Commit Graph

3858 Commits

Author SHA1 Message Date
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Evan Prodromou
be682a3f8c Merge branch 'master' into 0.9.x 2011-02-16 13:56:55 -05:00
Evan Prodromou
39c6e34098 add path separators for Plugin::path() 2011-02-16 13:56:30 -05:00
Evan Prodromou
96d0141848 New version, dev cycle 2011-02-15 12:26:40 -05:00
Zach Copley
7de1aaf86d Atom - output nickname for atom:name in atom:author 2011-02-13 00:40:28 +00:00
Evan Prodromou
f6e614b894 add plugins/sslpath setting, default to site path/plugins 2011-02-11 15:58:47 -05:00
Evan Prodromou
ff2553b9c7 get the subject first if you go to the feed 2011-02-11 03:01:24 +00:00
Evan Prodromou
fc317f8b72 check legacy <actor> and <subject> first from feed 2011-02-11 02:59:18 +00:00
Zach Copley
df19e88323 Atom output - Reinstate activity:actor and activity:subject
w/deprecation warnings. Also add statusnet:profile_info back into
author/actor.
2011-02-09 23:18:14 -08:00
Brion Vibber
dc5daa237e Further tweak for ssl paths in plugin check (sslserver may be set but empty) 2011-02-09 00:09:25 -08:00
Brion Vibber
9efedfc217 Tweak to use site/server fallback when no plugins/sslserver or site/sslserver and generating plugin CSS 2011-02-09 00:04:01 -08:00
Brion Vibber
a277a003b9 0.9.7beta2 (for js update) 2011-02-08 22:55:15 -08:00
Evan Prodromou
399977aebf Merge remote branch 'origin/pluginstatic' into testing 2011-02-08 13:39:17 -05:00
Evan Prodromou
ecf0dec0c1 change alpha1 to beta1 2011-02-08 11:53:30 -05:00
Evan Prodromou
3b19b63bab correctly show the source of messages in a message list 2011-02-08 11:32:35 -05:00
Evan Prodromou
f500d4ea5b Create and use MessageList widget
Our mailbox actions (inbox and outbox) were doing their own display of
messages. This was causing issues with especially showmessage, which
since the more rigourous nickname checks were added, no longer works as
a mailbox subclass.

I've taken the time to rip out the message listing code from MailboxAction
and moved it to a MessageList widget. The different mailboxes now have their
own subclasses that show the correct profile in the list.
2011-02-08 11:11:21 -05:00
Brion Vibber
c858e2bc34 Issue #3025: string -> boolean for profile_background_tile entry in JSON user results from Twitter-compat API
This entry was using the strings 'true' and 'false' instead of literal booleans, which could confuse clients expecting literal booleans as in other places and on Twitter in this place.
2011-02-07 14:38:35 -08:00
Evan Prodromou
cd536e3099 move MESSAGES_PER_PAGE to common.php 2011-02-05 16:18:59 -05:00
Evan Prodromou
d7b2b141be commands are always lowercased in interpreter 2011-02-03 17:06:15 -05:00
Evan Prodromou
21feac3bea hooks for commands 2011-02-03 17:04:16 -05:00
Evan Prodromou
99db745f9d Merge branch 'testing' into privategroup
Conflicts:
	lib/groupeditform.php
2011-02-03 12:56:55 -05:00
Evan Prodromou
f06e661a9b new methods for paths to plugin static files 2011-02-03 10:36:25 -05:00
Brion Vibber
ec93184d7b Merge branch '3022' into testing 2011-02-01 14:37:46 -08:00
Brion Vibber
7977454456 Ticket #3022: fix formatting output for ApiAction::clientError and ApiAction::serverError when caller doesn't explicitly pass the format.
Format's already available as a member variable, so use it!

Fixes some error reponses in api/statusnet/groups/leave.json which were coming through as XML.
May fix some others as well.
2011-02-01 14:35:42 -08:00
Zach Copley
b595c3f0d5 API - Return integers instead of strings for group IDs and DM sender/recipients in JSON output 2011-01-31 21:01:03 -08:00
Brion Vibber
b46ce3b67d Fix "$s"s that slipped into double-quoted translatable strings' '%1$s' pattern. Switch to single-quote to fix. 2011-01-31 14:00:22 -08:00
Brion Vibber
de7726dd00 Performance counters: records number of total and unique cache get/set/incr/deletes and queries, and logs to syslog.
$config['site']['logperf'] = true; // to record & dump total hits of each type and the runtime to syslog
$config['site']['logperf_detail'] = true; // very verbose -- dump the individual cache keys and queries as they get used (may contain private info in some queries)

Seeing 180 cache gets on a timeline page seems not unusual currently; since these run in serial, even relatively small roundtrip times can add up heavily.
We should consider ways to reduce the number of round trips, such as more frequently storing compound objects or the output of processing in memcached.
Doing parallel multi-key lookups could also help by collapsing round-trip times, but might not be easy to fit into SN's object model. (For things like streams this should actually work pretty well -- grab the list, then when it's returned go grab all the individual items in parallel and return the list)
2011-01-31 13:12:56 -08:00
Brion Vibber
b896a37da0 Use cachedQuery on File::getAttachments, plus other cleanups:
* dropped unnecessary join on notice table
* made the function actually static, since it makes no sense as an instance variable. The only caller (in AttachmentList) is updated.
2011-01-31 12:22:50 -08:00
Brion Vibber
47f31bce47 Merge branch 'master' into testing
Conflicts:
	classes/Profile.php
2011-01-31 11:50:06 -08:00
Brion Vibber
9573f725c1 Merge branch '0.9.x' into testing 2011-01-31 11:08:15 -08:00
Evan Prodromou
adaad5bb5e Merge branch 'runtime' into testing 2011-01-31 14:02:17 -05:00
Evan Prodromou
ca4bf54131 add a comment to show runtime at the end of a page 2011-01-31 13:59:38 -05:00
Siebrand Mazeland
9c8b2b567f * Add/update translator documentation.
* L10n tweaks (mostly domain MENU assignments).
* Remove superfluous whitespace.
2011-01-30 19:03:55 +01:00
Siebrand Mazeland
c29a938895 * update punctuation for translator documentation.
* remove superfluous whitespace.
2011-01-30 18:48:09 +01:00
Siebrand Mazeland
7db24c32d6 * fix some i18n and L10n issues
* update/add translator documentation
* remove superfluous whitespace
2011-01-29 00:33:13 +01:00
Brion Vibber
433ec21119 Add $config['sessions']['gc_limit'] to limit how much work we do in each session GC; defaulting to killing 1000 sessions at a time. 2011-01-27 12:08:24 -08:00
Evan Prodromou
5fee38b025 events for modifying group edit form 2011-01-26 18:21:43 -07:00
Brion Vibber
54e98ffe22 Fix ticket #3013: MAX_FILE_SIZE hidden fields were incorrectly placed
In order to apply to PHP's POST processing, the MAX_FILE_SIZE field must appear *before* the file upload field. They were incorrectly placed after, where they had no effect on POST processing.
2011-01-26 15:49:57 -08:00
Brion Vibber
621a7cb36d Merge branch '0.9.x' into testing 2011-01-25 12:57:49 -08:00
Brion Vibber
820dd293c9 Fix for ticket #3007: .bmp avatar uploads weren't being properly converted to PNG in all cases
Part of the reported issue was previuosly fixed by dc497ed0 (smaller size images being blanked).
This commit fixes the remaining bug with original-size avatars being left as BMP (which could include the 96px size for instance, which could cause problems in browsers not supporting BMP natively)

Added ImageFile::copyTo() as a convenient alias for resizeTo() when not resizing; this performs the BMP/XPM/XBM->PNG conversion if needed, or copies the original file.
Copying instead of using move_uploaded_file() is fine here since:
a) the files are cleaned up on script completion anyway (vs moving to remove it)
b) we're already performing getimagesize() and possibly load/resize on the file before this point (vs needing to move the file into a usable area to work with open_basedir restrictions that prevent working directly with uploaded files in the temp dir; since this would fail anyway, we lose nothing)

ImageFile::preferredType() now works on $this->type instead of asking for one, to make it handier to use from outside. (This is still needed in order for calling code to generate a target filename.)

Recommended for future:
* additional consolidation between the various ways of uploading avatars (touched avatarsettings, grouplogo, and apiaccountupdateprofileimage with similar minor changes)
* consolidate type checks and file naming into Avatar class
2011-01-24 12:22:47 -08:00
Siebrand Mazeland
6c0e43be9e L10n consistency updates in wording and punctuation.
Translator documentation added/updated.
Superfluous whitespace removed.
2011-01-21 22:45:37 +01:00
Siebrand Mazeland
08cb576b52 Add translator documentation
Fix L10n issues
Remove superfluous whitespace
2011-01-21 16:35:00 +01:00
Brion Vibber
6fa0bea76d Merge branch '0.9.x' into testing 2011-01-20 15:12:57 -08:00
Brion Vibber
6455461c19 Merge branch 'master' into 0.9.x 2011-01-20 15:08:31 -08:00
Zach Copley
05361bb686 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-20 10:44:31 -08:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Zach Copley
882b6862a3 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-19 23:00:24 -08:00
Zach Copley
114d9ebf28 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 22:59:51 -08:00
Zach Copley
1543af748c Merge branch 'testing' of gitorious.org:statusnet/mainline into testing
* 'testing' of gitorious.org:statusnet/mainline: (63 commits)
  Add a scary 'experimental feture' warning & are-you-sure prompt on moveuser.php
  fix wrong datatypes (saving string instead of array) in AtomPub notice processing
  Account moving is a background activity
  return a 409 Conflict when subscription already exists
  OStatusPlugin does discovery in Profile::fromURI()
  considerably more logging and error checking in AccountMover
  add a log method to AccountMover
  normalize accounts and check for return in HTTP for moving
  move account-moving classes to their own libraries
  execution protection on discovery.php
  PHPCS discovery.php
  Move discovery library from OStatus plugin to core
  Revert "Revert "0.9.7alpha1""
  first example of moving a user
  Parse properties of links in XRD files
  Add the Atom username to the XRD output
  preserve activities in object
  let callers pass in an XMLOutputter to output to
  execution protection on discovery.php
  PHPCS linkheader.php
  ...
2011-01-19 22:58:07 -08:00
Zach Copley
e475bdfe77 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-19 22:55:00 -08:00