32145484c2
We disallow repeating a notice (or whatever) if the scope of the notice is too private. So, only notices that are public scope (available to everyone in the world) or site scope (available to everyone on the site) can be repeated. Enforce this rule at a low level in Notice.php, and in the API, commands, and Web UI. Repeat button doesn't appear on tightly-scoped notices in the Web UI.
154 lines
4.5 KiB
PHP
154 lines
4.5 KiB
PHP
<?php
|
|
/**
|
|
* StatusNet, the distributed open-source microblogging tool
|
|
*
|
|
* Repeat a notice through the API
|
|
*
|
|
* PHP version 5
|
|
*
|
|
* LICENCE: This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
* @category API
|
|
* @package StatusNet
|
|
* @author Evan Prodromou <evan@status.net>
|
|
* @copyright 2009 StatusNet, Inc.
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
* @link http://status.net/
|
|
*/
|
|
|
|
if (!defined('STATUSNET')) {
|
|
exit(1);
|
|
}
|
|
|
|
require_once INSTALLDIR . '/lib/apiauth.php';
|
|
require_once INSTALLDIR . '/lib/mediafile.php';
|
|
|
|
/**
|
|
* Repeat a notice through the API
|
|
*
|
|
* @category API
|
|
* @package StatusNet
|
|
* @author Evan Prodromou <evan@status.net>
|
|
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
|
* @link http://status.net/
|
|
*/
|
|
class ApiStatusesRetweetAction extends ApiAuthAction
|
|
{
|
|
var $original = null;
|
|
|
|
/**
|
|
* Take arguments for running
|
|
*
|
|
* @param array $args $_REQUEST args
|
|
*
|
|
* @return boolean success flag
|
|
*/
|
|
function prepare($args)
|
|
{
|
|
parent::prepare($args);
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
|
|
// TRANS: Client error. POST is a HTTP command. It should not be translated.
|
|
$this->clientError(_('This method requires a POST.'),
|
|
400, $this->format);
|
|
return false;
|
|
}
|
|
|
|
$id = $this->trimmed('id');
|
|
|
|
$this->original = Notice::staticGet('id', $id);
|
|
|
|
if (empty($this->original)) {
|
|
// TRANS: Client error displayed trying to repeat a non-existing notice through the API.
|
|
$this->clientError(_('No such notice.'),
|
|
400, $this->format);
|
|
return false;
|
|
}
|
|
|
|
$this->user = $this->auth_user;
|
|
|
|
if ($this->user->id == $this->original->profile_id) {
|
|
// TRANS: Client error displayed trying to repeat an own notice through the API.
|
|
$this->clientError(_('Cannot repeat your own notice.'),
|
|
400, $this->format);
|
|
return false;
|
|
}
|
|
|
|
// Is it OK to repeat that notice (general enough scope)?
|
|
|
|
if ($this->original->scope != Notice::SITE_SCOPE &&
|
|
$this->original->scope != Notice::PUBLIC_SCOPE) {
|
|
$this->clientError(_('You may not repeat a private notice.'),
|
|
403,
|
|
$this->format);
|
|
return false;
|
|
}
|
|
|
|
$profile = $this->user->getProfile();
|
|
|
|
// Can the profile actually see that notice?
|
|
|
|
if (!$this->original->inScope($profile)) {
|
|
$this->clientError(_('No access to that notice.'),
|
|
403,
|
|
$this->format);
|
|
return false;
|
|
}
|
|
|
|
if ($profile->hasRepeated($id)) {
|
|
// TRANS: Client error displayed trying to re-repeat a notice through the API.
|
|
$this->clientError(_('Already repeated that notice.'),
|
|
400, $this->format);
|
|
return false;
|
|
}
|
|
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Handle the request
|
|
*
|
|
* Make a new notice for the update, save it, and show it
|
|
*
|
|
* @param array $args $_REQUEST data (unused)
|
|
*
|
|
* @return void
|
|
*/
|
|
function handle($args)
|
|
{
|
|
parent::handle($args);
|
|
|
|
$repeat = $this->original->repeat($this->user->id, $this->source);
|
|
|
|
$this->showNotice($repeat);
|
|
}
|
|
|
|
/**
|
|
* Show the resulting notice
|
|
*
|
|
* @return void
|
|
*/
|
|
function showNotice($notice)
|
|
{
|
|
if (!empty($notice)) {
|
|
if ($this->format == 'xml') {
|
|
$this->showSingleXmlStatus($notice);
|
|
} elseif ($this->format == 'json') {
|
|
$this->show_single_json_status($notice);
|
|
}
|
|
}
|
|
}
|
|
}
|