This program is free software: you can redistribute it and/or modify it under the terms of either the GNU Affero General Public License or the GNU General Public License as published by the Free Software Foundation, either version 3 of the Licenses, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You should have received a copy of the GNU General Public License and the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ require_once 'database.php'; require 'data/User.php'; require 'data/List.php'; if (isset($_REQUEST['hs'])) { // foo } else { //If we're not handshaking we display the start page require_once 'templating.php'; $list = new UserList(); $listitems = $list->getPhotosList(100, $userid); $smarty->assign('list', $listitems); $smarty->assign('welcome', true); $smarty->display('my-images.tpl'); }
}, $photos[0]['itemid']); $result['from_id'] = array_reduce($photos, function ($carry, $item) { return $item['itemid'] < $carry ? $item['itemid'] : $carry; }, $photos[0]['itemid']); } return $result; } // Note photos, not photo with('/api/photos', function () { // Get the global photo list respond('GET', '/?', function ($request, $response) { list($sessionuserid, $skey) = validateUserSession($request); $count = abs(intval($request->param('count', 20))); $offset = abs(intval($request->param('from', 1))); $list = new UserList(); $photos = $list->getPhotosList($sessionuserid, $count, $offset); $result = formatPhotoListResults($photos); $output = json_encode($result, JSON_PRETTY_PRINT); echo urldecode($output); }); respond('GET', '/[:user]', function ($request, $response) { $listuserid = $request->user; $count = abs(intval($request->param('count', 20))); $offset = abs(intval($request->param('from', 1))); list($sessionuserid, $skey) = validateUserSession($request); $photos = UserList::getPhotosList($sessionuserid, $count, $offset, $listuserid); $result = formatPhotoListResults($photos); $output = json_encode($result, JSON_PRETTY_PRINT); echo $output; }); respond('POST', '/[:userid]/[:id]', function ($request, $response) {
public function testBlocking() { $skeyUser1 = 'a9225230920079405293a280a508c91d'; $skeyUser2 = '8ba048289a159a36d581ddf452f4baa0'; $skeyUser3 = 'd097a3a21df75f96b1f6745e5dbaa5c6'; $skeyUser4 = '2e975abd0ffa5df70fcee71bfef481bb'; $idUser1 = 1; $idUser2 = 2; $idUser3 = 3; $idUser4 = 4; $photoidUser1 = 1; $photoidUser2 = 4; $photoidUser3 = 8; $photoidUser4 = 11; // Sanity check for session values from fixtures //$res = User::sessionIsValid($idUser1, $skeyUser1); //$this->assertTrue($res); // User should be able to block photos they don't own when logged in $res = User::blockPhoto($idUser1, $skeyUser1, $photoidUser2); $this->assertEquals(200, $res); $this->tester->seeInDatabase('UserPhotoBlocks', ['userid' => $idUser1, 'photoid' => $photoidUser2]); // Re-blocking should succeed without complaint $res = User::blockPhoto($idUser1, $skeyUser1, $photoidUser2); $this->assertEquals(200, $res); // Users shouldn't be able to block their own photos $res = User::blockPhoto($idUser1, $skeyUser1, $photoidUser1); $this->assertEquals(401, $res); // Users who aren't passing an skey shouldn't be able to block photos $res = User::blockPhoto($idUser1, '', $photoidUser2); $this->assertEquals(401, $res); // Users with bad credentials shouldn't be able to block photos $res = User::blockPhoto($idUser1, 'not valid', $photoidUser2); $this->assertEquals(401, $res); // No such photo? Access denied. $res = User::blockPhoto($idUser1, $skeyUser1, 0); $this->assertEquals(404, $res); // A user should not see a photo they have blocked when listing everyone $res = UserList::getPhotosList($idUser1); $this->assertNotEquals(null, $res); $photo_ids = array_map(function ($x) { return $x['itemid']; }, $res); $this->assertFalse(in_array($photoidUser2, $photo_ids)); // Buts hsould see photos by other users $this->assertTrue(in_array($photoidUser3, $photo_ids)); // A user should not see a photo they have blocked when listing a user $res = UserList::getPhotosList($idUser1, 20, 1, $idUser2); $this->assertNotEquals(null, $res); $photo_ids = array_map(function ($x) { return $x["itemid"]; }, $res); $this->assertFalse(in_array($photoidUser2, $photo_ids)); // Buts hsould see photos by other users $this->assertTrue(in_array($photoidUser2 + 1, $photo_ids)); // When three users block a photo... $res = User::blockPhoto($idUser3, $skeyUser3, $photoidUser2); $this->assertEquals(200, $res); $res = User::blockPhoto($idUser4, $skeyUser4, $photoidUser2); $this->assertEquals(200, $res); // Nobody (exept the uploader) should see it in the global list $res = UserList::getPhotosList($idUser1); $photo_ids = array_map(function ($x) { return $x["itemid"]; }, $res); $this->assertFalse(in_array($photoidUser2, $photo_ids)); // The uploader should see it in the global list $res = UserList::getPhotosList($idUser2); $photo_ids = array_map(function ($x) { return $x["itemid"]; }, $res); $this->assertTrue(in_array($photoidUser2, $photo_ids)); // Nobody (exept the uploader) should see it in that user's list $res = UserList::getPhotosList($idUser1, 20, 1, $idUser2); $photo_ids = array_map(function ($x) { return $x["itemid"]; }, $res); $this->assertFalse(in_array($photoidUser2, $photo_ids)); // The uploader should see it in their userid's list $res = UserList::getPhotosList($idUser2, 20, 1, $idUser2); $photo_ids = array_map(function ($x) { return $x["itemid"]; }, $res); $this->assertTrue(in_array($photoidUser2 + 1, $photo_ids)); }