/**
* The tree is rooted in a single item and can have modifiers which adjust what data is shown
* for items inside the given tree, up to the depth that you want. The entity for this resource
* is a series of items.
*
* depth=<number>
* Only traverse this far down into the tree. If there are more albums
* below this depth, provide RESTful urls to other tree resources in
* the members section. Default is infinite.
*
* type=<album|photo|movie>
* Restrict the items displayed to the given type. Default is all types.
*
* fields=<comma separated list of field names>
* In the entity section only return these fields for each item.
* Default is all fields.
*/
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$query_params = array();
$p = $request->params;
$where = array();
if (isset($p->type)) {
$where[] = array("type", "=", $p->type);
$query_params[] = "type={$p->type}";
}
if (isset($p->depth)) {
$lowest_depth = $item->level + $p->depth;
$where[] = array("level", "<=", $lowest_depth);
$query_params[] = "depth={$p->depth}";
}
$fields = array();
if (isset($p->fields)) {
$fields = explode(",", $p->fields);
$query_params[] = "fields={$p->fields}";
}
$entity = array(array("url" => rest::url("item", $item), "entity" => $item->as_restful_array($fields)));
$members = array();
foreach ($item->viewable()->descendants(null, null, $where) as $child) {
$entity[] = array("url" => rest::url("item", $child), "entity" => $child->as_restful_array($fields));
if (isset($lowest_depth) && $child->level == $lowest_depth) {
$members[] = url::merge_querystring(rest::url("tree", $child), $query_params);
}
}
$result = array("url" => $request->url, "entity" => $entity, "members" => $members, "relationships" => rest::relationships("tree", $item));
return $result;
}
static function relationships($resource_type, $resource)
{
switch ($resource_type) {
case "item":
return array("comments" => array("url" => rest::url("item_comments", $resource)));
}
}
public function __construct()
{
parent::__construct();
// Init parent contructor
$this->db = new db();
// Initiate Database
}
static function delete($request)
{
$item = rest::resolve($request->url);
access::required("edit", $item);
// Deleting this collection means removing all tags associated with the item.
tag::clear_all($item);
}
public function get_test()
{
$t1 = tag::add(item::root(), "t1");
$t2 = tag::add(item::root(), "t2");
$request = new stdClass();
$this->assert_equal_array(array("url" => rest::url("tags"), "members" => array(rest::url("tag", $t1), rest::url("tag", $t2))), tags_rest::get($request));
}
/**
* Handle dispatching for all REST controllers.
*/
public function __call($function, $args)
{
// If no parameter was provided after the controller name (eg "/albums") then $function will
// be set to "index". Otherwise, $function is the first parameter, and $args are all
// subsequent parameters.
$request_method = rest::request_method();
if ($function == "index" && $request_method == "get") {
return $this->_index();
}
$resource = ORM::factory($this->resource_type, $function);
if (!$resource->loaded && $request_method != "post") {
return Kohana::show_404();
}
if ($request_method != "get") {
access::verify_csrf();
}
switch ($request_method) {
case "get":
return $this->_show($resource);
case "put":
return $this->_update($resource);
case "delete":
return $this->_delete($resource);
case "post":
return $this->_create($resource);
}
}
public function feed($module_id, $feed_id, $id = null)
{
$page = $this->input->get("page", 1);
if ($page < 1) {
url::redirect(url::merge(array("page" => 1)));
}
// Configurable page size between 1 and 100, default 20
$page_size = max(1, min(100, $this->input->get("page_size", self::$page_size)));
// Run the appropriate feed callback
if (module::is_active($module_id)) {
$class_name = "{$module_id}_rss";
if (method_exists($class_name, "feed")) {
$feed = call_user_func(array($class_name, "feed"), $feed_id, ($page - 1) * $page_size, $page_size, $id);
}
}
if (empty($feed)) {
Kohana::show_404();
}
if ($feed->max_pages && $page > $feed->max_pages) {
url::redirect(url::merge(array("page" => $feed->max_pages)));
}
$view = new View(empty($feed->view) ? "feed.mrss" : $feed->view);
unset($feed->view);
$view->feed = $feed;
$view->pub_date = date("D, d M Y H:i:s T");
$feed->uri = url::abs_site(Router::$current_uri);
if ($page > 1) {
$feed->previous_page_uri = url::abs_site(url::merge(array("page" => $page - 1)));
}
if ($page < $feed->max_pages) {
$feed->next_page_uri = url::abs_site(url::merge(array("page" => $page + 1)));
}
rest::http_content_type(rest::RSS);
print $view;
}
static function delete($request)
{
list($tag, $item) = rest::resolve($request->url);
access::required("edit", $item);
$tag->remove($item);
$tag->save();
}
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$checksums = array(rest::url("itemchecksum_md5", $item), rest::url("itemchecksum_sha1", $item));
return array("url" => $request->url, "members" => $checksums);
}
public function __call($function, $args)
{
$input = Input::instance();
$request = new stdClass();
switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
case "get":
$request->params = (object) $input->get();
break;
case "post":
$request->params = (object) $input->post();
if (isset($_FILES["file"])) {
$request->file = upload::save("file");
}
break;
}
$request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
$request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
$request->url = url::abs_current(true);
rest::set_active_user($request->access_token);
$handler_class = "{$function}_rest";
$handler_method = $request->method;
if (!method_exists($handler_class, $handler_method)) {
throw new Rest_Exception("Bad Request", 400);
}
try {
rest::reply(call_user_func(array($handler_class, $handler_method), $request));
} catch (ORM_Validation_Exception $e) {
foreach ($e->validation->errors() as $key => $value) {
$msgs[] = "{$key}: {$value}";
}
throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400);
}
}
public function resolve_test()
{
$album = test::random_album();
$tag = tag::add($album, "tag1")->reload();
$tuple = rest::resolve(rest::url("tag_item", $tag, $album));
$this->assert_equal_array($tag->as_array(), $tuple[0]->as_array());
$this->assert_equal_array($album->as_array(), $tuple[1]->as_array());
}
static function get($request)
{
$item = rest::resolve($request->url);
$p = $request->params;
if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid")));
}
// Note: this code is roughly duplicated in file_proxy, so if you modify this, please look to
// see if you should make the same change there as well.
if ($p->size == "full") {
if ($item->is_album()) {
throw new Kohana_404_Exception();
}
access::required("view_full", $item);
$file = $item->file_path();
} else {
if ($p->size == "resize") {
access::required("view", $item);
$file = $item->resize_path();
} else {
access::required("view", $item);
$file = $item->thumb_path();
}
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
header("Content-Length: " . filesize($file));
if (isset($p->m)) {
header("Pragma:");
// Check that the content hasn't expired or it wasn't changed since cached
expires::check(2592000, $item->updated);
expires::set(2592000, $item->updated);
// 30 days
}
// We don't need to save the session for this request
Session::instance()->abort_save();
// Dump out the image. If the item is a movie or album, then its thumbnail will be a JPG.
if (($item->is_movie() || $item->is_album()) && $p->size == "thumb") {
header("Content-Type: image/jpeg");
} else {
header("Content-Type: {$item->mime_type}");
}
if (TEST_MODE) {
return $file;
} else {
Kohana::close_buffers(false);
if (isset($p->encoding) && $p->encoding == "base64") {
print base64_encode(file_get_contents($file));
} else {
readfile($file);
}
}
// We must exit here to keep the regular REST framework reply code from adding more bytes on
// at the end or tinkering with headers.
exit;
}
public function get_with_access_key_test()
{
$key = rest::get_access_token(1);
// admin user
$_SERVER["REQUEST_METHOD"] = "GET";
$_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
$_GET["key"] = "value";
$this->assert_array_equal_to_json(array("params" => array("key" => "value"), "method" => "get", "access_token" => $key->access_key, "url" => "http://./index.php/gallery_unit_test"), test::call_and_capture(array(new Rest_Controller(), "mock")));
}
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$comments = array();
foreach (ORM::factory("comment")->viewable()->where("item_id", "=", $item->id)->order_by("created", "DESC")->find_all() as $comment) {
$comments[] = rest::url("comment", $comment);
}
return array("url" => $request->url, "members" => $comments);
}
static function relationships($resource_type, $resource)
{
switch ($resource_type) {
case "item":
$tags = array();
foreach (tag::item_tags($resource) as $tag) {
$tags[] = rest::url("tag_item", $tag, $resource);
}
return array("tags" => array("url" => rest::url("item_tags", $resource), "members" => $tags));
}
}
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$p = $request->params;
if (!isset($p->size) || !in_array($p->size, array("thumb", "resize", "full"))) {
throw new Rest_Exception("Bad Request", 400, array("errors" => array("size" => "invalid")));
}
switch ($p->size) {
case "thumb":
$file = $item->thumb_path();
break;
case "resize":
$file = $item->resize_path();
break;
case "full":
$file = $item->file_path();
break;
}
if (!file_exists($file)) {
throw new Kohana_404_Exception();
}
// Note: this code is roughly duplicated in data_rest, so if you modify this, please look to
// see if you should make the same change there as well.
//
// We don't have a cache buster in the url, so don't set cache headers here.
// We don't need to save the session for this request
Session::instance()->abort_save();
if ($item->is_album() && !$item->album_cover_item_id) {
// No thumbnail. Return nothing.
// @todo: what should we do here?
return;
}
// Dump out the image. If the item is a movie, then its thumbnail will be a JPG.
if ($item->is_movie() && $p->size == "thumb") {
header("Content-Type: image/jpeg");
} else {
if ($item->is_album()) {
header("Content-Type: " . $item->album_cover()->mime_type);
} else {
header("Content-Type: {$item->mime_type}");
}
}
Kohana::close_buffers(false);
if (isset($p->encoding) && $p->encoding == "base64") {
print base64_encode(file_get_contents($file));
} else {
readfile($file);
}
// We must exit here to keep the regular REST framework reply code from adding more bytes on
// at the end or tinkering with headers.
exit;
}
static function post($request)
{
$entity = $request->params->entity;
$item = rest::resolve($entity->item);
access::required("edit", $item);
$comment = ORM::factory("comment");
$comment->author_id = identity::active_user()->id;
$comment->item_id = $item->id;
$comment->text = $entity->text;
$comment->save();
return array("url" => rest::url("comment", $comment));
}
function get_usuario_huella($usuario)
{
// $usuarios_ini = toba_modelo_rest::get_ini_usuarios($this->modelo_proyecto);
foreach ($this->validador_ssl->get_passwords() as $key => $u) {
if ($key === $usuario) {
if (isset($u['fingerprint'])) {
return $u['fingerprint'];
} else {
rest::app()->logger->info('Se encontro al usuario "' . $usuario . '", pero no tiene una entrada fingerprint en rest_usuario.ini');
}
}
}
return NULL;
}
public function request_method_test()
{
foreach (array("GET", "POST") as $method) {
foreach (array("", "PUT", "DELETE") as $tunnel) {
if ($method == "GET") {
$expected = "GET";
} else {
$expected = $tunnel == "" ? $method : $tunnel;
}
$_SERVER["REQUEST_METHOD"] = $method;
$_POST["_method"] = $tunnel;
$this->assert_equal(strtolower(rest::request_method()), strtolower($expected), "Request method: {$method}, tunneled: {$tunnel}");
}
}
}
public function missing_file_test()
{
$photo = test::random_photo();
$request = new stdClass();
$request->url = rest::url("data", $photo, "thumb");
$request->params = new stdClass();
$request->params->size = "thumb";
unlink($photo->thumb_path());
// oops!
try {
data_rest::get($request);
$this->assert_true(false);
} catch (Kohana_404_Exception $e) {
// pass
}
}
static function post($request)
{
// @todo: what permission should be required to create a tag here?
// for now, require edit at the top level. Perhaps later, just require any edit perms,
// anywhere in the gallery?
access::required("edit", item::root());
if (empty($request->params->name)) {
throw new Rest_Exception("Bad Request", 400);
}
$tag = ORM::factory("tag")->where("name", "=", $request->params->name)->find();
if (!$tag->loaded()) {
$tag->name = $request->params->name;
$tag->count = 0;
$tag->save();
}
return array("url" => rest::url("tag", $tag));
}
static function get($request)
{
$items = array();
if (isset($request->params->url)) {
foreach ($request->params->url as $url) {
$item = rest::resolve($url);
if (access::can("view", $item)) {
$members = array();
if ($item->type == "album") {
foreach ($item->children() as $child) {
$members[] = rest::url("item", $child);
}
}
$items[] = array("url" => $url, "entity" => $item->as_restful_array(), "members" => $members, "relationship" => rest::relationships("item", $item));
}
}
}
return $items;
}
static function get($request)
{
$item = rest::resolve($request->url);
access::required("view", $item);
$checksum = "0";
// If the KeepOriginal module is active, check for/use the
// original image instead of the gallery edited version.
if (module::is_active("keeporiginal")) {
$original_image = VARPATH . "original/" . str_replace(VARPATH . "albums/", "", $item->file_path());
if ($item->is_photo() && file_exists($original_image)) {
$checksum = md5_file($original_image);
} else {
$checksum = md5_file($item->file_path());
}
} else {
$checksum = md5_file($item->file_path());
}
$data = array("checksum" => $checksum);
return array("url" => $request->url, "entity" => $data);
}
static function post($request)
{
// The user must have some edit permission somewhere to create a tag.
if (!identity::active_user()->admin) {
$query = db::build()->from("access_caches")->and_open();
foreach (identity::active_user()->groups() as $group) {
$query->or_where("edit_{$group->id}", "=", access::ALLOW);
}
$has_any_edit_perm = $query->close()->count_records();
if (!$has_any_edit_perm) {
access::forbidden();
}
}
if (empty($request->params->entity->name)) {
throw new Rest_Exception("Bad Request", 400);
}
$tag = ORM::factory("tag")->where("name", "=", $request->params->entity->name)->find();
if (!$tag->loaded()) {
$tag->name = $request->params->entity->name;
$tag->count = 0;
$tag->save();
}
return array("url" => rest::url("tag", $tag));
}
static function delete($request)
{
$item = rest::resolve($request->url);
access::required("edit", $item);
$item->delete();
}
public function delete_album_fails_without_permission_test()
{
$album1 = test::random_album();
access::deny(identity::everybody(), "edit", $album1);
identity::set_active_user(identity::guest());
$request->url = rest::url("item", $album1);
try {
item_rest::delete($request);
} catch (Exception $e) {
$this->assert_equal("@todo FORBIDDEN", $e->getMessage());
return;
}
$this->assert_true(false, "Shouldn't get here");
}
public function as_restful_array_test()
{
$album = test::random_album();
$photo = test::random_photo($album);
$album->reload();
$result = $album->as_restful_array();
$this->assert_same(rest::url("item", item::root()), $result["parent"]);
$this->assert_same(rest::url("item", $photo), $result["album_cover"]);
$this->assert_true(!array_key_exists("parent_id", $result));
$this->assert_true(!array_key_exists("album_cover_item_id", $result));
}
/**
* Same as ORM::as_array() but convert id fields into their RESTful form.
*
* @param array if specified, only return the named fields
*/
public function as_restful_array($fields = array())
{
if ($fields) {
$data = array();
foreach ($fields as $field) {
if (isset($this->object[$field])) {
$data[$field] = $this->__get($field);
}
}
$fields = array_flip($fields);
} else {
$data = $this->as_array();
}
// Convert item ids to rest URLs for consistency
if (empty($fields) || isset($fields["parent"])) {
if ($tmp = $this->parent()) {
$data["parent"] = rest::url("item", $tmp);
}
unset($data["parent_id"]);
}
if (empty($fields) || isset($fields["album_cover"])) {
if ($tmp = $this->album_cover()) {
$data["album_cover"] = rest::url("item", $tmp);
}
unset($data["album_cover_item_id"]);
}
if (empty($fields) || isset($fields["web_url"])) {
$data["web_url"] = $this->abs_url();
}
if (!$this->is_album()) {
if (access::can("view_full", $this)) {
if (empty($fields) || isset($fields["file_url"])) {
$data["file_url"] = rest::url("data", $this, "full");
}
if (empty($fields) || isset($fields["file_size"])) {
$data["file_size"] = filesize($this->file_path());
}
if (access::user_can(identity::guest(), "view_full", $this)) {
if (empty($fields) || isset($fields["file_url_public"])) {
$data["file_url_public"] = $this->file_url(true);
}
}
}
}
if ($this->is_photo()) {
if (empty($fields) || isset($fields["resize_url"])) {
$data["resize_url"] = rest::url("data", $this, "resize");
}
if (empty($fields) || isset($fields["resize_size"])) {
$data["resize_size"] = filesize($this->resize_path());
}
if (access::user_can(identity::guest(), "view", $this)) {
if (empty($fields) || isset($fields["resize_url_public"])) {
$data["resize_url_public"] = $this->resize_url(true);
}
}
}
if ($this->has_thumb()) {
if (empty($fields) || isset($fields["thumb_url"])) {
$data["thumb_url"] = rest::url("data", $this, "thumb");
}
if (empty($fields) || isset($fields["thumb_size"])) {
$data["thumb_size"] = filesize($this->thumb_path());
}
if (access::user_can(identity::guest(), "view", $this)) {
if (empty($fields) || isset($fields["thumb_url_public"])) {
$data["thumb_url_public"] = $this->thumb_url(true);
}
}
}
if (empty($fields) || isset($fields["can_edit"])) {
$data["can_edit"] = access::can("edit", $this);
}
// Elide some internal-only data that is going to cause confusion in the client.
foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", "thumb_dirty", "resize_dirty", "weight") as $key) {
unset($data[$key]);
}
return $data;
}
/**
* Same as ORM::as_array() but convert id fields into their RESTful form.
*/
public function as_restful_array()
{
$data = array();
foreach ($this->as_array() as $key => $value) {
if (strncmp($key, "server_", 7)) {
$data[$key] = $value;
}
}
$data["item"] = rest::url("item", $this->item());
unset($data["item_id"]);
return $data;
}
/**
* Display an existing comment.
* @todo Set proper Content-Type in a central place (REST_Controller::dispatch?).
* @see REST_Controller::_show($resource)
*/
public function _show($comment)
{
$item = ORM::factory("item", $comment->item_id);
access::required("view", $item);
if ($comment->state != "published") {
return;
}
if (rest::output_format() == "json") {
print json_encode(array("result" => "success", "data" => array("id" => $comment->id, "author_name" => html::clean($comment->author_name()), "created" => $comment->created, "text" => nl2br(html::purify($comment->text)))));
} else {
$view = new Theme_View("comment.html", "other", "fragment");
$view->comment = $comment;
print $view;
}
}