Skip to content

Minds Backend - Engine
Minds Backend - Engine
Source
...
Target
 
Commits (3)
Hide whitespace changes
Inline Side-by-side
Showing with 67 additions and 26 deletions
Controllers/api/v1/blog.php
View file @ 05a69001
......@@ -12,6 +12,7 @@ use Minds\Api\Exportable;
use Minds\Api\Factory;
use Minds\Common\Access;
use Minds\Core;
use Minds\Core\Router\Exceptions\UnverifiedEmailException;
use Minds\Helpers;
use Minds\Interfaces;
use Minds\Core\Blogs\Delegates\CreateActivity;
......@@ -352,6 +353,8 @@ class blog implements Interfaces\Api
} else {
$saved = $manager->add($blog);
}
} catch (UnverifiedEmailException $e) {
throw $e;
} catch (\Exception $e) {
return Factory::response([
'status' => 'error',
......
Controllers/api/v1/groups/group.php
View file @ 05a69001
......@@ -210,7 +210,9 @@ class group implements Interfaces\Api
->setOwnerObj($user);
}
$group->save();
if (Core\Security\ACL::_()->write($group)) {
$group->save();
}
if ($creation) {
// Join group
......
Controllers/api/v1/media.php
View file @ 05a69001
......@@ -5,10 +5,12 @@
* @version 1
* @author Emi Balbuena
*/
namespace Minds\Controllers\api\v1;
use Minds\Core;
use Minds\Core\Di\Di;
use Minds\Core\Router\Exceptions\UnverifiedEmailException;
use Minds\Core\Security;
use Minds\Entities;
use Minds\Helpers;
......@@ -50,7 +52,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
if (isset($pages[1]) && $pages[1] == 'play') {
http_response_code(302);
$res = !empty($_GET['res']) && in_array($_GET['res'], ['360', '720', '1080'], true) ?$_GET['res'] : '360';
$res = !empty($_GET['res']) && in_array($_GET['res'], ['360', '720', '1080'], true) ? $_GET['res'] : '360';
if ($entity->subtype == 'audio') {
\forward($entity->getSourceUrl('128.mp3'));
......@@ -61,7 +63,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
exit;
}
$entities = Factory::exportable([ $entity ]);
$entities = Factory::exportable([$entity]);
if ($entities) {
$response = $entities[0];
......@@ -85,7 +87,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
Security\ACL::$ignore = $ignore;
}
/* no break */
/* no break */
default:
$entity->fullExport = true;
$response['entity'] = $entity->export();
......@@ -104,7 +106,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
$response['entity']['canEdit'] = $entity->canEdit();
Security\ACL::$ignore = $ignore;
}
}
}
}
return Factory::response($response);
......@@ -127,6 +129,8 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
'type' => $_FILES['file']['type'],
'file' => $_FILES['file']['tmp_name']
]);
} catch (UnverifiedEmailException $e) {
throw $e;
} catch (\Exception $e) {
return Factory::response([
'status' => 'error',
......@@ -200,7 +204,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
unlink("/tmp/{$image->guid}-master.jpg");
}
return Factory::response([ 'guid' => $guid, 'location' => $loc ]);
return Factory::response(['guid' => $guid, 'location' => $loc]);
}
/**
......@@ -226,7 +230,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
/**
* (Internal) Uploads media
* @param mixed $guid
* @param array $data - POST data
* @param array $data - POST data
* @param array $media - Temporary [file] path and its [type]
*/
private function _upload($clientType, array $data = [], array $media = [])
......@@ -262,6 +266,10 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
$entity = Core\Media\Factory::build($clientType);
if (!Security\ACL::_()->write($entity)) {
return false;
}
$container_guid = isset($data['container_guid']) && is_numeric($data['container_guid']) ? $data['container_guid'] : null;
$entity->patch([
'title' => isset($data['name']) ? $data['name'] : '',
......@@ -282,7 +290,7 @@ class media implements Interfaces\Api, Interfaces\ApiIgnorePam
// Save initial entity
$success = $save
$success = $save
->setEntity($entity)
->save(true);
......
Core/Blogs/Manager.php
View file @ 05a69001
......@@ -10,6 +10,7 @@ namespace Minds\Core\Blogs;
use Minds\Core\Di\Di;
use Minds\Core\Entities\PropagateProperties;
use Minds\Core\Security\ACL;
use Minds\Core\Security\Spam;
class Manager
......@@ -26,7 +27,7 @@ class Manager
/** @var Delegates\Feeds */
protected $feeds;
/** @var Spam **/
/** @var Spam * */
protected $spam;
/** @var Delegates\Search */
......@@ -35,6 +36,9 @@ class Manager
/** @var PropagateProperties */
protected $propagateProperties;
/** @var ACL */
protected $acl;
/**
* Manager constructor.
* @param null $repository
......@@ -53,8 +57,10 @@ class Manager
$feeds = null,
$spam = null,
$search = null,
PropagateProperties $propagateProperties = null
) {
PropagateProperties $propagateProperties = null,
ACL $acl = null
)
{
$this->repository = $repository ?: new Repository();
$this->paywallReview = $paywallReview ?: new Delegates\PaywallReview();
$this->slug = $slug ?: new Delegates\Slug();
......@@ -62,6 +68,7 @@ class Manager
$this->spam = $spam ?: Di::_()->get('Security\Spam');
$this->search = $search ?: new Delegates\Search();
$this->propagateProperties = $propagateProperties ?? Di::_()->get('PropagateProperties');
$this->acl = $acl?: ACL::_();
}
/**
......@@ -116,6 +123,10 @@ class Manager
*/
public function add(Blog $blog)
{
if (!$this->acl->write($blog)) {
return false;
}
if ($this->spam->check($blog)) {
return false;
}
......
Spec/Core/Blogs/ManagerSpec.php
View file @ 05a69001
......@@ -6,6 +6,8 @@ use Minds\Core\Blogs\Blog;
use Minds\Core\Blogs\Delegates;
use Minds\Core\Blogs\Repository;
use Minds\Core\Entities\PropagateProperties;
use Minds\Core\Router\Exceptions\UnverifiedEmailException;
use Minds\Core\Security\ACL;
use Minds\Core\Security\Spam;
use PhpSpec\ObjectBehavior;
......@@ -31,8 +33,12 @@ class ManagerSpec extends ObjectBehavior
/** @var Delegates\Search */
protected $search;
/** @var PropagateProperties */
protected $propagateProperties;
/** @var ACL */
protected $acl;
public function let(
Repository $repository,
Delegates\PaywallReview $paywallReview,
......@@ -40,8 +46,10 @@ class ManagerSpec extends ObjectBehavior
Delegates\Feeds $feeds,
Spam $spam,
Delegates\Search $search,
PropagateProperties $propagateProperties
) {
PropagateProperties $propagateProperties,
ACL $acl
)
{
$this->beConstructedWith(
$repository,
$paywallReview,
......@@ -49,7 +57,8 @@ class ManagerSpec extends ObjectBehavior
$feeds,
$spam,
$search,
$propagateProperties
$propagateProperties,
$acl
);
$this->repository = $repository;
......@@ -59,6 +68,7 @@ class ManagerSpec extends ObjectBehavior
$this->spam = $spam;
$this->search = $search;
$this->propagateProperties = $propagateProperties;
$this->acl = $acl;
}
public function it_is_initializable()
......@@ -107,7 +117,7 @@ class ManagerSpec extends ObjectBehavior
'reversed' => false,
])
->shouldBeCalled()
->willReturn([ $nextBlog ]);
->willReturn([$nextBlog]);
$this
->getNext($blog, 'owner')
......@@ -148,8 +158,21 @@ class ManagerSpec extends ObjectBehavior
->duringGetNext($blog, 'notimplemented');
}
public function it_should_fail_to_add_if_the_user_hasnt_verified_its_email(Blog $blog)
{
$this->acl->write($blog)
->shouldBeCalled()
->willThrow(UnverifiedEmailException::class);
$this->shouldThrow(UnverifiedEmailException::class)->during('add', [$blog]);
}
public function it_should_add(Blog $blog)
{
$this->acl->write($blog)
->shouldBeCalled()
->willReturn(true);
$this->spam->check($blog)
->shouldBeCalled();
......@@ -277,22 +300,16 @@ class ManagerSpec extends ObjectBehavior
public function it_should_check_for_spam(Blog $blog, Spam $spam)
{
$this->beConstructedWith(
$this->repository,
$this->paywallReview,
$this->slug,
$this->feeds,
$this->spam,
$this->search
);
$this->acl->write($blog)
->shouldBeCalled()
->willReturn(true);
$spamUrl = 'movieblog.tumblr.com';
$blog->getType()
->willReturn('object');
->willReturn('object');
$blog->getSubtype()
->willReturn('blog');
->willReturn('blog');
$this->spam->check(Argument::any())->shouldBeCalled()->willReturn(true);
$this->add($blog);
......