Permalink
Browse files

Add missing permission checks.

Make the tag relationship an associative array.
  • Loading branch information...
1 parent a956098 commit a04d0d278964c93b4829ec2e77f5f315abcba392 @bharat bharat committed Jan 30, 2010
@@ -23,8 +23,8 @@ static function get($request) {
return array(
"url" => $request->url,
"members" => array(
- rest::url("tag", $tag),
- rest::url("item", $item)));
+ "tag" => rest::url("tag", $tag),
+ "item" => rest::url("item", $item)));
}
static function delete($request) {
@@ -37,7 +37,7 @@ static function resolve($tuple) {
list ($tag_id, $item_id) = split(",", $tuple);
$tag = ORM::factory("tag", $tag_id);
$item = ORM::factory("item", $item_id);
- if (!$tag->loaded() || !$item->loaded() || !$tag->has($item)) {
+ if (!$tag->loaded() || !$item->loaded() || !$tag->has($item) || !access::can("view", $item)) {
throw new Kohana_404_Exception();
}
@@ -37,12 +37,16 @@ static function post($request) {
$item = rest::resolve($request->params->item);
access::required("view", $item);
+ if (!$tag->loaded()) {
+ throw new Kohana_404_Exception();
+ }
+
tag::add($item, $tag->name);
return array(
"url" => rest::url("tag_item", $tag, $item),
"members" => array(
- rest::url("tag", $tag),
- rest::url("item", $item)));
+ "tag" => rest::url("tag", $tag),
+ "item" => rest::url("item", $item)));
}
static function delete($request) {
@@ -32,8 +32,8 @@ public function get_test() {
$this->assert_equal_array(
array("url" => rest::url("tag_item", $tag, item::root()),
"members" => array(
- rest::url("tag", $tag),
- rest::url("item", item::root()))),
+ "tag" => rest::url("tag", $tag),
+ "item" => rest::url("item", item::root()))),
tag_item_rest::get($request));
}

0 comments on commit a04d0d2

Please sign in to comment.