<?php $added_tags = !empty(Request::$params->add) ? Request::$params->add : array(); $removed_tags = !empty(Request::$params->remove) ? Request::$params->remove : array(); $tags = User::$current->blacklisted_tags_array(); foreach ($added_tags as $tag) { !in_array($tag, $tags) && ($tags[] = $tag); } $tags = array_diff($tags, $removed_tags); if (User::$current->user_blacklisted_tag->update_attribute('tags', implode("\r\n", $tags))) { respond_to_success("Tag blacklist updated", "#home", array('api' => array('result' => User::$current->blacklisted_tags_array()))); } else { respond_to_error(User::$current, "#edit"); }
<?php if (Request::$params->commit == "Cancel") { redirect_to('#show', array('id' => Request::$params->id)); } $post = Post::find(Request::$params->id); if (!$post) { respond_to_error('Post doesn\'t exist', array('#show', array('id' => Request::$params->id))); } if (!$post->can_user_delete(User::$current)) { access_denied(); } if ($post->status == "deleted") { if (!empty(Request::$params->destroy)) { $post->delete_from_database(); respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id))); } else { respond_to_success("Post already deleted", array("#delete", array('id' => Request::$params->id))); } } else { Post::static_destroy_with_reason($post->id, Request::$params->reason, User::$current); # Destroy in one request. if (!empty(Request::$params->destroy)) { $post->delete_from_database(); respond_to_success("Post deleted permanently", array("#show", array('id' => Request::$params->id))); } respond_to_success("Post deleted", array("#show", array('id' => Request::$params->id))); }
<?php // vde(Request::$params); required_params(array('id', 'post')); if (!($post = Post::find(Request::$params->id))) { render("#show_empty", array('status' => 404)); return; } Post::filter_api_changes(Request::$params->post); Request::$params->post['updater_user_id'] = User::$current->id; Request::$params->post['updater_ip_addr'] = Request::$remote_ip; if ($post->update_attributes(Request::$params->post)) { # Reload the post to send the new status back; not all changes will be reflected in # @post due to after_save changes. // $post->reload(); $api_data = Request::$format == "json" || Request::$format == "xml" ? $post->api_data() : array(); respond_to_success("Post updated", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), $api_data); } else { respond_to_error($post, array('#show', array('id' => Request::$params->id))); }
required_params('id'); auto_set_params('reason'); if (!($post = Post::find(Request::$params->id))) { exit_with_status(404); } if (!empty(Request::$params->unflag)) { # Allow the user who flagged a post to unflag it. # # posts # "approve" is used both to mean "unflag post" and "approve pending post". if ($post->status != "flagged") { respond_to_error("Can only unflag flagged posts", array("#show", 'id' => Request::$params->id)); } if (!User::is('>=40') and User::$current->id != $post->flag_detail->user_id) { access_denied(); } $post->approve(User::$current->id); $message = "Post approved"; } else { if ($post->status != "active") { respond_to_error("Can only flag active posts", array("#show", 'id' => Request::$params->id)); } $post->flag(Request::$params->reason, User::$current->id); $message = "Post flagged"; } # Reload the post to pull in post.flag_reason. $post->reload(); if (Request::$format == "json" || Request::$format == "xml") { $api_data = Post::batch_api_data(array($post)); } respond_to_success($message, array("#show", 'id' => Request::$params->id), array('api' => $api_data));
// $options = array('services' => SimilarImages::get_services('local'), 'type' => 'post', 'source' => $post); // $res = SimilarImages::similar_images($options); // if (!empty($res['posts'])) { // $post->tags .= " possible_duplicate"; // $post->save(); // $api_data['has_similar_hits'] = true; // } // } $api_data['similar_location'] = url_for('post#similar', array('id' => $post->id, 'initial' => 1)); respond_to_success("Post uploaded", array('#similar', array('id' => $post->id, 'initial' => 1)), array('api' => $api_data)); } else { respond_to_success("Post uploaded", array('#show', array('id' => $post->id, 'tag_title' => $post->tag_title())), array('api' => $api_data)); } } } elseif ($post->record_errors->invalid('md5')) { $p = Post::find_by_md5($post->md5); if (!empty(Request::$params->post['tags'])) { $p->old_tags = $p->tags; $p->tags .= ' ' . Request::$params->post['tags']; } # TODO: what are these attributes for? $update = array('updater_user_id' => User::$current->id, 'updater_ip_addr' => Request::$remote_ip); if (empty($p->source) && !empty($post->source)) { $p->source = $post->source; } $p->save(); $api_data = array('location' => url_for("post#show", array('id' => $p->id)), 'post_id' => $p->id); respond_to_error("Post already exists", array("post#show", array('id' => $p->id, 'tag_title' => $post->tag_title())), array('api' => $api_data, 'status' => 423)); } else { respond_to_error($post, "#error"); }
<?php if (!isset(Request::$params->score)) { $vote = PostVotes::find_by_user_id_and_post_id(User::$current->id, Request::$params->id); $score = $vote ? $vote->score : 0; respond_to_success("", array(), array('vote' => $score)); return; } $p = Post::find(Request::$params->id); $score = (int) Request::$params->score; if (!User::is('>=40') && ($score < 0 || $score > 3)) { respond_to_error("Invalid score", "#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title(), 'status' => 424)); return; } $vote_successful = $p->vote($score, User::$current); $api_data = Post::batch_api_data(array($p)); $api_data['voted_by'] = $p->voted_by(); if ($vote_successful) { respond_to_success("Vote saved", array("#show", 'id' => Request::$params->id, 'tag_title' => $p->tag_title()), array('api' => $api_data)); } else { respond_to_error("Already voted", array("#show", array('id' => Request::$params->id, 'tag_title' => $p->tag_title())), array('api' => $api_data, 'status' => 423)); }
<?php if (User::is('<=20') && Request::$params->commit == "Post" && Comment::count(array('conditions' => array("user_id = ? AND created_at > ?", User::$current->id, gmd_math('sub', '1H'))) >= CONFIG::member_comment_limit)) { # TODO: move this to the model respond_to_error("Hourly limit exceeded", "#index", array('status' => 421)); } $user_id = User::$current->id; Request::$params->comment = array_merge(Request::$params->comment, array('ip_addr' => Request::$remote_ip, 'user_id' => $user_id)); // $comment = new Comment('empty', Request::$params->comment); $comment = Comment::blank(Request::$params->comment); // vde(Request::$params->comment); // vde($comment); if (Request::$params->commit == "Post without bumping") { $comment->do_not_bump_post = true; } if ($comment->save()) { respond_to_success("Comment created", "#index"); } else { respond_to_error($comment, "#index"); }
if (!Request::$params->pool_id) { return; } // $pool = new Pool('find', Request::$params->pool_id); $pool = Pool::find(Request::$params->pool_id); $_SESSION['last_pool_id'] = $pool->id; if (isset(Request::$params->pool) && !empty(Request::$params->pool['sequence'])) { $sequence = Request::$params->pool['sequence']; } else { $sequence = null; } try { $pool->add_post(Request::$params->post_id, array('sequence' => $sequence, 'user' => User::$current->id)); respond_to_success('Post added', array('post#show', 'id' => Request::$params->post_id)); } catch (Exception $e) { if ($e->getMessage() == 'Post already exists') { respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id)), array('status' => 423)); } elseif ($e->getMessage() == 'Access Denied') { access_denied(); } else { respond_to_error($e->getMessage(), array('post#show', array('id' => Request::$params->post_id))); } } } else { if (User::$current->is_anonymous) { $pools = Pool::find_all(array('order' => "name", 'conditions' => "is_active = TRUE AND is_public = TRUE")); } else { $pools = Pool::find_all(array('order' => "name", 'conditions' => array("is_active = TRUE AND (is_public = TRUE OR user_id = ?)", User::$current->id))); } $post = Post::find(Request::$params->post_id); }
// end // @preload += results[limit..-1] || [] // results = results[0..limit-1] // end # Apply can_be_seen_by filtering to the results. For API calls this is optional, and # can be enabled by specifying filter=1. if (!$from_api or isset(Request::$params->filter) && Request::$params->filter == "1") { foreach ($results as $k => $post) { if (!$post->can_be_seen_by(User::$current, array('show_deleted' => true))) { unset($results->{$k}); } } // @preload = @preload.delete_if { |post| not post.can_be_seen_by?(@current_user) } } if ($from_api and isset(Request::$params->api_version) && Request::$params->api_version == "2" and Request::$format != "json") { respond_to_error("V2 API is JSON-only", array(), array('status' => 424)); } // @posts.replace(results) $posts = $results; unset($results); switch (Request::$format) { case 'json': if (empty(Request::$params->api_version) || Request::$params->api_version != "2") { render('json', to_json(array_map(function ($p) { return $p->api_attributes(); }, (array) $posts))); return; } $api_data = Post::batch_api_data($posts, array('exclude_tags' => !empty(Request::$params->include_tags) ? false : true, 'exclude_votes' => !empty(Request::$params->include_votes) ? false : true, 'exclude_pools' => !empty(Request::$params->include_pools) ? false : true)); render('json', to_json($api_data)); break;
<?php required_params('id'); $user = User::$current; if (!empty(Request::$params->user_id)) { $user = User::find(Request::$params->user_id); if (!$user) { respond_to_error("Not found", "#index", array('status' => 404)); } } if (!$user->is_anonymous && !User::$current->has_permission($user, 'id')) { access_denied(); } if (Request::$post) { if ($user->set_avatar((array) Request::$params)) { redirect_to("#show", array('id' => $user->id)); } else { respond_to_error($user, "#home"); } } if (!$user->is_anonymous && Request::$params->id && Request::$params->id == $user->avatar_post_id) { $old = Request::$params; } $params = Request::$params; $post = Post::find(Request::$params->id); if (!$post) { exit_with_status(400); }
<?php if (Request::$post) { required_params('pool'); $pool = Pool::create(array_merge(Request::$params->pool, array('user_id' => User::$current->id))); if ($pool->record_errors->blank()) { respond_to_success("Pool created", array("#show", array('id' => $pool->id))); } else { respond_to_error($pool, "#index"); } } else { $pool = Pool::blank(array('user_id' => User::$current->id)); }
<?php required_params('note'); if (!empty(Request::$params->note['post_id'])) { $note = Note::blank(array('post_id' => Request::$params->note['post_id'])); } elseif (!empty(Request::$params->id)) { $note = Note::find(Request::$params->id); } if (!$note) { exit_with_status(400); } if ($note->is_locked()) { respond_to_error("Post is locked", array('post#show', 'id' => $note->post_id), array('status' => 422)); } // $note->attributes = Request::$params->note; $note->add_attributes(Request::$params->note); $note->user_id = User::$current->id; $note->ip_addr = Request::$remote_ip; if ($note->save()) { respond_to_success("Note updated", '#index', array('api' => array('new_id' => $note->id, 'old_id' => (int) Request::$params->id, 'formatted_body' => $note->formatted_body()))); } else { respond_to_error($note, array('post#show', 'id' => $note->post_id)); }