mirror of
https://github.com/openvk/openvk
synced 2025-05-11 03:26:37 +03:00
apis
This commit is contained in:
lalka2016
parent
08b30b445d
commit
a91a79dc6f
15 changed files with 192 additions and 62 deletions
|
|
@ -25,6 +25,9 @@ class Notes implements Handler
|
||||||
assert($noteOwner instanceof User);
|
assert($noteOwner instanceof User);
|
||||||
if(!$noteOwner->getPrivacyPermission("notes.read", $this->user))
|
if(!$noteOwner->getPrivacyPermission("notes.read", $this->user))
|
||||||
$reject(160, "You don't have permission to access this note");
|
$reject(160, "You don't have permission to access this note");
|
||||||
|
|
||||||
|
if(!$note->canBeViewedBy($this->user))
|
||||||
|
$reject(15, "Happy new year");
|
||||||
|
|
||||||
$resolve([
|
$resolve([
|
||||||
"title" => $note->getName(),
|
"title" => $note->getName(),
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ class Search implements Handler
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId()], $sort);
|
$res = $repo->find($query, ["doNotSearchMe" => $this->user->getId(), "doNotSearchPrivate" => true,], $sort);
|
||||||
|
|
||||||
$results = array_slice(iterator_to_array($res), 0, 5);
|
$results = array_slice(iterator_to_array($res), 0, 5);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,9 @@ class Wall implements Handler
|
||||||
if(!$post || $post->isDeleted())
|
if(!$post || $post->isDeleted())
|
||||||
$reject("No post with id=$id");
|
$reject("No post with id=$id");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->user))
|
||||||
|
$reject(12, "Aces denid,");
|
||||||
|
|
||||||
$res = (object) [];
|
$res = (object) [];
|
||||||
$res->id = $post->getId();
|
$res->id = $post->getId();
|
||||||
$res->wall = $post->getTargetWall();
|
$res->wall = $post->getTargetWall();
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,17 @@ final class Friends extends VKAPIRequestHandler
|
||||||
$users = new UsersRepo;
|
$users = new UsersRepo;
|
||||||
|
|
||||||
$this->requireUser();
|
$this->requireUser();
|
||||||
|
|
||||||
|
$user = $users->get($user_id);
|
||||||
|
|
||||||
|
if(!$user || $user->isDeleted())
|
||||||
|
$this->fail(100, "Invalid user");
|
||||||
|
|
||||||
|
if(!$user->getPrivacyPermission("friends.read", $this->getUser()))
|
||||||
|
$this->fail(15, "Access denied: this user chose to hide his friends.");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
foreach($users->get($user_id)->getFriends($offset, $count) as $friend) {
|
foreach($users->get($user_id)->getFriends($offset, $count) as $friend) {
|
||||||
$friends[$i] = $friend->getId();
|
$friends[$i] = $friend->getId();
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,17 @@ final class Gifts extends VKAPIRequestHandler
|
||||||
if(!$user || $user->isDeleted())
|
if(!$user || $user->isDeleted())
|
||||||
$this->fail(177, "Invalid user");
|
$this->fail(177, "Invalid user");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
|
/*
|
||||||
|
if(!$user->getPrivacyPermission('gifts.read', $this->getUser()))
|
||||||
|
$this->fail(15, "Access denied: this user chose to hide his gifts");*/
|
||||||
|
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$gift_item = [];
|
$gift_item = [];
|
||||||
|
|
||||||
$userGifts = array_slice(iterator_to_array($user->getGifts(1, $count, false)), $offset);
|
$userGifts = array_slice(iterator_to_array($user->getGifts(1, $count, false)), $offset);
|
||||||
|
|
@ -62,6 +73,9 @@ final class Gifts extends VKAPIRequestHandler
|
||||||
if(!$user || $user->isDeleted())
|
if(!$user || $user->isDeleted())
|
||||||
$this->fail(177, "Invalid user");
|
$this->fail(177, "Invalid user");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$gift = (new GiftsRepo)->get($gift_id);
|
$gift = (new GiftsRepo)->get($gift_id);
|
||||||
|
|
||||||
if(!$gift)
|
if(!$gift)
|
||||||
|
|
|
||||||
|
|
@ -18,9 +18,15 @@ final class Groups extends VKAPIRequestHandler
|
||||||
$users = new UsersRepo;
|
$users = new UsersRepo;
|
||||||
$user = $users->get($user_id);
|
$user = $users->get($user_id);
|
||||||
|
|
||||||
if(is_null($user))
|
if(is_null($user) || $user->isDeleted())
|
||||||
$this->fail(15, "Access denied");
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
|
if(!$user->getPrivacyPermission('groups.read', $this->getUser()))
|
||||||
|
$this->fail(15, "Access denied: this user chose to hide his groups.");
|
||||||
|
|
||||||
foreach($user->getClubs($offset, false, $count, true) as $club)
|
foreach($user->getClubs($offset, false, $count, true) as $club)
|
||||||
$clbs[] = $club;
|
$clbs[] = $club;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,9 @@ final class Likes extends VKAPIRequestHandler
|
||||||
if(is_null($post))
|
if(is_null($post))
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$post->setLike(true, $this->getUser());
|
$post->setLike(true, $this->getUser());
|
||||||
|
|
||||||
return (object) [
|
return (object) [
|
||||||
|
|
@ -37,6 +40,9 @@ final class Likes extends VKAPIRequestHandler
|
||||||
if (is_null($post))
|
if (is_null($post))
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$post->setLike(false, $this->getUser());
|
$post->setLike(false, $this->getUser());
|
||||||
return (object) [
|
return (object) [
|
||||||
"likes" => $post->getLikesCount()
|
"likes" => $post->getLikesCount()
|
||||||
|
|
@ -60,6 +66,9 @@ final class Likes extends VKAPIRequestHandler
|
||||||
if (is_null($post))
|
if (is_null($post))
|
||||||
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
$this->fail(100, "One of the parameters specified was missing or invalid: object not found");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
return (object) [
|
return (object) [
|
||||||
"liked" => (int) $post->hasLikeFrom($user),
|
"liked" => (int) $post->hasLikeFrom($user),
|
||||||
"copied" => 0 # TODO: handle this
|
"copied" => 0 # TODO: handle this
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,8 @@ final class Newsfeed extends VKAPIRequestHandler
|
||||||
{
|
{
|
||||||
$this->requireUser();
|
$this->requireUser();
|
||||||
|
|
||||||
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND `posts`.`deleted` = 0";
|
$queryBase = "FROM `posts` LEFT JOIN `groups` ON GREATEST(`posts`.`wall`, 0) = 0 AND `groups`.`id` = ABS(`posts`.`wall`) LEFT JOIN `profiles` ON LEAST(`posts`.`wall`, 0) = 0 AND `profiles`.`id` = ABS(`posts`.`wall`)";
|
||||||
|
$queryBase .= "WHERE (`groups`.`hide_from_global_feed` = 0 OR `groups`.`name` IS NULL) AND (`profiles`.`profile_type` = 0 OR `profiles`.`first_name` IS NULL) AND `posts`.`deleted` = 0"; # AND `posts`.`suggested` = 0
|
||||||
|
|
||||||
if($this->getUser()->getNsfwTolerance() === User::NSFW_INTOLERANT)
|
if($this->getUser()->getNsfwTolerance() === User::NSFW_INTOLERANT)
|
||||||
$queryBase .= " AND `nsfw` = 0";
|
$queryBase .= " AND `nsfw` = 0";
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,9 @@ final class Notes extends VKAPIRequestHandler
|
||||||
if($note->getOwner()->isDeleted())
|
if($note->getOwner()->isDeleted())
|
||||||
$this->fail(403, "Owner is deleted");
|
$this->fail(403, "Owner is deleted");
|
||||||
|
|
||||||
|
if(!$note->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||||
$this->fail(43, "No access");
|
$this->fail(43, "No access");
|
||||||
|
|
||||||
|
|
@ -187,7 +190,10 @@ final class Notes extends VKAPIRequestHandler
|
||||||
$this->fail(15, "Invalid user");
|
$this->fail(15, "Invalid user");
|
||||||
|
|
||||||
if(!$user->getPrivacyPermission('notes.read', $this->getUser()))
|
if(!$user->getPrivacyPermission('notes.read', $this->getUser()))
|
||||||
$this->fail(43, "Access denied: this user chose to hide his notes");
|
$this->fail(15, "Access denied: this user chose to hide his notes");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
if(empty($note_ids)) {
|
if(empty($note_ids)) {
|
||||||
$notes = array_slice(iterator_to_array((new NotesRepo)->getUserNotes($user, 1, $count + $offset, $sort == 0 ? "ASC" : "DESC")), $offset);
|
$notes = array_slice(iterator_to_array((new NotesRepo)->getUserNotes($user, 1, $count + $offset, $sort == 0 ? "ASC" : "DESC")), $offset);
|
||||||
|
|
@ -238,6 +244,9 @@ final class Notes extends VKAPIRequestHandler
|
||||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||||
$this->fail(40, "Access denied: this user chose to hide his notes");
|
$this->fail(40, "Access denied: this user chose to hide his notes");
|
||||||
|
|
||||||
|
if(!$note->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access to note denied");
|
||||||
|
|
||||||
return $note->toVkApiStruct();
|
return $note->toVkApiStruct();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -258,6 +267,9 @@ final class Notes extends VKAPIRequestHandler
|
||||||
|
|
||||||
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
if(!$note->getOwner()->getPrivacyPermission('notes.read', $this->getUser()))
|
||||||
$this->fail(14, "No access");
|
$this->fail(14, "No access");
|
||||||
|
|
||||||
|
if(!$note->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access to note denied");
|
||||||
|
|
||||||
$arr = (object) [
|
$arr = (object) [
|
||||||
"count" => $note->getCommentsCount(),
|
"count" => $note->getCommentsCount(),
|
||||||
|
|
|
||||||
|
|
@ -304,10 +304,12 @@ final class Photos extends VKAPIRequestHandler
|
||||||
if(!$user || $user->isDeleted())
|
if(!$user || $user->isDeleted())
|
||||||
$this->fail(2, "Invalid user");
|
$this->fail(2, "Invalid user");
|
||||||
|
|
||||||
|
|
||||||
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
|
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
|
||||||
$this->fail(21, "This user chose to hide his albums.");
|
$this->fail(21, "This user chose to hide his albums.");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset);
|
$albums = array_slice(iterator_to_array((new Albums)->getUserAlbums($user, 1, $count + $offset)), $offset);
|
||||||
|
|
||||||
foreach($albums as $album) {
|
foreach($albums as $album) {
|
||||||
|
|
@ -368,15 +370,15 @@ final class Photos extends VKAPIRequestHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
if($user_id > 0) {
|
if($user_id > 0) {
|
||||||
|
|
||||||
$us = (new UsersRepo)->get($user_id);
|
$us = (new UsersRepo)->get($user_id);
|
||||||
if(!$us || $us->isDeleted()) {
|
if(!$us || $us->isDeleted())
|
||||||
$this->fail(21, "Invalid user");
|
$this->fail(21, "Invalid user");
|
||||||
}
|
|
||||||
|
|
||||||
if(!$us->getPrivacyPermission('photos.read', $this->getUser())) {
|
if(!$us->getPrivacyPermission('photos.read', $this->getUser()))
|
||||||
$this->fail(21, "This user chose to hide his albums.");
|
$this->fail(21, "This user chose to hide his albums.");
|
||||||
}
|
|
||||||
|
if(!$us->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access dennieeeddd");
|
||||||
|
|
||||||
return (new Albums)->getUserAlbumsCount($us);
|
return (new Albums)->getUserAlbumsCount($us);
|
||||||
}
|
}
|
||||||
|
|
@ -404,17 +406,17 @@ final class Photos extends VKAPIRequestHandler
|
||||||
$ph = explode("_", $phota);
|
$ph = explode("_", $phota);
|
||||||
$photo = (new PhotosRepo)->getByOwnerAndVID((int)$ph[0], (int)$ph[1]);
|
$photo = (new PhotosRepo)->getByOwnerAndVID((int)$ph[0], (int)$ph[1]);
|
||||||
|
|
||||||
if(!$photo || $photo->isDeleted()) {
|
if(!$photo || $photo->isDeleted())
|
||||||
$this->fail(21, "Invalid photo");
|
$this->fail(21, "Invalid photo");
|
||||||
}
|
|
||||||
|
|
||||||
if($photo->getOwner()->isDeleted()) {
|
if($photo->getOwner()->isDeleted())
|
||||||
$this->fail(21, "Owner of this photo is deleted");
|
$this->fail(21, "Owner of this photo is deleted");
|
||||||
}
|
|
||||||
|
|
||||||
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
if(!$photo->getOwner()->getPrivacyPermission('photos.read', $this->getUser()))
|
||||||
$this->fail(21, "This user chose to hide his photos.");
|
$this->fail(21, "This user chose to hide his photos.");
|
||||||
}
|
|
||||||
|
if(!$photo->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied...");
|
||||||
|
|
||||||
$res[] = $photo->toVkApiStruct($photo_sizes, $extended);
|
$res[] = $photo->toVkApiStruct($photo_sizes, $extended);
|
||||||
}
|
}
|
||||||
|
|
@ -432,13 +434,11 @@ final class Photos extends VKAPIRequestHandler
|
||||||
if(empty($photo_ids)) {
|
if(empty($photo_ids)) {
|
||||||
$album = (new Albums)->getAlbumByOwnerAndId($owner_id, $album_id);
|
$album = (new Albums)->getAlbumByOwnerAndId($owner_id, $album_id);
|
||||||
|
|
||||||
if(!$album->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
if(!$album || $album->isDeleted())
|
||||||
$this->fail(21, "This user chose to hide his albums.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!$album || $album->isDeleted()) {
|
|
||||||
$this->fail(21, "Invalid album");
|
$this->fail(21, "Invalid album");
|
||||||
}
|
|
||||||
|
if(!$album->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$photos = array_slice(iterator_to_array($album->getPhotos(1, $count + $offset)), $offset);
|
$photos = array_slice(iterator_to_array($album->getPhotos(1, $count + $offset)), $offset);
|
||||||
$res["count"] = sizeof($photos);
|
$res["count"] = sizeof($photos);
|
||||||
|
|
@ -456,12 +456,11 @@ final class Photos extends VKAPIRequestHandler
|
||||||
"items" => []
|
"items" => []
|
||||||
];
|
];
|
||||||
|
|
||||||
foreach($photos as $photo)
|
foreach($photos as $photo) {
|
||||||
{
|
|
||||||
$id = explode("_", $photo);
|
$id = explode("_", $photo);
|
||||||
|
|
||||||
$phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]);
|
$phot = (new PhotosRepo)->getByOwnerAndVID((int)$id[0], (int)$id[1]);
|
||||||
if($phot && !$phot->isDeleted()) {
|
if($phot && !$phot->isDeleted() && $phot->canBeViewedBy($this->getUser())) {
|
||||||
$res["items"][] = $phot->toVkApiStruct($photo_sizes, $extended);
|
$res["items"][] = $phot->toVkApiStruct($photo_sizes, $extended);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -477,13 +476,11 @@ final class Photos extends VKAPIRequestHandler
|
||||||
|
|
||||||
$album = (new Albums)->get($album_id);
|
$album = (new Albums)->get($album_id);
|
||||||
|
|
||||||
if(!$album || $album->canBeModifiedBy($this->getUser())) {
|
if(!$album || $album->canBeModifiedBy($this->getUser()))
|
||||||
$this->fail(21, "Invalid album");
|
$this->fail(21, "Invalid album");
|
||||||
}
|
|
||||||
|
|
||||||
if($album->isDeleted()) {
|
if($album->isDeleted())
|
||||||
$this->fail(22, "Album already deleted");
|
$this->fail(22, "Album already deleted");
|
||||||
}
|
|
||||||
|
|
||||||
$album->delete();
|
$album->delete();
|
||||||
|
|
||||||
|
|
@ -497,13 +494,11 @@ final class Photos extends VKAPIRequestHandler
|
||||||
|
|
||||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||||
|
|
||||||
if(!$photo) {
|
if(!$photo)
|
||||||
$this->fail(21, "Invalid photo");
|
$this->fail(21, "Invalid photo");
|
||||||
}
|
|
||||||
|
|
||||||
if($photo->isDeleted()) {
|
if($photo->isDeleted())
|
||||||
$this->fail(21, "Photo is deleted");
|
$this->fail(21, "Photo is deleted");
|
||||||
}
|
|
||||||
|
|
||||||
if(!empty($caption)) {
|
if(!empty($caption)) {
|
||||||
$photo->setDescription($caption);
|
$photo->setDescription($caption);
|
||||||
|
|
@ -521,17 +516,14 @@ final class Photos extends VKAPIRequestHandler
|
||||||
if(empty($photos)) {
|
if(empty($photos)) {
|
||||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||||
|
|
||||||
if($this->getUser()->getId() !== $photo->getOwner()->getId()) {
|
if($this->getUser()->getId() !== $photo->getOwner()->getId())
|
||||||
$this->fail(21, "You can't delete another's photo");
|
$this->fail(21, "You can't delete another's photo");
|
||||||
}
|
|
||||||
|
|
||||||
if(!$photo) {
|
if(!$photo)
|
||||||
$this->fail(21, "Invalid photo");
|
$this->fail(21, "Invalid photo");
|
||||||
}
|
|
||||||
|
|
||||||
if($photo->isDeleted()) {
|
if($photo->isDeleted())
|
||||||
$this->fail(21, "Photo already deleted");
|
$this->fail(21, "Photo already deleted");
|
||||||
}
|
|
||||||
|
|
||||||
$photo->delete();
|
$photo->delete();
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -595,21 +587,20 @@ final class Photos extends VKAPIRequestHandler
|
||||||
$this->requireUser();
|
$this->requireUser();
|
||||||
$this->willExecuteWriteAction();
|
$this->willExecuteWriteAction();
|
||||||
|
|
||||||
if(empty($message) && empty($attachments)) {
|
if(empty($message) && empty($attachments))
|
||||||
$this->fail(100, "Required parameter 'message' missing.");
|
$this->fail(100, "Required parameter 'message' missing.");
|
||||||
}
|
|
||||||
|
|
||||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||||
|
|
||||||
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
|
||||||
$this->fail(21, "This user chose to hide his albums.");
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!$photo)
|
if(!$photo)
|
||||||
$this->fail(180, "Photo not found");
|
$this->fail(180, "Photo not found");
|
||||||
|
|
||||||
if($photo->isDeleted())
|
if($photo->isDeleted())
|
||||||
$this->fail(189, "Photo is deleted");
|
$this->fail(189, "Photo is deleted");
|
||||||
|
|
||||||
|
if(!$photo->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access to photo denied.");
|
||||||
|
|
||||||
$comment = new Comment;
|
$comment = new Comment;
|
||||||
$comment->setOwner($this->getUser()->getId());
|
$comment->setOwner($this->getUser()->getId());
|
||||||
$comment->setModel(get_class($photo));
|
$comment->setModel(get_class($photo));
|
||||||
|
|
@ -669,19 +660,19 @@ final class Photos extends VKAPIRequestHandler
|
||||||
$this->requireUser();
|
$this->requireUser();
|
||||||
$this->willExecuteWriteAction();
|
$this->willExecuteWriteAction();
|
||||||
|
|
||||||
if($owner_id < 0) {
|
if($owner_id < 0)
|
||||||
$this->fail(4, "This method doesn't works with clubs");
|
$this->fail(4, "This method doesn't works with clubs");
|
||||||
}
|
|
||||||
|
|
||||||
$user = (new UsersRepo)->get($owner_id);
|
$user = (new UsersRepo)->get($owner_id);
|
||||||
|
|
||||||
if(!$user) {
|
if(!$user)
|
||||||
$this->fail(4, "Invalid user");
|
$this->fail(4, "Invalid user");
|
||||||
}
|
|
||||||
|
|
||||||
if(!$user->getPrivacyPermission('photos.read', $this->getUser())) {
|
if(!$user->getPrivacyPermission('photos.read', $this->getUser()))
|
||||||
$this->fail(21, "This user chose to hide his albums.");
|
$this->fail(21, "This user chose to hide his albums.");
|
||||||
}
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset);
|
$photos = array_slice(iterator_to_array((new PhotosRepo)->getEveryUserPhoto($user, 1, $count + $offset)), $offset);
|
||||||
$res = [];
|
$res = [];
|
||||||
|
|
@ -702,17 +693,11 @@ final class Photos extends VKAPIRequestHandler
|
||||||
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
$photo = (new PhotosRepo)->getByOwnerAndVID($owner_id, $photo_id);
|
||||||
$comms = array_slice(iterator_to_array($photo->getComments(1, $offset + $count)), $offset);
|
$comms = array_slice(iterator_to_array($photo->getComments(1, $offset + $count)), $offset);
|
||||||
|
|
||||||
if(!$photo) {
|
if(!$photo || $photo->isDeleted())
|
||||||
$this->fail(4, "Invalid photo");
|
$this->fail(4, "Invalid photo");
|
||||||
}
|
|
||||||
|
|
||||||
if(!$photo->getAlbum()->getOwner()->getPrivacyPermission('photos.read', $this->getUser())) {
|
if(!$photo->canBeViewedBy($this->getUser()))
|
||||||
$this->fail(21, "This user chose to hide his photos.");
|
$this->fail(21, "Access denied");
|
||||||
}
|
|
||||||
|
|
||||||
if($photo->isDeleted()) {
|
|
||||||
$this->fail(4, "Photo is deleted");
|
|
||||||
}
|
|
||||||
|
|
||||||
$res = [
|
$res = [
|
||||||
"count" => sizeof($comms),
|
"count" => sizeof($comms),
|
||||||
|
|
|
||||||
|
|
@ -142,21 +142,51 @@ final class Users extends VKAPIRequestHandler
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
case "music":
|
case "music":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->music = "secret";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->music = $usr->getFavoriteMusic();
|
$response[$i]->music = $usr->getFavoriteMusic();
|
||||||
break;
|
break;
|
||||||
case "movies":
|
case "movies":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->movies = "secret";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->movies = $usr->getFavoriteFilms();
|
$response[$i]->movies = $usr->getFavoriteFilms();
|
||||||
break;
|
break;
|
||||||
case "tv":
|
case "tv":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->tv = "secret";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->tv = $usr->getFavoriteShows();
|
$response[$i]->tv = $usr->getFavoriteShows();
|
||||||
break;
|
break;
|
||||||
case "books":
|
case "books":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->books = "secret";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->books = $usr->getFavoriteBooks();
|
$response[$i]->books = $usr->getFavoriteBooks();
|
||||||
break;
|
break;
|
||||||
case "city":
|
case "city":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->city = "Воскресенск";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->city = $usr->getCity();
|
$response[$i]->city = $usr->getCity();
|
||||||
break;
|
break;
|
||||||
case "interests":
|
case "interests":
|
||||||
|
if(!$usr->canBeViewedBy($this->getUser())) {
|
||||||
|
$response[$i]->interests = "secret";
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$response[$i]->interests = $usr->getInterests();
|
$response[$i]->interests = $usr->getInterests();
|
||||||
break;
|
break;
|
||||||
case "rating":
|
case "rating":
|
||||||
|
|
@ -185,6 +215,14 @@ final class Users extends VKAPIRequestHandler
|
||||||
|
|
||||||
$this->requireUser();
|
$this->requireUser();
|
||||||
|
|
||||||
|
$user = $users->get($user_id);
|
||||||
|
|
||||||
|
if(!$user || $user->isDeleted())
|
||||||
|
$this->fail(14, "Invalid user");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
foreach($users->get($user_id)->getFollowers($offset, $count) as $follower)
|
foreach($users->get($user_id)->getFollowers($offset, $count) as $follower)
|
||||||
$followers[] = $follower->getId();
|
$followers[] = $follower->getId();
|
||||||
|
|
||||||
|
|
@ -277,6 +315,7 @@ final class Users extends VKAPIRequestHandler
|
||||||
"fav_shows" => !empty($fav_shows) ? $fav_shows : NULL,
|
"fav_shows" => !empty($fav_shows) ? $fav_shows : NULL,
|
||||||
"fav_books" => !empty($fav_books) ? $fav_books : NULL,
|
"fav_books" => !empty($fav_books) ? $fav_books : NULL,
|
||||||
"fav_quotes" => !empty($fav_quotes) ? $fav_quotes : NULL,
|
"fav_quotes" => !empty($fav_quotes) ? $fav_quotes : NULL,
|
||||||
|
"doNotSearchPrivate" => true,
|
||||||
];
|
];
|
||||||
|
|
||||||
$find = $users->find($q, $parameters, $sortg);
|
$find = $users->find($q, $parameters, $sortg);
|
||||||
|
|
|
||||||
|
|
@ -40,6 +40,15 @@ final class Video extends VKAPIRequestHandler
|
||||||
else
|
else
|
||||||
$this->fail(1, "Not implemented");
|
$this->fail(1, "Not implemented");
|
||||||
|
|
||||||
|
if(!$user || $user->isDeleted())
|
||||||
|
$this->fail(14, "Invalid user");
|
||||||
|
|
||||||
|
if(!$user->getPrivacyPermission('videos.read', $this->getUser()))
|
||||||
|
$this->fail(21, "This user chose to hide his videos.");
|
||||||
|
|
||||||
|
if(!$user->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$videos = (new VideosRepo)->getByUser($user, $offset + 1, $count);
|
$videos = (new VideosRepo)->getByUser($user, $offset + 1, $count);
|
||||||
$videosCount = (new VideosRepo)->getUserVideosCount($user);
|
$videosCount = (new VideosRepo)->getUserVideosCount($user);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,6 +37,9 @@ final class Wall extends VKAPIRequestHandler
|
||||||
if ($owner_id > 0)
|
if ($owner_id > 0)
|
||||||
if(!$wallOnwer || $wallOnwer->isDeleted())
|
if(!$wallOnwer || $wallOnwer->isDeleted())
|
||||||
$this->fail(18, "User was deleted or banned");
|
$this->fail(18, "User was deleted or banned");
|
||||||
|
|
||||||
|
if(!$wallOnwer->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
else
|
else
|
||||||
if(!$wallOnwer)
|
if(!$wallOnwer)
|
||||||
$this->fail(15, "Access denied: wall is disabled"); // Don't search for logic here pls
|
$this->fail(15, "Access denied: wall is disabled"); // Don't search for logic here pls
|
||||||
|
|
@ -220,7 +223,11 @@ final class Wall extends VKAPIRequestHandler
|
||||||
foreach($psts as $pst) {
|
foreach($psts as $pst) {
|
||||||
$id = explode("_", $pst);
|
$id = explode("_", $pst);
|
||||||
$post = (new PostsRepo)->getPostById(intval($id[0]), intval($id[1]));
|
$post = (new PostsRepo)->getPostById(intval($id[0]), intval($id[1]));
|
||||||
|
|
||||||
if($post && !$post->isDeleted()) {
|
if($post && !$post->isDeleted()) {
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
continue;
|
||||||
|
|
||||||
$from_id = get_class($post->getOwner()) == "openvk\Web\Models\Entities\Club" ? $post->getOwner()->getId() * (-1) : $post->getOwner()->getId();
|
$from_id = get_class($post->getOwner()) == "openvk\Web\Models\Entities\Club" ? $post->getOwner()->getId() * (-1) : $post->getOwner()->getId();
|
||||||
$attachments = [];
|
$attachments = [];
|
||||||
$repost = []; // чел высрал семь сигарет 😳 помянем 🕯
|
$repost = []; // чел высрал семь сигарет 😳 помянем 🕯
|
||||||
|
|
@ -389,7 +396,7 @@ final class Wall extends VKAPIRequestHandler
|
||||||
$wallOwner = ($owner_id > 0 ? (new UsersRepo)->get($owner_id) : (new ClubsRepo)->get($owner_id * -1))
|
$wallOwner = ($owner_id > 0 ? (new UsersRepo)->get($owner_id) : (new ClubsRepo)->get($owner_id * -1))
|
||||||
?? $this->fail(18, "User was deleted or banned");
|
?? $this->fail(18, "User was deleted or banned");
|
||||||
if($owner_id > 0)
|
if($owner_id > 0)
|
||||||
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser());
|
$canPost = $wallOwner->getPrivacyPermission("wall.write", $this->getUser()) && $wallOwner->canBeViewedBy($this->getUser());
|
||||||
else if($owner_id < 0)
|
else if($owner_id < 0)
|
||||||
if($wallOwner->canBeModifiedBy($this->getUser()))
|
if($wallOwner->canBeModifiedBy($this->getUser()))
|
||||||
$canPost = true;
|
$canPost = true;
|
||||||
|
|
@ -508,6 +515,9 @@ final class Wall extends VKAPIRequestHandler
|
||||||
$post = (new PostsRepo)->getPostById((int) $postArray[1], (int) $postArray[2]);
|
$post = (new PostsRepo)->getPostById((int) $postArray[1], (int) $postArray[2]);
|
||||||
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$nPost = new Post;
|
$nPost = new Post;
|
||||||
$nPost->setOwner($this->user->getId());
|
$nPost->setOwner($this->user->getId());
|
||||||
|
|
||||||
|
|
@ -546,6 +556,9 @@ final class Wall extends VKAPIRequestHandler
|
||||||
|
|
||||||
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
||||||
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
if(!$post || $post->isDeleted()) $this->fail(100, "One of the parameters specified was missing or invalid");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$comments = (new CommentsRepo)->getCommentsByTarget($post, $offset+1, $count, $sort == "desc" ? "DESC" : "ASC");
|
$comments = (new CommentsRepo)->getCommentsByTarget($post, $offset+1, $count, $sort == "desc" ? "DESC" : "ASC");
|
||||||
|
|
||||||
|
|
@ -624,6 +637,12 @@ final class Wall extends VKAPIRequestHandler
|
||||||
|
|
||||||
$comment = (new CommentsRepo)->get($comment_id); # один хуй айди всех комментов общий
|
$comment = (new CommentsRepo)->get($comment_id); # один хуй айди всех комментов общий
|
||||||
|
|
||||||
|
if(!$comment || $comment->isDeleted())
|
||||||
|
$this->fail(100, "Invalid comment");
|
||||||
|
|
||||||
|
if(!$comment->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
$profiles = [];
|
$profiles = [];
|
||||||
|
|
||||||
$attachments = [];
|
$attachments = [];
|
||||||
|
|
@ -685,6 +704,9 @@ final class Wall extends VKAPIRequestHandler
|
||||||
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
$post = (new PostsRepo)->getPostById($owner_id, $post_id);
|
||||||
if(!$post || $post->isDeleted()) $this->fail(100, "Invalid post");
|
if(!$post || $post->isDeleted()) $this->fail(100, "Invalid post");
|
||||||
|
|
||||||
|
if(!$post->canBeViewedBy($this->getUser()))
|
||||||
|
$this->fail(15, "Access denied");
|
||||||
|
|
||||||
if($post->getTargetWall() < 0)
|
if($post->getTargetWall() < 0)
|
||||||
$club = (new ClubsRepo)->get(abs($post->getTargetWall()));
|
$club = (new ClubsRepo)->get(abs($post->getTargetWall()));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -188,7 +188,7 @@
|
||||||
</div>
|
</div>
|
||||||
{elseif $type == "posts"}
|
{elseif $type == "posts"}
|
||||||
<div n:foreach="$data as $dat" class="content">
|
<div n:foreach="$data as $dat" class="content">
|
||||||
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled()}
|
{if !$dat || $dat->getTargetWall() < 0 && $dat->getWallOwner()->isHideFromGlobalFeedEnabled() || !$dat->canBeViewedBy($thisUser)}
|
||||||
{_closed_group_post}.
|
{_closed_group_post}.
|
||||||
{else}
|
{else}
|
||||||
{include "../components/post.xml", post => $dat, commentSection => true, onWallOf => true}
|
{include "../components/post.xml", post => $dat, commentSection => true, onWallOf => true}
|
||||||
|
|
|
||||||
|
|
@ -150,6 +150,18 @@
|
||||||
"user_banned" = "Unfortunately, we had to block the <b>$1</b> user page.";
|
"user_banned" = "Unfortunately, we had to block the <b>$1</b> user page.";
|
||||||
"user_banned_comment" = "Moderator's comment:";
|
"user_banned_comment" = "Moderator's comment:";
|
||||||
|
|
||||||
|
"closed_page" = "Closed page";
|
||||||
|
|
||||||
|
"limited_access_to_page_m" = "$1 limited access to his page.";
|
||||||
|
"limited_access_to_page_f" = "$1 limited access to her page.";
|
||||||
|
|
||||||
|
"you_can_add" = "You can";
|
||||||
|
"add_to_friends_m" = "add him to friends.";
|
||||||
|
"add_to_friends_f" = "add her to friends.";
|
||||||
|
|
||||||
|
"register_to_access_page_m" = "Sign up to get access to his page.";
|
||||||
|
"register_to_access_page_f" = "Sign up to get access to her page.";
|
||||||
|
|
||||||
/* Wall */
|
/* Wall */
|
||||||
|
|
||||||
"feed" = "News";
|
"feed" = "News";
|
||||||
|
|
@ -528,6 +540,10 @@
|
||||||
"privacy_value_only_me_dative" = "Only me";
|
"privacy_value_only_me_dative" = "Only me";
|
||||||
"privacy_value_nobody" = "Nobody";
|
"privacy_value_nobody" = "Nobody";
|
||||||
|
|
||||||
|
"profile_type" = "Profile type";
|
||||||
|
"profile_type_open" = "Open";
|
||||||
|
"profile_type_closed" = "Closed";
|
||||||
|
|
||||||
"your_email_address" = "Your Email address";
|
"your_email_address" = "Your Email address";
|
||||||
"your_page_address" = "Your address page";
|
"your_page_address" = "Your address page";
|
||||||
"page_address" = "Address page";
|
"page_address" = "Address page";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue