Merge branch '0.8.x' of git@gitorious.org:laconica/dev into 0.8.x
This commit is contained in:
commit
65ef1cb72a
|
@ -75,14 +75,14 @@ class ApiAction extends Action
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
# Caller might give us a username even if not required
|
// Caller might give us a username even if not required
|
||||||
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
||||||
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
|
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
|
||||||
if ($user) {
|
if ($user) {
|
||||||
$this->user = $user;
|
$this->user = $user;
|
||||||
}
|
}
|
||||||
# Twitter doesn't throw an error if the user isn't found
|
# Twitter doesn't throw an error if the user isn't found
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->process_command();
|
$this->process_command();
|
||||||
}
|
}
|
||||||
|
@ -117,7 +117,7 @@ class ApiAction extends Action
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Whitelist of API methods that don't need authentication
|
// Whitelist of API methods that don't need authentication
|
||||||
function requires_auth()
|
function requires_auth()
|
||||||
{
|
{
|
||||||
static $noauth = array( 'statuses/public_timeline',
|
static $noauth = array( 'statuses/public_timeline',
|
||||||
|
@ -135,28 +135,61 @@ class ApiAction extends Action
|
||||||
'statuses/replies',
|
'statuses/replies',
|
||||||
'statuses/mentions',
|
'statuses/mentions',
|
||||||
'statuses/followers',
|
'statuses/followers',
|
||||||
'favorites/favorites');
|
'favorites/favorites',
|
||||||
|
'friendships/show');
|
||||||
|
|
||||||
$fullname = "$this->api_action/$this->api_method";
|
$fullname = "$this->api_action/$this->api_method";
|
||||||
|
|
||||||
// If the site is "private", all API methods except laconica/config
|
// If the site is "private", all API methods except laconica/config
|
||||||
// need authentication
|
// need authentication
|
||||||
|
|
||||||
if (common_config('site', 'private')) {
|
if (common_config('site', 'private')) {
|
||||||
return $fullname != 'laconica/config' || false;
|
return $fullname != 'laconica/config' || false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// bareauth: only needs auth if without an argument or query param specifying user
|
||||||
|
|
||||||
if (in_array($fullname, $bareauth)) {
|
if (in_array($fullname, $bareauth)) {
|
||||||
# bareauth: only needs auth if without an argument or query param specifying user
|
|
||||||
if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) {
|
// Special case: friendships/show only needs auth if source_id or
|
||||||
|
// source_screen_name is not specified as a param
|
||||||
|
|
||||||
|
if ($fullname == 'friendships/show') {
|
||||||
|
|
||||||
|
$source_id = $this->arg('source_id');
|
||||||
|
$source_screen_name = $this->arg('source_screen_name');
|
||||||
|
|
||||||
|
if (empty($source_id) && empty($source_screen_name)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
} else {
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// if all of these are empty, auth is required
|
||||||
|
|
||||||
|
$id = $this->arg('id');
|
||||||
|
$user_id = $this->arg('user_id');
|
||||||
|
$screen_name = $this->arg('screen_name');
|
||||||
|
|
||||||
|
if (empty($this->api_arg) &&
|
||||||
|
empty($id) &&
|
||||||
|
empty($user_id) &&
|
||||||
|
empty($screen_name)) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
} else if (in_array($fullname, $noauth)) {
|
} else if (in_array($fullname, $noauth)) {
|
||||||
# noauth: never needs auth
|
|
||||||
|
// noauth: never needs auth
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
# everybody else needs auth
|
|
||||||
|
// everybody else needs auth
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -312,36 +312,4 @@ class GroupDesignSettingsAction extends DesignSettingsAction
|
||||||
$this->showForm(_('Design preferences saved.'), true);
|
$this->showForm(_('Design preferences saved.'), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Handle input and output a page (overrided)
|
|
||||||
*
|
|
||||||
* @param array $args $_REQUEST arguments
|
|
||||||
*
|
|
||||||
* @return void
|
|
||||||
*/
|
|
||||||
|
|
||||||
function handle($args)
|
|
||||||
{
|
|
||||||
parent::handle($args);
|
|
||||||
if (!common_logged_in()) {
|
|
||||||
$this->clientError(_('Not logged in.'));
|
|
||||||
return;
|
|
||||||
} else if (!common_is_real_login()) {
|
|
||||||
// Cookie theft means that automatic logins can't
|
|
||||||
// change important settings or see private info, and
|
|
||||||
// _all_ our settings are important
|
|
||||||
common_set_returnto($this->selfUrl());
|
|
||||||
$user = common_current_user();
|
|
||||||
if ($user->hasOpenID()) {
|
|
||||||
common_redirect(common_local_url('openidlogin'), 303);
|
|
||||||
} else {
|
|
||||||
common_redirect(common_local_url('login'), 303);
|
|
||||||
}
|
|
||||||
} else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
|
|
||||||
$this->handlePost();
|
|
||||||
} else {
|
|
||||||
$this->showForm();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -373,9 +373,19 @@ class TwitapistatusesAction extends TwitterapiAction
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 'id' is an undocumented parameter in Twitter's API. Several
|
||||||
|
// clients make use of it, so we support it too.
|
||||||
|
|
||||||
|
// show.json?id=12345 takes precedence over /show/12345.json
|
||||||
|
|
||||||
$this->auth_user = $apidata['user'];
|
$this->auth_user = $apidata['user'];
|
||||||
$notice_id = $apidata['api_arg'];
|
$notice_id = $this->trimmed('id');
|
||||||
$notice = Notice::staticGet($notice_id);
|
|
||||||
|
if (empty($notice_id)) {
|
||||||
|
$notice_id = $apidata['api_arg'];
|
||||||
|
}
|
||||||
|
|
||||||
|
$notice = Notice::staticGet((int)$notice_id);
|
||||||
|
|
||||||
if ($notice) {
|
if ($notice) {
|
||||||
if ($apidata['content-type'] == 'xml') {
|
if ($apidata['content-type'] == 'xml') {
|
||||||
|
@ -389,7 +399,6 @@ class TwitapistatusesAction extends TwitterapiAction
|
||||||
$this->clientError(_('No status with that ID found.'),
|
$this->clientError(_('No status with that ID found.'),
|
||||||
404, $apidata['content-type']);
|
404, $apidata['content-type']);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function destroy($args, $apidata)
|
function destroy($args, $apidata)
|
||||||
|
|
|
@ -37,24 +37,17 @@ class TwitapiusersAction extends TwitterapiAction
|
||||||
|
|
||||||
$user = null;
|
$user = null;
|
||||||
$email = $this->arg('email');
|
$email = $this->arg('email');
|
||||||
$user_id = $this->arg('user_id');
|
|
||||||
|
|
||||||
// XXX: email field deprecated in Twitter's API
|
// XXX: email field deprecated in Twitter's API
|
||||||
|
|
||||||
// XXX: Also: need to add screen_name param
|
|
||||||
|
|
||||||
if ($email) {
|
if ($email) {
|
||||||
$user = User::staticGet('email', $email);
|
$user = User::staticGet('email', $email);
|
||||||
} elseif ($user_id) {
|
} else {
|
||||||
$user = $this->get_user($user_id);
|
|
||||||
} elseif (isset($apidata['api_arg'])) {
|
|
||||||
$user = $this->get_user($apidata['api_arg']);
|
$user = $this->get_user($apidata['api_arg']);
|
||||||
} elseif (isset($apidata['user'])) {
|
|
||||||
$user = $apidata['user'];
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($user)) {
|
if (empty($user)) {
|
||||||
$this->client_error(_('Not found.'), 404, $apidata['content-type']);
|
$this->clientError(_('Not found.'), 404, $apidata['content-type']);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -261,7 +261,7 @@ class Router
|
||||||
$m->connect('api/statuses/:method',
|
$m->connect('api/statuses/:method',
|
||||||
array('action' => 'api',
|
array('action' => 'api',
|
||||||
'apiaction' => 'statuses'),
|
'apiaction' => 'statuses'),
|
||||||
array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|friends|followers|featured)(\.(atom|rss|xml|json))?'));
|
array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|show|friends|followers|featured)(\.(atom|rss|xml|json))?'));
|
||||||
|
|
||||||
$m->connect('api/statuses/:method/:argument',
|
$m->connect('api/statuses/:method/:argument',
|
||||||
array('action' => 'api',
|
array('action' => 'api',
|
||||||
|
|
Loading…
Reference in New Issue
Block a user