public function change_photo_test()
{
$controller = new Photos_Controller();
$root = ORM::factory("item", 1);
$photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", "test", "test", identity::active_user()->id, "slug");
$orig_name = $photo->name;
$_POST["filename"] = "test.jpeg";
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["slug"] = "new-slug";
$_POST["csrf"] = access::csrf_token();
access::allow(identity::everybody(), "edit", $root);
ob_start();
$controller->update($photo->id);
$photo->reload();
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success", "location" => "HTTP_REFERER")), $results);
$this->assert_equal("new-slug", $photo->slug);
$this->assert_equal("new title", $photo->title);
$this->assert_equal("new description", $photo->description);
// We don't change the name, yet.
$this->assert_equal($orig_name, $photo->name);
}
public function change_album_test()
{
$controller = new Albums_Controller();
$root = ORM::factory("item", 1);
$this->_album = album::create($root, "test", "test", "test");
$orig_name = $this->_album->name;
$_POST["dirname"] = "test";
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["column"] = "weight";
$_POST["direction"] = "ASC";
$_POST["csrf"] = access::csrf_token();
$_POST["_method"] = "put";
access::allow(group::everybody(), "edit", $root);
ob_start();
$controller->_update($this->_album);
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success")), $results);
$this->assert_equal("new title", $this->_album->title);
$this->assert_equal("new description", $this->_album->description);
// We don't change the name, yet.
$this->assert_equal($orig_name, $this->_album->name);
}
static function context_menu($menu, $theme, $item, $thumb_css_selector)
{
if (hide::can_be_hidden($item) && hide::can_hide($item)) {
$csrf = access::csrf_token();
$link = self::_get_hide_link_data($item);
$menu->get("options_menu")->append(Menu::factory("ajax_link")->label($link["text"])->ajax_handler("function(data) { window.location.reload() }")->url(url::site("display/" . $link["action"] . "/{$item->id}?csrf={$csrf}")));
}
}
function is_admin()
{
if (identity::active_user()->admin) {
json::reply(array("result" => "success", "csrf" => access::csrf_token()));
return;
}
json::reply(array("result" => "failure"));
}
function two_hiddens_test()
{
$form = new Forge("test/controller", "", "post");
$form->hidden("HIDDEN_NAME")->value("HIDDEN_VALUE");
$csrf = access::csrf_token();
$expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" class=\"form\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"{$csrf}\" />" . "<input type=\"hidden\" name=\"HIDDEN_NAME\" value=\"HIDDEN_VALUE\" />" . " <ul>\n" . " </ul>\n" . "</form>";
$this->assert_same($expected, (string) $form);
}
function is_admin()
{
if (identity::active_user()->admin) {
print json_encode(array("result" => "success", "csrf" => access::csrf_token()));
return;
}
print json_encode(array("result" => "failure"));
}
static function album($menu, $theme)
{
if (!user::active()->guest) {
$item = $theme->item();
if ($item) {
$watching = notification::is_watching($item);
$menu->append(Menu::factory("link")->id("watch")->label(t("Enable notifications for this album"))->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink"));
}
}
}
static function context_menu($menu, $theme, $item, $thumb_css_selector)
{
$csrf = access::csrf_token();
$options_menu = $menu->get("options_menu");
$can_edit = $item && access::can("edit", $item);
if ($can_edit && $options_menu != null) {
$cover_title = t("Browse for an album to cover");
$options_menu->append(Menu::factory("dialog")->id("browse_album_cover")->label($cover_title)->css_class("ui-icon-folder-open")->url(url::site("browse/browse/{$item->id}?csrf={$csrf}")));
}
}
public function index()
{
$view = new Admin_View("admin.html");
$view->content = new View("admin_sidebar.html");
$view->content->csrf = access::csrf_token();
$view->content->available = new View("admin_sidebar_blocks.html");
$view->content->active = new View("admin_sidebar_blocks.html");
list($view->content->available->blocks, $view->content->active->blocks) = $this->_get_blocks();
print $view;
}
function group_test()
{
$form = new Forge("test/controller", "", "post", array("id" => "gTestGroupForm"));
$group = $form->group("test_group")->label(t("Test Group"));
$group->input("title")->label(t("Title"));
$group->textarea("description")->label(t("Text Area"));
$group->submit("")->value(t("Submit"));
$rendered = $form->__toString();
$expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" " . "id=\"gTestGroupForm\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"" . access::csrf_token() . "\" />\n" . " <fieldset>\n" . " <legend>Test Group</legend>\n" . " <ul>\n" . " <li>\n" . " <label for=\"title\" >Title</label>\n" . " <input type=\"text\" id=\"title\" name=\"title\" value=\"\" " . "class=\"textbox\" />\n" . " </li>\n" . " <li>\n" . " <label for=\"description\" >Text Area</label>\n" . " <textarea id=\"description\" name=\"description\" " . "class=\"textarea\" ></textarea>\n" . " </li>\n" . " <li>\n" . " <input type=\"submit\" value=\"Submit\" class=\"submit\" />\n" . " </li>\n" . " </ul>\n" . " </fieldset>\n" . "</form>\n";
$this->assert_same($expected, $rendered);
}
static function site_menu($menu, $theme)
{
if (!user::active()->guest) {
$item = $theme->item();
if ($item && $item->is_album() && access::can("view", $item)) {
$watching = notification::is_watching($item);
$label = $watching ? t("Remove notifications") : t("Enable notifications");
$menu->get("options_menu")->append(Menu::factory("link")->id("watch")->label($label)->css_id("gNotifyLink")->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token())));
}
}
}
/**
* Get any pending messages. There are two types of messages, transient and permanent.
* Permanent messages are used to let the admin know that there are pending administrative
* issues that need to be resolved. Transient ones are only displayed once.
* @return html text
*/
static function get()
{
$buf = array();
$messages = Session::instance()->get_once("messages", array());
foreach ($messages as $msg) {
$msg[0] = str_replace("__CSRF__", access::csrf_token(), $msg[0]);
$buf[] = "<li class=\"" . message::severity_class($msg[1]) . "\">{$msg['0']}</li>";
}
if ($buf) {
return "<ul id=\"g-action-status\" class=\"g-message-block\">" . implode("", $buf) . "</ul>";
}
}
static function admin_head($theme)
{
$buf = "";
if (strpos(Router::$current_uri, "admin/server_add") !== false) {
$buf .= $theme->css("server_add.css") . $theme->css("jquery.autocomplete.css");
$base = url::site("__ARGS__");
$csrf = access::csrf_token();
$buf .= "<script type=\"text/javascript\"> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>";
$buf .= $theme->script("jquery.autocomplete.js") . $theme->script("admin.js");
}
return $buf;
}
static function buttons($item, $page_type)
{
$elements = array("left" => array(), "center" => array(), "right" => array(), "additional" => array());
switch ($item->type) {
case "movie":
$edit_title = t("Edit this movie");
$move_title = t("Move this movie to another album");
$cover_title = t("Choose this movie as the album cover");
$delete_title = t("Delete this movie");
break;
case "album":
$edit_title = t("Edit this album");
$move_title = t("Move this album to another album");
$cover_title = t("Choose this album as the album cover");
$delete_title = t("Delete this album");
break;
default:
$edit_title = t("Edit this photo");
$move_title = t("Move this photo to another album");
$cover_title = t("Choose this photo as the album cover");
$delete_title = t("Delete this photo");
break;
}
$csrf = access::csrf_token();
$elements["left"][] = (object) array("title" => $edit_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-pencil", "href" => url::site("quick/form_edit/{$item->id}?page_type={$page_type}"));
if ($item->is_photo() && graphics::can("rotate")) {
$elements["left"][] = (object) array("title" => t("Rotate 90 degrees counter clockwise"), "class" => "gButtonLink", "icon" => "ui-icon-rotate-ccw", "href" => url::site("quick/rotate/{$item->id}/ccw?csrf={$csrf}&page_type={$page_type}"));
$elements["left"][] = (object) array("title" => t("Rotate 90 degrees clockwise"), "class" => "gButtonLink", "icon" => "ui-icon-rotate-cw", "href" => url::site("quick/rotate/{$item->id}/cw?csrf={$csrf}&page_type={$page_type}"));
}
// Don't move photos from the photo page; we don't yet have a good way of redirecting after move
if ($page_type == "album") {
$elements["left"][] = (object) array("title" => $move_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-folder-open", "href" => url::site("move/browse/{$item->id}"));
}
$parent = $item->parent();
if (access::can("edit", $parent)) {
// We can't make this item the highlight if it's an album with no album cover, or if it's
// already the album cover.
if ($item->type == "album" && empty($item->album_cover_item_id) || $item->type == "album" && $parent->album_cover_item_id == $item->album_cover_item_id || $parent->album_cover_item_id == $item->id) {
$disabledState = " ui-state-disabled";
} else {
$disabledState = " ";
}
$elements["right"][] = (object) array("title" => $cover_title, "class" => "gButtonLink{$disabledState}", "icon" => "ui-icon-star", "href" => url::site("quick/make_album_cover/{$item->id}?csrf={$csrf}&page_type={$page_type}"));
$elements["right"][] = (object) array("title" => $delete_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-trash", "id" => "gQuickDelete", "href" => url::site("quick/form_delete/{$item->id}?csrf={$csrf}&page_type={$page_type}"));
}
if ($item->is_album()) {
$elements["additional"][] = (object) array("title" => t("Add a photo"), "class" => "add_item gDialogLink", "href" => url::site("simple_uploader/app/{$item->id}"));
$elements["additional"][] = (object) array("title" => t("Add an album"), "class" => "add_album gDialogLink", "href" => url::site("form/add/albums/{$item->id}?type=album"));
$elements["additional"][] = (object) array("title" => t("Edit permissions"), "class" => "permissions gDialogLink", "href" => url::site("permissions/browse/{$item->id}"));
}
return $elements;
}
static function admin_head($theme)
{
$head = array();
if (strpos(Router::$current_uri, "admin/server_add") !== false) {
$head[] = "<link media=\"screen, projection\" rel=\"stylesheet\" type=\"text/css\" href=\"" . url::file("lib/jquery.autocomplete.css") . "\" />";
$base = url::site("__ARGS__");
$csrf = access::csrf_token();
$head[] = "<script> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>";
$head[] = html::script("lib/jquery.autocomplete.js");
$head[] = html::script("modules/server_add/js/admin.js");
}
return implode("\n", $head);
}
static function admin_head($theme)
{
$head = array();
if (strpos(Router::$current_uri, "admin/server_add") !== false) {
$theme->css("lib/jquery.autocomplete.css");
$base = url::site("__ARGS__");
$csrf = access::csrf_token();
$head[] = "<script> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>";
$theme->script("lib/jquery.autocomplete.js");
$theme->script("modules/server_add/js/admin.js");
}
return implode("\n", $head);
}
private function _get_view()
{
$view = new Admin_View("admin.html");
$view->page_title = t("Manage module order");
$view->content = new View("admin_moduleorder.html");
$view->content->csrf = access::csrf_token();
$view->content->available = new View("admin_moduleorder_blocks.html");
$view->content->active = new View("admin_moduleorder_blocks.html");
if (module::get_version("gallery") > 31) {
$view->content->available->modules = $this->_get_modules();
}
return $view;
}
/**
* Begin the task of adding photos.
*/
public function start()
{
access::verify_csrf();
$item = ORM::factory("item", Input::instance()->get("item_id"));
foreach (Input::instance()->post("paths") as $path) {
if (server_add::is_valid_path($path)) {
$paths[] = array($path, null);
}
}
$task_def = Task_Definition::factory()->callback("Server_Add_Controller::add")->description(t("Add photos or movies from the local server"))->name(t("Add from server"));
$task = task::create($task_def, array("item_id" => $item->id, "queue" => $paths));
print json_encode(array("result" => "started", "status" => $task->status, "url" => url::site("server_add/run/{$task->id}?csrf=" . access::csrf_token())));
}
function form_script_test()
{
$form = new Forge("test/controller", "", "post", array("id" => "g-test-group-form"));
$group = $form->group("test_group")->label(t("Test Group"));
$group->input("title")->label(t("Title"));
$group->textarea("description")->label(t("Text Area"));
$form->script("")->url(url::file("test.js"))->text("alert('Test Javascript');");
$group->submit("")->value(t("Submit"));
$rendered = $form->__toString();
$csrf = access::csrf_token();
$expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" " . "id=\"g-test-group-form\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"{$csrf}\" />" . " <fieldset>\n" . " <legend>Test Group</legend>\n" . " <ul>\n" . " <li>\n" . " <label for=\"title\" >Title</label>\n" . " <input type=\"text\" name=\"title\" value=\"\" " . "class=\"textbox\" />\n" . " </li>\n" . " <li>\n" . " <label for=\"description\" >Text Area</label>\n" . " <textarea name=\"description\" rows=\"\" cols=\"\" " . "class=\"textarea\" ></textarea>\n" . " </li>\n" . " <li>\n" . " <input type=\"submit\" value=\"Submit\" class=\"submit\" />\n" . " </li>\n" . " </ul>\n" . " </fieldset>\n" . "<script type=\"text/javascript\" src=\"http://./test.js\"></script>\n\n" . "<script type=\"text/javascript\">\n" . "alert('Test Javascript');\n" . "</script>\n" . "</form>";
$this->assert_same($expected, $rendered);
}
static function admin_head($theme)
{
$head = array();
if (strpos(Router::$current_uri, "admin/videos") !== false) {
$theme->css("videos.css");
$theme->css("jquery.autocomplete.css");
$base = url::site("__ARGS__");
$csrf = access::csrf_token();
$head[] = "<script type=\"text/javascript\"> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>";
$theme->script("jquery.autocomplete.js");
$theme->script("admin_videos.js");
}
return implode("\n", $head);
}
public function form_upload()
{
$v = new View("admin_themeroller_upload.html");
list($v->form, $v->errors) = $this->_get_upload_form();
$v->is_writable = is_writable(THEMEPATH);
$v->action = "admin/themeroller/form_create";
$submit_class = "ui-state-default ui-corner-all submit g-left";
if ($v->not_writable = !is_writable(THEMEPATH)) {
$submit_class .= " ui-state-disabled";
}
$v->submit_class = $submit_class;
$v->script_data = array("g3sid" => Session::instance()->id(), "user_agent" => Input::instance()->server("HTTP_USER_AGENT"), "csrf" => access::csrf_token());
json::reply(array("html" => (string) $v));
}
public function render()
{
$v = new View("in_place_edit.html");
$v->hidden = array("csrf" => access::csrf_token());
$v->action = url::site($this->action);
$v->form = $this->form;
$v->errors = $this->errors;
foreach ($v->errors as $key => $error) {
if (!empty($error)) {
$v->errors[$key] = $this->messages[$error];
}
}
return $v->render();
}
static function admin_menu($menu, $theme)
{
$developer_menu = Menu::factory("submenu")->id("developer_menu")->label(t("Developer tools"));
$menu->append($developer_menu);
$developer_menu->append(Menu::factory("link")->id("generate_menu")->label(t("Generate module"))->url(url::site("admin/developer/module")))->append(Menu::factory("link")->id("generate_data")->label(t("Generate test data"))->url(url::site("admin/developer/test_data")))->append(Menu::factory("link")->id("mptt_tree_menu")->label(t("MPTT tree"))->url(url::site("admin/developer/mptt")));
$csrf = access::csrf_token();
if (Session::instance()->get("profiler", false)) {
$developer_menu->append(Menu::factory("link")->id("scaffold_profiler")->label(t("Profiling off"))->url(url::site("admin/developer/session/profiler?value=0&csrf={$csrf}")));
} else {
$developer_menu->append(Menu::factory("link")->id("scaffold_profiler")->label(t("Profiling on"))->url(url::site("admin/developer/session/profiler?value=1&csrf={$csrf}")));
}
if (Session::instance()->get("debug", false)) {
$developer_menu->append(Menu::factory("link")->id("scaffold_debugger")->label(t("Debugging off"))->url(url::site("admin/developer/session/debug?value=0&csrf={$csrf}")));
} else {
$developer_menu->append(Menu::factory("link")->id("scaffold_debugger")->label(t("Debugging on"))->url(url::site("admin/developer/session/debug?value=1&csrf={$csrf}")));
}
}
public function change_photo_test()
{
$controller = new Photos_Controller();
$photo = test::random_photo();
$_POST["name"] = "new name.jpg";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["slug"] = "new-slug";
$_POST["csrf"] = access::csrf_token();
access::allow(identity::everybody(), "edit", item::root());
ob_start();
$controller->update($photo->id);
$photo->reload();
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success")), $results);
$this->assert_equal("new-slug", $photo->slug);
$this->assert_equal("new title", $photo->title);
$this->assert_equal("new description", $photo->description);
$this->assert_equal("new name.jpg", $photo->name);
}
public function change_photo_test()
{
$controller = new Photos_Controller();
$root = ORM::factory("item", 1);
$this->_photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", "test", "test");
$orig_name = $this->_photo->name;
$_POST["filename"] = "test.jpeg";
$_POST["name"] = "new name";
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["csrf"] = access::csrf_token();
access::allow(group::everybody(), "edit", $root);
ob_start();
$controller->_update($this->_photo);
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success", "location" => "http://./index.php/test.jpeg")), $results);
$this->assert_equal("new title", $this->_photo->title);
$this->assert_equal("new description", $this->_photo->description);
// We don't change the name, yet.
$this->assert_equal($orig_name, $this->_photo->name);
}
public function change_album_test()
{
$controller = new Albums_Controller();
$album = test::random_album();
// Randomize to avoid conflicts.
$new_name = "new_name_" . test::random_string(6);
$_POST["name"] = $new_name;
$_POST["title"] = "new title";
$_POST["description"] = "new description";
$_POST["column"] = "weight";
$_POST["direction"] = "ASC";
$_POST["csrf"] = access::csrf_token();
$_POST["slug"] = "new-name";
access::allow(identity::everybody(), "edit", item::root());
ob_start();
$controller->update($album->id);
$album->reload();
$results = ob_get_contents();
ob_end_clean();
$this->assert_equal(json_encode(array("result" => "success")), $results);
$this->assert_equal($new_name, $album->name);
$this->assert_equal("new title", $album->title);
$this->assert_equal("new description", $album->description);
}
/**
* Override View_Core::__construct so that we can set the csrf value into all views.
*
* @see View_Core::__construct
*/
public function __construct($name = NULL, $data = NULL, $type = NULL)
{
parent::__construct($name, $data, $type);
$this->set_global("csrf", access::csrf_token());
}
/**
* Get any pending messages. There are two types of messages, transient and permanent.
* Permanent messages are used to let the admin know that there are pending administrative
* issues that need to be resolved. Transient ones are only displayed once.
* @return html text
*/
static function get()
{
if (!identity::active_user()->admin) {
return;
}
$buf = array();
foreach (ORM::factory("message")->find_all() as $msg) {
$value = str_replace('__CSRF__', access::csrf_token(), $msg->value);
$buf[] = "<li class=\"" . self::severity_class($msg->severity) . "\">{$value}</li>";
}
if ($buf) {
return "<ul id=\"g-site-status\">" . implode("", $buf) . "</ul>";
}
}
static function admin_page_bottom($theme)
{
$session = Session::instance();
if ($session->get("profiler", false)) {
Profiler::enable();
$profiler = new Profiler();
$profiler->render();
}
// Redirect to the root album when the admin session expires.
$content = '<script type="text/javascript">
var adminReauthCheck = function() {
$.ajax({url: "' . url::site("admin?reauth_check=1") . '",
dataType: "json",
success: function(data){
if ("location" in data) {
document.location = data.location;
}
}});
};
setInterval("adminReauthCheck();", 60 * 1000);
</script>';
if (upgrade_checker::should_auto_check()) {
$content .= '<script type="text/javascript">
$.ajax({url: "' . url::site("admin/upgrade_checker/check_now?csrf=" . access::csrf_token()) . '"});
</script>';
}
if ($session->get("l10n_mode", false)) {
$content .= "\n" . L10n_Client_Controller::l10n_form();
}
return $content;
}
/**
* Use our own template
*/
public function render($template = "form.html", $custom = false)
{
$this->hidden["csrf"]->value(access::csrf_token());
return parent::render($template, $custom);
}
