratta
92d96548e9 Make Rest_Exception extend Kohana_Exception so that we can let it
bubble to the top and then in sendHeaders have it send the right
response code.
2010-01-19 23:28:18 -08:00
Bharat Mediratta
76da85a1a0 Extend Gallery_Unit_Test_Case instead of Unit_Test_Case. 2010-01-19 22:38:19 -08:00
Bharat Mediratta
a774dc5447 Don't send headers if they're already sent. 2010-01-19 22:38:03 -08:00
Bharat Mediratta
fc4250f5d8 Use $input instead of Input::instance() 2010-01-19 22:37:38 -08:00
Bharat Mediratta
b8c09b6d87 Use an appropriate json content type 2010-01-19 19:31:24 -08:00
Bharat Mediratta
c590fed132 Change rest::url() to take a module name and a resource. The module
does the rest.  This function is symmetrical to rest::resolve.
2010-01-19 01:33:57 -08:00
Bharat Mediratta
eea9368777 Have the rest calls return an array and print it out in the
controller.  This is a clearer workflow; controllers generate output,
not helpers.  It's also easier to test.
2010-01-19 00:36:19 -08:00
Bharat Mediratta
2c0b0aaebc Add rest::url() for convenience. 2010-01-19 00:35:32 -08:00
Bharat Mediratta
4197ee39b9 Catch ORM_Validation_Exception and turn it into a 400 Bad Request with
appropriate error output.
2010-01-17 16:58:54 -08:00
Bharat Mediratta
8fa9ba636b Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 2010-01-10 10:19:46 -08:00
Tim Almdal
a11bf29507 Fix for ticket #972 and more. In Kohana 2.4, ORM::delete_all ignores any where
clauses and deletes all the entries in the table unless an array of id's are
passed as the parameter.  This fix used the Database_builder to specify any where
conditions. Thanks psvo for find the first one. :-)
2010-01-09 23:57:16 -08:00
Bharat Mediratta
d43badb4ec Change url parsing in resolve() to ignore the query string. 2010-01-08 11:11:38 -08:00
Bharat Mediratta
3fffa18e65 Further progress on refining the REST server side code.
1) Deal in fully qualified URL resources through the rest
   interface.  All rest methods are now passed the complete url in
   request->url.

2) Create rest::resolve() which lets individual resource definition
   code convert a full url into the appropriate matching resource.
   Implement gallery_rest::resolve() and tag_rest::resolve()

3) Reimplement tag_rest's get() and post() methods.  They're much
   simpler now.

4) Implement the tags_rest helper which supports working with the
   entire tags collection.
2010-01-04 21:48:21 -08:00
Bharat Mediratta
0e3327bca7 Simplify the REST API code. Here's what I did:
1) Simplify gallery_rest to return flat models, no children and do no
   validation for now.
2) Flatten the REST replies and use HTTP codes to indicate
   success/failure instead of additional status messages.
3) Use the message and error code support in the base Exception class,
   instead of brewing our own in Rest_Exception.
4) Get rid of rest::success() and rest::fail() -- we only need
   rest::reply() since all failures are covered by throwing an
   exception.
5) Get rid of /rest/access_key and just use /rest for authentication.
6) Inline and simplify rest::normalize_request since we only use it once
7) Change rest::set_active_user to succeed or throw an exception
8) Extract Rest_Exception::sendHeaders into rest::send_headers()

Here's what's currently broken:
1) Data validation.  There currently is none
2) Logging.  That's gone too
3) image block and tag code is broken
4) Tests are broken
5) No movie support
2010-01-03 20:30:35 -08:00
Tim Almdal
5b9801092b Remove the Rest_Exception::trigger method. 2010-01-02 16:55:06 -08:00
Tim Almdal
28597ba533 Correct file structure tests, Have the tests delete the userid they create so as not to impact other tests. 2010-01-02 14:31:59 -08:00