summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
Diffstat (limited to 'actions')
-rw-r--r--actions/api.php66
-rw-r--r--actions/facebookhome.php4
-rw-r--r--actions/facebooklogin.php4
-rw-r--r--actions/facebooksettings.php4
-rw-r--r--actions/favorited.php2
-rw-r--r--actions/groupdesignsettings.php32
-rw-r--r--actions/newnotice.php2
-rw-r--r--actions/othersettings.php11
-rw-r--r--actions/showgroup.php23
-rw-r--r--actions/twitapigroups.php114
-rw-r--r--actions/twitapistatuses.php15
-rw-r--r--actions/twitapiusers.php20
12 files changed, 222 insertions, 75 deletions
diff --git a/actions/api.php b/actions/api.php
index 08f5fadad..4a00b77e8 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -75,14 +75,14 @@ class ApiAction extends Action
}
} else {
- # Caller might give us a username even if not required
- if (isset($_SERVER['PHP_AUTH_USER'])) {
- $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
- if ($user) {
- $this->user = $user;
- }
- # Twitter doesn't throw an error if the user isn't found
- }
+ // Caller might give us a username even if not required
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
+ if ($user) {
+ $this->user = $user;
+ }
+ # Twitter doesn't throw an error if the user isn't found
+ }
$this->process_command();
}
@@ -117,7 +117,7 @@ class ApiAction extends Action
}
}
- # Whitelist of API methods that don't need authentication
+ // Whitelist of API methods that don't need authentication
function requires_auth()
{
static $noauth = array( 'statuses/public_timeline',
@@ -127,7 +127,8 @@ class ApiAction extends Action
'help/downtime_schedule',
'laconica/version',
'laconica/config',
- 'laconica/wadl');
+ 'laconica/wadl',
+ 'groups/timeline');
static $bareauth = array('statuses/user_timeline',
'statuses/friends_timeline',
@@ -135,28 +136,61 @@ class ApiAction extends Action
'statuses/replies',
'statuses/mentions',
'statuses/followers',
- 'favorites/favorites');
+ 'favorites/favorites',
+ 'friendships/show');
$fullname = "$this->api_action/$this->api_method";
// If the site is "private", all API methods except laconica/config
// need authentication
+
if (common_config('site', 'private')) {
return $fullname != 'laconica/config' || false;
}
+ // bareauth: only needs auth if without an argument or query param specifying user
+
if (in_array($fullname, $bareauth)) {
- # bareauth: only needs auth if without an argument or query param specifying user
- if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) {
+
+ // Special case: friendships/show only needs auth if source_id or
+ // source_screen_name is not specified as a param
+
+ if ($fullname == 'friendships/show') {
+
+ $source_id = $this->arg('source_id');
+ $source_screen_name = $this->arg('source_screen_name');
+
+ if (empty($source_id) && empty($source_screen_name)) {
+ return true;
+ }
+
return false;
- } else {
+ }
+
+ // if all of these are empty, auth is required
+
+ $id = $this->arg('id');
+ $user_id = $this->arg('user_id');
+ $screen_name = $this->arg('screen_name');
+
+ if (empty($this->api_arg) &&
+ empty($id) &&
+ empty($user_id) &&
+ empty($screen_name)) {
return true;
+ } else {
+ return false;
}
+
} else if (in_array($fullname, $noauth)) {
- # noauth: never needs auth
+
+ // noauth: never needs auth
+
return false;
} else {
- # everybody else needs auth
+
+ // everybody else needs auth
+
return true;
}
}
diff --git a/actions/facebookhome.php b/actions/facebookhome.php
index 34989c978..6d8d0745d 100644
--- a/actions/facebookhome.php
+++ b/actions/facebookhome.php
@@ -57,7 +57,7 @@ class FacebookhomeAction extends FacebookAction
// If this is the first time the user has started the app
// prompt for Facebook status update permission
- if (!$this->facebook->api_client->users_hasAppPermission('status_update')) {
+ if (!$this->facebook->api_client->users_hasAppPermission('publish_stream')) {
if ($this->facebook->api_client->data_getUserPreference(
FACEBOOK_PROMPTED_UPDATE_PREF) != 'true') {
@@ -203,7 +203,7 @@ class FacebookhomeAction extends FacebookAction
$api_key = common_config('facebook', 'apikey');
$auth_url = 'http://www.facebook.com/authorize.php?api_key=' .
- $api_key . '&v=1.0&ext_perm=status_update&next=' . $next .
+ $api_key . '&v=1.0&ext_perm=publish_stream&next=' . $next .
'&next_cancel=' . $next . '&submit=skip';
$this->elementStart('span', array('class' => 'facebook-button'));
diff --git a/actions/facebooklogin.php b/actions/facebooklogin.php
index 22007da4f..aa86cfbc0 100644
--- a/actions/facebooklogin.php
+++ b/actions/facebooklogin.php
@@ -31,7 +31,7 @@ class FacebookinviteAction extends FacebookAction
$this->error = $error;
if ($this->flink) {
- if (!$this->facebook->api_client->users_hasAppPermission('status_update') &&
+ if (!$this->facebook->api_client->users_hasAppPermission('publish_stream') &&
$this->facebook->api_client->data_getUserPreference(
FACEBOOK_PROMPTED_UPDATE_PREF) == 'true') {
@@ -60,7 +60,7 @@ class FacebookinviteAction extends FacebookAction
// If this is the first time the user has started the app
// prompt for Facebook status update permission
- if (!$this->facebook->api_client->users_hasAppPermission('status_update')) {
+ if (!$this->facebook->api_client->users_hasAppPermission('publish_stream')) {
if ($this->facebook->api_client->data_getUserPreference(
FACEBOOK_PROMPTED_UPDATE_PREF) != 'true') {
diff --git a/actions/facebooksettings.php b/actions/facebooksettings.php
index ee2c279ab..c3b364743 100644
--- a/actions/facebooksettings.php
+++ b/actions/facebooksettings.php
@@ -78,7 +78,7 @@ class FacebooksettingsAction extends FacebookAction
}
}
- if ($this->facebook->api_client->users_hasAppPermission('status_update')) {
+ if ($this->facebook->api_client->users_hasAppPermission('publish_stream')) {
$this->elementStart('form', array('method' => 'post',
'id' => 'facebook_settings'));
@@ -131,7 +131,7 @@ class FacebooksettingsAction extends FacebookAction
$this->elementStart('ul', array('id' => 'fb-permissions-list'));
$this->elementStart('li', array('id' => 'fb-permissions-item'));
- $this->elementStart('fb:prompt-permission', array('perms' => 'status_update',
+ $this->elementStart('fb:prompt-permission', array('perms' => 'publish_stream',
'next_fbjs' => 'document.setLocation(\'' . "$this->app_uri/settings.php" . '\')'));
$this->element('span', array('class' => 'facebook-button'),
sprintf(_('Allow %s to update my Facebook status'), common_config('site', 'name')));
diff --git a/actions/favorited.php b/actions/favorited.php
index c902d80f5..156c7a700 100644
--- a/actions/favorited.php
+++ b/actions/favorited.php
@@ -194,7 +194,7 @@ class FavoritedAction extends Action
$qry = 'SELECT notice.*, '.
$weightexpr . ' as weight ' .
'FROM notice JOIN fave ON notice.id = fave.notice_id ' .
- 'GROUP BY id,profile_id,uri,content,rendered,url,created,notice.modified,reply_to,is_local,source ' .
+ 'GROUP BY id,profile_id,uri,content,rendered,url,created,notice.modified,reply_to,is_local,source,notice.conversation ' .
'ORDER BY weight DESC';
$offset = ($this->page - 1) * NOTICES_PER_PAGE;
diff --git a/actions/groupdesignsettings.php b/actions/groupdesignsettings.php
index 6c1c052cb..bb01243c6 100644
--- a/actions/groupdesignsettings.php
+++ b/actions/groupdesignsettings.php
@@ -312,36 +312,4 @@ class GroupDesignSettingsAction extends DesignSettingsAction
$this->showForm(_('Design preferences saved.'), true);
}
- /**
- * Handle input and output a page (overrided)
- *
- * @param array $args $_REQUEST arguments
- *
- * @return void
- */
-
- function handle($args)
- {
- parent::handle($args);
- if (!common_logged_in()) {
- $this->clientError(_('Not logged in.'));
- return;
- } else if (!common_is_real_login()) {
- // Cookie theft means that automatic logins can't
- // change important settings or see private info, and
- // _all_ our settings are important
- common_set_returnto($this->selfUrl());
- $user = common_current_user();
- if ($user->hasOpenID()) {
- common_redirect(common_local_url('openidlogin'), 303);
- } else {
- common_redirect(common_local_url('login'), 303);
- }
- } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $this->handlePost();
- } else {
- $this->showForm();
- }
- }
-
}
diff --git a/actions/newnotice.php b/actions/newnotice.php
index 5f44a32a9..e254eac49 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -135,7 +135,7 @@ class NewnoticeAction extends Action
function isRespectsQuota($user) {
$file = new File;
- $ret = $file->isRespectsQuota($user);
+ $ret = $file->isRespectsQuota($user,$_FILES['attach']['size']);
if (true === $ret) return true;
$this->clientError($ret);
}
diff --git a/actions/othersettings.php b/actions/othersettings.php
index b542233ca..1277f8052 100644
--- a/actions/othersettings.php
+++ b/actions/othersettings.php
@@ -83,14 +83,12 @@ class OthersettingsAction extends AccountSettingsAction
{
$user = common_current_user();
-
$this->elementStart('form', array('method' => 'post',
'id' => 'form_settings_other',
'class' => 'form_settings',
'action' =>
common_local_url('othersettings')));
$this->elementStart('fieldset');
- $this->element('legend', null, _('URL Auto-shortening'));
$this->hidden('token', common_session_token());
// I18N
@@ -109,10 +107,14 @@ class OthersettingsAction extends AccountSettingsAction
$this->elementStart('ul', 'form_data');
$this->elementStart('li');
- $this->dropdown('urlshorteningservice', _('Service'),
+ $this->dropdown('urlshorteningservice', _('Shorten URLs with'),
$services, _('Automatic shortening service to use.'),
false, $user->urlshorteningservice);
$this->elementEnd('li');
+ $this->elementStart('li');
+ $this->checkbox('viewdesigns', _('View profile designs'),
+ $user->viewdesigns, _('Show or hide profile designs.'));
+ $this->elementEnd('li');
$this->elementEnd('ul');
$this->submit('save', _('Save'));
$this->elementEnd('fieldset');
@@ -145,6 +147,8 @@ class OthersettingsAction extends AccountSettingsAction
return;
}
+ $viewdesigns = $this->boolean('viewdesigns');
+
$user = common_current_user();
assert(!is_null($user)); // should already be checked
@@ -154,6 +158,7 @@ class OthersettingsAction extends AccountSettingsAction
$original = clone($user);
$user->urlshorteningservice = $urlshorteningservice;
+ $user->viewdesigns = $viewdesigns;
$result = $user->update($original);
diff --git a/actions/showgroup.php b/actions/showgroup.php
index ce11d574e..32ec674a9 100644
--- a/actions/showgroup.php
+++ b/actions/showgroup.php
@@ -317,8 +317,25 @@ class ShowgroupAction extends GroupDesignAction
common_local_url('grouprss',
array('nickname' => $this->group->nickname));
- return array(new Feed(Feed::RSS1, $url, sprintf(_('Notice feed for %s group'),
- $this->group->nickname)));
+ return array(new Feed(Feed::RSS1,
+ common_local_url('grouprss',
+ array('nickname' => $this->group->nickname)),
+ sprintf(_('Notice feed for %s group (RSS 1.0)'),
+ $this->group->nickname)),
+ new Feed(Feed::RSS2,
+ common_local_url('api',
+ array('apiaction' => 'groups',
+ 'method' => 'timeline',
+ 'argument' => $this->group->nickname.'.rss')),
+ sprintf(_('Notice feed for %s group (RSS 2.0)'),
+ $this->group->nickname)),
+ new Feed(Feed::ATOM,
+ common_local_url('api',
+ array('apiaction' => 'groups',
+ 'method' => 'timeline',
+ 'argument' => $this->group->nickname.'.atom')),
+ sprintf(_('Notice feed for %s group (Atom)'),
+ $this->group->nickname)));
}
/**
@@ -466,4 +483,4 @@ class GroupAdminSection extends ProfileSection
{
return null;
}
-} \ No newline at end of file
+}
diff --git a/actions/twitapigroups.php b/actions/twitapigroups.php
new file mode 100644
index 000000000..db15b2cd3
--- /dev/null
+++ b/actions/twitapigroups.php
@@ -0,0 +1,114 @@
+<?php
+/**
+ * Laconica, the distributed open-source microblogging tool
+ *
+ * Laconica extensions to the Twitter-like API for groups
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Twitter
+ * @package Laconica
+ * @author Craig Andrews
+ * @author Zach Copley <zach@controlyourself.ca>
+ * @copyright 2009 Control Yourself, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
+ */
+
+if (!defined('LACONICA')) {
+ exit(1);
+}
+
+require_once INSTALLDIR.'/lib/twitterapi.php';
+
+/**
+ * Group-specific API methods
+ *
+ * This class handles Laconica group API methods.
+ *
+ * @category Twitter
+ * @package Laconica
+ * @author Craig Andrews
+ * @author Zach Copley <zach@controlyourself.ca>
+ * @copyright 2009 Control Yourself, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://laconi.ca/
+ */
+
+ class TwitapigroupsAction extends TwitterapiAction
+ {
+
+ function timeline($args, $apidata)
+ {
+ parent::handle($args);
+
+ common_debug("in groups api action");
+
+ $this->auth_user = $apidata['user'];
+ $group = $this->get_group($apidata['api_arg'], $apidata);
+
+ if (empty($group)) {
+ $this->clientError('Not Found', 404, $apidata['content-type']);
+ return;
+ }
+
+ $sitename = common_config('site', 'name');
+ $title = sprintf(_("%s timeline"), $group->nickname);
+ $taguribase = common_config('integration', 'taguri');
+ $id = "tag:$taguribase:GroupTimeline:".$group->id;
+ $link = common_local_url('showgroup',
+ array('nickname' => $group->nickname));
+ $subtitle = sprintf(_('Updates from %1$s on %2$s!'),
+ $group->nickname, $sitename);
+
+ $page = (int)$this->arg('page', 1);
+ $count = (int)$this->arg('count', 20);
+ $max_id = (int)$this->arg('max_id', 0);
+ $since_id = (int)$this->arg('since_id', 0);
+ $since = $this->arg('since');
+
+ $notice = $group->getNotices(($page-1)*$count,
+ $count, $since_id, $max_id, $since);
+
+ switch($apidata['content-type']) {
+ case 'xml':
+ $this->show_xml_timeline($notice);
+ break;
+ case 'rss':
+ $this->show_rss_timeline($notice, $title, $link,
+ $subtitle, $suplink);
+ break;
+ case 'atom':
+ if (isset($apidata['api_arg'])) {
+ $selfuri = common_root_url() .
+ 'api/statuses/groups/timeline/' .
+ $apidata['api_arg'] . '.atom';
+ } else {
+ $selfuri = common_root_url() .
+ 'api/statuses/groups/timeline.atom';
+ }
+ $this->show_atom_timeline($notice, $title, $id, $link,
+ $subtitle, $suplink, $selfuri);
+ break;
+ case 'json':
+ $this->show_json_timeline($notice);
+ break;
+ default:
+ $this->clientError(_('API method not found!'), $code = 404);
+ }
+ }
+
+} \ No newline at end of file
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 555c746cb..c9943698d 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -373,9 +373,19 @@ class TwitapistatusesAction extends TwitterapiAction
return;
}
+ // 'id' is an undocumented parameter in Twitter's API. Several
+ // clients make use of it, so we support it too.
+
+ // show.json?id=12345 takes precedence over /show/12345.json
+
$this->auth_user = $apidata['user'];
- $notice_id = $apidata['api_arg'];
- $notice = Notice::staticGet($notice_id);
+ $notice_id = $this->trimmed('id');
+
+ if (empty($notice_id)) {
+ $notice_id = $apidata['api_arg'];
+ }
+
+ $notice = Notice::staticGet((int)$notice_id);
if ($notice) {
if ($apidata['content-type'] == 'xml') {
@@ -389,7 +399,6 @@ class TwitapistatusesAction extends TwitterapiAction
$this->clientError(_('No status with that ID found.'),
404, $apidata['content-type']);
}
-
}
function destroy($args, $apidata)
diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php
index 4057b63e7..fea41b397 100644
--- a/actions/twitapiusers.php
+++ b/actions/twitapiusers.php
@@ -37,24 +37,24 @@ class TwitapiusersAction extends TwitterapiAction
$user = null;
$email = $this->arg('email');
- $user_id = $this->arg('user_id');
// XXX: email field deprecated in Twitter's API
- // XXX: Also: need to add screen_name param
-
if ($email) {
$user = User::staticGet('email', $email);
- } elseif ($user_id) {
- $user = $this->get_user($user_id);
- } elseif (isset($apidata['api_arg'])) {
- $user = $this->get_user($apidata['api_arg']);
- } elseif (isset($apidata['user'])) {
- $user = $apidata['user'];
+ } else {
+ $user = $this->get_user($apidata['api_arg'], $apidata);
}
if (empty($user)) {
- $this->client_error(_('Not found.'), 404, $apidata['content-type']);
+ $this->clientError(_('Not found.'), 404, $apidata['content-type']);
+ return;
+ }
+
+ $profile = $user->getProfile();
+
+ if (!$profile) {
+ common_server_error(_('User has no profile.'));
return;
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-17 04:45:43 +0000