<?php
$added_tags = !empty(Request::$params->add) ? Request::$params->add : array();
$removed_tags = !empty(Request::$params->remove) ? Request::$params->remove : array();
$tags = User::$current->blacklisted_tags_array();
foreach ($added_tags as $tag) {
!in_array($tag, $tags) && ($tags[] = $tag);
}
$tags = array_diff($tags, $removed_tags);
if (User::$current->user_blacklisted_tag->update_attribute('tags', implode("\r\n", $tags))) {
respond_to_success("Tag blacklist updated", "#home", array('api' => array('result' => User::$current->blacklisted_tags_array())));
} else {
respond_to_error(User::$current, "#edit");
}
<?php
if (Request::$params->commit == "Cancel") {
redirect_to('#show', array('id' => Request::$params->id));
}
$post = Post::find(Request::$params->id);
if (!$post) {
respond_to_error('Post doesn\'t exist', array('#show', array('id' => Request::$params->id)));
}
if (!$post->can_user_delete(User::$current)) {
access_denied();
}
if ($post->status == "deleted") {
if (!empty(Request::$params->destroy)) {
$post->delete_from_database();
respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
} else {
respond_to_success("Post already deleted", array("#delete", array('id' => Request::$params->id)));
}
} else {
Post::static_destroy_with_reason($post->id, Request::$params->reason, User::$current);
# Destroy in one request.
if (!empty(Request::$params->destroy)) {
$post->delete_from_database();
respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id)));
}
respond_to_success("Post deleted", array("#show", array('id' => Request::$params->id)));
}
<?php
// vde(Request::$params);
required_params(array('id', 'post'));
if (!($post = Post::find(Request::$params->id))) {
render("#show_empty", array('status' => 404));
return;
}
Post::filter_api_changes(Request::$params->post);
Request::$params->post['updater_user_id'] = User::$current->id;
Request::$params->post['updater_ip_addr'] = Request::$remote_ip;
if ($post->update_attributes(Request::$params->post)) {
# Reload the post to send the new status back; not all changes will be reflected in
# @post due to after_save changes.
// $post->reload();
$api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array();
respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data);
} else {
respond_to_error($post, array('#show', array('id' => Request::$params->id)));
}
required_params('id');
auto_set_params('reason');
if (!($post = Post::find(Request::$params->id))) {
exit_with_status(404);
}
if (!empty(Request::$params->unflag)) {
# Allow the user who flagged a post to unflag it.
#
# posts
# "approve" is used both to mean "unflag post" and "approve pending post".
if ($post->status != "flagged") {
respond_to_error("Can only unflag flagged posts", array("#show", 'id' => Request::$params->id));
}
if (!User::is('>=40') and User::$current->id != $post->flag_detail->user_id) {
access_denied();
}
$post->approve(User::$current->id);
$message = "Post approved";
} else {
if ($post->status != "active") {
respond_to_error("Can only flag active posts", array("#show", 'id' => Request::$params->id));
}
$post->flag(Request::$params->reason, User::$current->id);
$message = "Post flagged";
}
# Reload the post to pull in post.flag_reason.
$post->reload();
if (Request::$format == "json" || Request::$format == "xml") {
$api_data = Post::batch_api_data(array($post));
}
respond_to_success($message, array("#show", 'id' => Request::$params->id), array('api' => $api_data));
// $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post);
// $res = SimilarImages::similar_images($options);
// if (!empty($res['posts'])) {
// $post->tags .= " possible_duplicate";
// $post->save();
// $api_data['has_similar_hits'] = true;
// }
// }
$api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1));
respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data));
} else {
respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data));
}
}
} elseif ($post->record_errors->invalid('md5')) {
$p = Post::find_by_md5($post->md5);
if (!empty(Request::$params->post['tags'])) {
$p->old_tags = $p->tags;
$p->tags .= ' ' . Request::$params->post['tags'];
}
# TODO: what are these attributes for?
$update = array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip);
if (empty($p->source) && !empty($post->source)) {
$p->source = $post->source;
}
$p->save();
$api_data = array('location' => url_for("post#show", array('id' => $p->id)), 'post_id' => $p->id);
respond_to_error("Post already exists", array("post#show", array('id' => $p->id, 'tag_title' => $post->tag_title())), array('api' => $api_data, 'status' => 423));
} else {
respond_to_error($post, "#error");
}
<?php
if (!isset(Request::$params->score)) {
$vote = PostVotes::find_by_user_id_and_post_id(User::$current->id, Request::$params->id);
$score = $vote ? $vote->score : 0;
respond_to_success("", array(), array('vote' => $score));
return;
}
$p = Post::find(Request::$params->id);
$score = (int) Request::$params->score;
if (!User::is('>=40') && ($score < 0 || $score > 3)) {
respond_to_error("Invalid score", "#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title(), 'status' => 424));
return;
}
$vote_successful = $p->vote($score, User::$current);
$api_data = Post::batch_api_data(array($p));
$api_data['voted_by'] = $p->voted_by();
if ($vote_successful) {
respond_to_success("Vote saved", array("#show", 'id' => Request::$params->id, 'tag_title' => $p->tag_title()), array('api' => $api_data));
} else {
respond_to_error("Already voted", array("#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title())), array('api' => $api_data, 'status' => 423));
}
<?php
if (User::is('<=20') && Request::$params->commit == "Post" && Comment::count(array('conditions' => array("user_id = ? AND created_at > ?", User::$current->id, gmd_math('sub', '1H'))) >= CONFIG::member_comment_limit)) {
# TODO: move this to the model
respond_to_error("Hourly limit exceeded", "#index", array('status' => 421));
}
$user_id = User::$current->id;
Request::$params->comment = array_merge(Request::$params->comment, array('ip_addr' => Request::$remote_ip, 'user_id' => $user_id));
// $comment = new Comment('empty', Request::$params->comment);
$comment = Comment::blank(Request::$params->comment);
// vde(Request::$params->comment);
// vde($comment);
if (Request::$params->commit == "Post without bumping") {
$comment->do_not_bump_post = true;
}
if ($comment->save()) {
respond_to_success("Comment created", "#index");
} else {
respond_to_error($comment, "#index");
}
if (!Request::$params->pool_id) {
return;
}
// $pool = new Pool('find', Request::$params->pool_id);
$pool = Pool::find(Request::$params->pool_id);
$_SESSION['last_pool_id'] = $pool->id;
if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) {
$sequence = Request::$params->pool['sequence'];
} else {
$sequence = null;
}
try {
$pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id));
respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id));
} catch (Exception $e) {
if ($e->getMessage() == 'Post already exists') {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423));
} elseif ($e->getMessage() == 'Access Denied') {
access_denied();
} else {
respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)));
}
}
} else {
if (User::$current->is_anonymous) {
$pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE"));
} else {
$pools = Pool::find_all(array('order' => "name", 'conditions' => array("is_active = TRUE AND (is_public = TRUE OR user_id = ?)", User::$current->id)));
}
$post = Post::find(Request::$params->post_id);
}
// end
// @preload += results[limit..-1] || []
// results = results[0..limit-1]
// end
# Apply can_be_seen_by filtering to the results. For API calls this is optional, and
# can be enabled by specifying filter=1.
if (!$from_api or isset(Request::$params->filter) && Request::$params->filter == "1") {
foreach ($results as $k => $post) {
if (!$post->can_be_seen_by(User::$current, array('show_deleted' => true))) {
unset($results->{$k});
}
}
// @preload = @preload.delete_if { |post| not post.can_be_seen_by?(@current_user) }
}
if ($from_api and isset(Request::$params->api_version) && Request::$params->api_version == "2" and Request::$format != "json") {
respond_to_error("V2 API is JSON-only", array(), array('status' => 424));
}
// @posts.replace(results)
$posts = $results;
unset($results);
switch (Request::$format) {
case 'json':
if (empty(Request::$params->api_version) || Request::$params->api_version != "2") {
render('json', to_json(array_map(function ($p) {
return $p->api_attributes();
}, (array) $posts)));
return;
}
$api_data = Post::batch_api_data($posts, array('exclude_tags' => !empty(Request::$params->include_tags) ? false : true, 'exclude_votes' => !empty(Request::$params->include_votes) ? false : true, 'exclude_pools' => !empty(Request::$params->include_pools) ? false : true));
render('json', to_json($api_data));
break;
<?php
required_params('id');
$user = User::$current;
if (!empty(Request::$params->user_id)) {
$user = User::find(Request::$params->user_id);
if (!$user) {
respond_to_error("Not found", "#index", array('status' => 404));
}
}
if (!$user->is_anonymous && !User::$current->has_permission($user, 'id')) {
access_denied();
}
if (Request::$post) {
if ($user->set_avatar((array) Request::$params)) {
redirect_to("#show", array('id' => $user->id));
} else {
respond_to_error($user, "#home");
}
}
if (!$user->is_anonymous && Request::$params->id && Request::$params->id == $user->avatar_post_id) {
$old = Request::$params;
}
$params = Request::$params;
$post = Post::find(Request::$params->id);
if (!$post) {
exit_with_status(400);
}
<?php
if (Request::$post) {
required_params('pool');
$pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id)));
if ($pool->record_errors->blank()) {
respond_to_success("Pool created", array("#show", array('id' => $pool->id)));
} else {
respond_to_error($pool, "#index");
}
} else {
$pool = Pool::blank(array('user_id' => User::$current->id));
}
<?php
required_params('note');
if (!empty(Request::$params->note['post_id'])) {
$note = Note::blank(array('post_id' => Request::$params->note['post_id']));
} elseif (!empty(Request::$params->id)) {
$note = Note::find(Request::$params->id);
}
if (!$note) {
exit_with_status(400);
}
if ($note->is_locked()) {
respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422));
}
// $note->attributes = Request::$params->note;
$note->add_attributes(Request::$params->note);
$note->user_id = User::$current->id;
$note->ip_addr = Request::$remote_ip;
if ($note->save()) {
respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body())));
} else {
respond_to_error($note, array('post#show', 'id' => $note->post_id));
}
