apigroupprofileupdate.php 8.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248
  1. <?php
  2. // This file is part of GNU social - https://www.gnu.org/software/social
  3. //
  4. // GNU social is free software: you can redistribute it and/or modify
  5. // it under the terms of the GNU Affero General Public License as published by
  6. // the Free Software Foundation, either version 3 of the License, or
  7. // (at your option) any later version.
  8. //
  9. // GNU social is distributed in the hope that it will be useful,
  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. // GNU Affero General Public License for more details.
  13. //
  14. // You should have received a copy of the GNU Affero General Public License
  15. // along with GNU social. If not, see <http://www.gnu.org/licenses/>.
  16. /**
  17. * Update a group's profile
  18. *
  19. * @category API
  20. * @package GNUsocial
  21. * @author Zach Copley <zach@status.net>
  22. * @copyright 2010 StatusNet, Inc.
  23. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  24. */
  25. defined('GNUSOCIAL') || die();
  26. /**
  27. * API analog to the group edit page
  28. *
  29. * @category API
  30. * @package GNUsocial
  31. * @author Zach Copley <zach@status.net>
  32. * @license https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
  33. */
  34. class ApiGroupProfileUpdateAction extends ApiAuthAction
  35. {
  36. protected $needPost = true;
  37. /**
  38. * Take arguments for running
  39. *
  40. * @param array $args $_REQUEST args
  41. *
  42. * @return boolean success flag
  43. *
  44. */
  45. protected function prepare(array $args=array())
  46. {
  47. parent::prepare($args);
  48. $this->nickname = Nickname::normalize($this->trimmed('nickname'));
  49. $this->fullname = $this->trimmed('fullname');
  50. $this->homepage = $this->trimmed('homepage');
  51. $this->description = $this->trimmed('description');
  52. $this->location = $this->trimmed('location');
  53. $this->aliasstring = $this->trimmed('aliases');
  54. $this->user = $this->auth_user;
  55. $this->group = $this->getTargetGroup($this->arg('id'));
  56. return true;
  57. }
  58. /**
  59. * Handle the request
  60. *
  61. * See which request params have been set, and update the profile
  62. *
  63. * @return void
  64. */
  65. protected function handle()
  66. {
  67. parent::handle();
  68. if (!in_array($this->format, array('xml', 'json'))) {
  69. // TRANS: Client error displayed when coming across a non-supported API method.
  70. $this->clientError(_('API method not found.'), 404);
  71. }
  72. if (empty($this->user)) {
  73. // TRANS: Client error displayed when not providing a user or an invalid user.
  74. $this->clientError(_('No such user.'), 404);
  75. }
  76. if (empty($this->group)) {
  77. // TRANS: Client error displayed when not providing a group or an invalid group.
  78. $this->clientError(_('Group not found.'), 404);
  79. }
  80. if (!$this->user->isAdmin($this->group)) {
  81. // TRANS: Client error displayed when trying to edit a group without being an admin.
  82. $this->clientError(_('You must be an admin to edit the group.'), 403);
  83. }
  84. $this->group->query('START TRANSACTION');
  85. $orig = clone($this->group);
  86. try {
  87. if (common_config('profile', 'changenick') == true && $this->group->nickname !== $this->nickname) {
  88. try {
  89. $this->group->nickname = Nickname::normalize($this->nickname, true);
  90. } catch (NicknameException $e) {
  91. throw new ApiValidationException($e->getMessage());
  92. }
  93. $this->group->mainpage = common_local_url(
  94. 'showgroup',
  95. ['nickname' => $this->group->nickname]
  96. );
  97. }
  98. if (!empty($this->fullname)) {
  99. $this->validateFullname();
  100. $this->group->fullname = $this->fullname;
  101. }
  102. if (!empty($this->homepage)) {
  103. $this->validateHomepage();
  104. $this->group->homepage = $this->homepage;
  105. }
  106. if (!empty($this->description)) {
  107. $this->validateDescription();
  108. $this->group->description = $this->decription;
  109. }
  110. if (!empty($this->location)) {
  111. $this->validateLocation();
  112. $this->group->location = $this->location;
  113. }
  114. } catch (ApiValidationException $ave) {
  115. $this->clientError($ave->getMessage(), 400);
  116. }
  117. $result = $this->group->update($orig);
  118. if (!$result) {
  119. common_log_db_error($this->group, 'UPDATE', __FILE__);
  120. // TRANS: Server error displayed when group update fails.
  121. $this->serverError(_('Could not update group.'));
  122. }
  123. $aliases = array();
  124. try {
  125. if (!empty($this->aliasstring)) {
  126. $aliases = $this->validateAliases();
  127. }
  128. } catch (ApiValidationException $ave) {
  129. $this->clientError($ave->getMessage(), 403);
  130. }
  131. $result = $this->group->setAliases($aliases);
  132. if (!$result) {
  133. // TRANS: Server error displayed when adding group aliases fails.
  134. $this->serverError(_('Could not create aliases.'));
  135. }
  136. $this->group->query('COMMIT');
  137. switch ($this->format) {
  138. case 'xml':
  139. $this->showSingleXmlGroup($this->group);
  140. break;
  141. case 'json':
  142. $this->showSingleJsonGroup($this->group);
  143. break;
  144. default:
  145. // TRANS: Client error displayed when coming across a non-supported API method.
  146. $this->clientError(_('API method not found.'), 404);
  147. }
  148. }
  149. public function validateHomepage()
  150. {
  151. if (!is_null($this->homepage)
  152. && (strlen($this->homepage) > 0)
  153. && !common_valid_http_url($this->homepage)) {
  154. throw new ApiValidationException(
  155. // TRANS: API validation exception thrown when homepage URL does not validate.
  156. _('Homepage is not a valid URL.')
  157. );
  158. }
  159. }
  160. public function validateFullname()
  161. {
  162. if (!is_null($this->fullname) && mb_strlen($this->fullname) > 255) {
  163. throw new ApiValidationException(
  164. // TRANS: API validation exception thrown when full name does not validate.
  165. _('Full name is too long (maximum 255 characters).')
  166. );
  167. }
  168. }
  169. public function validateDescription()
  170. {
  171. if (User_group::descriptionTooLong($this->description)) {
  172. // TRANS: API validation exception thrown when description does not validate.
  173. // TRANS: %d is the maximum description length and used for plural.
  174. throw new ApiValidationException(sprintf(
  175. _m('Description is too long (maximum %d character).',
  176. 'Description is too long (maximum %d characters).',
  177. User_group::maxDescription()),
  178. User_group::maxDescription()
  179. ));
  180. }
  181. }
  182. public function validateLocation()
  183. {
  184. if (!is_null($this->location) && mb_strlen($this->location) > 255) {
  185. throw new ApiValidationException(
  186. // TRANS: API validation exception thrown when location does not validate.
  187. _('Location is too long (maximum 255 characters).')
  188. );
  189. }
  190. }
  191. public function validateAliases()
  192. {
  193. try {
  194. $aliases = array_map(
  195. ['Nickname', 'normalize'],
  196. array_unique(preg_split('/[\s,]+/', $this->aliasstring))
  197. );
  198. } catch (NicknameException $e) {
  199. throw new ApiValidationException(sprintf('Error processing aliases: %s', $e->getMessage()));
  200. }
  201. if (count($aliases) > common_config('group', 'maxaliases')) {
  202. // TRANS: API validation exception thrown when aliases do not validate.
  203. // TRANS: %d is the maximum number of aliases and used for plural.
  204. throw new ApiValidationException(sprintf(
  205. _m('Too many aliases! Maximum %d allowed.',
  206. 'Too many aliases! Maximum %d allowed.',
  207. common_config('group', 'maxaliases')),
  208. common_config('group', 'maxaliases')
  209. ));
  210. }
  211. return $aliases;
  212. }
  213. }