Author: chabotc
Date: Thu Jul 16 10:13:54 2009
New Revision: 794614
URL: http://svn.apache.org/viewvc?rev=794614&view=rev
Log:
Update to SHINDIG-1109 by Jacky Wang - The anonymous viewer is now dealth with
on the service level and never hits the data layer. This makes implementations
safer (no risk of accidently allowing the anon users to write anything) and as
an added bonus, easier as well
Modified:
incubator/shindig/trunk/php/src/common/sample/BasicSecurityToken.php
incubator/shindig/trunk/php/src/social/sample/JsonDbOpensocialService.php
incubator/shindig/trunk/php/src/social/service/PersonHandler.php
Modified: incubator/shindig/trunk/php/src/common/sample/BasicSecurityToken.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/sample/BasicSecurityToken.php?rev=794614&r1=794613&r2=794614&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/common/sample/BasicSecurityToken.php
(original)
+++ incubator/shindig/trunk/php/src/common/sample/BasicSecurityToken.php Thu
Jul 16 10:13:54 2009
@@ -124,11 +124,9 @@
* {...@inheritdoc}
*/
public function getOwnerId() {
- /*
if ($this->isAnonymous()) {
throw new Exception("Can't get ownerId from an anonymous token");
}
- */
return $this->tokenData[$this->OWNER_KEY];
}
@@ -136,11 +134,9 @@
* {...@inheritdoc}
*/
public function getViewerId() {
- /*
if ($this->isAnonymous()) {
throw new Exception("Can't get viewerId from an anonymous token");
}
- */
return $this->tokenData[$this->VIEWER_KEY];
}
Modified:
incubator/shindig/trunk/php/src/social/sample/JsonDbOpensocialService.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/sample/JsonDbOpensocialService.php?rev=794614&r1=794613&r2=794614&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/sample/JsonDbOpensocialService.php
(original)
+++ incubator/shindig/trunk/php/src/social/sample/JsonDbOpensocialService.php
Thu Jul 16 10:13:54 2009
@@ -264,13 +264,6 @@
$person = $newPerson;
}
$people[$id] = $person;
- } else if ($id === SecurityToken::$ANONYMOUS) {
- $person = array();
- $person['isOwner'] = $token->isAnonymous() ? true : false;
- $person['isViewer'] = $token->isAnonymous() ? true : false;
- $person['name'] = 'anonymous_user';
- $person['displayName'] = 'Guest';
- $people[$id] = $person;
}
}
if ($sortOrder == 'name') {
Modified: incubator/shindig/trunk/php/src/social/service/PersonHandler.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/service/PersonHandler.php?rev=794614&r1=794613&r2=794614&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/service/PersonHandler.php (original)
+++ incubator/shindig/trunk/php/src/social/service/PersonHandler.php Thu Jul 16
10:13:54 2009
@@ -23,6 +23,14 @@
private static $PEOPLE_PATH = "/people/{userId}/{groupId}/{personId}";
private static $DEFAULT_FIELDS = array('ID', 'NAME', 'GENDER',
'THUMBNAIL_URL');
+ private static $ANONYMOUS_ID_TYPE = array('viewer', 'me');
+ private static $ANONYMOUS_VIEWER = array(
+ 'isOwner' => false,
+ 'isViewer' => true,
+ 'name' => 'anonymous_user',
+ 'displayName' => 'Guest'
+ );
+
public function __construct() {
parent::__construct('person_service');
}
@@ -68,26 +76,59 @@
$options->setFilterValue($request->getFilterValue());
$options->setStartIndex($request->getStartIndex());
$options->setCount($request->getCount());
- // personId: Array ( [0] => 8 )
+
+ $token = $request->getToken();
+ $groupType = $groupId->getType();
+ // handle Anonymous Viewer exceptions
+ $containAnonymousUser = false;
+ if ($token->isAnonymous()) {
+ // Find out whether userIds contains
+ // a) @viewer, b) @me, c) SecurityToken::$ANONYMOUS
+ foreach ($userIds as $key=>$id) {
+ if (in_array($id->getType(), self::$ANONYMOUS_ID_TYPE) ||
+ (($id->getType() == 'userId') && ($id->getUserId($token) ==
SecurityToken::$ANONYMOUS))) {
+ $containAnonymousUser = true;
+ unset($userIds[$key]);
+ }
+ }
+ // Skip any requests if groupId is not @self or @all, since anonymous
viewer won't have friends.
+ if (($containAnonymousUser) && ($groupType != 'self') && ($groupType !=
'all')) {
+ throw new Exception("Can't get friend from an anonymous viewer.");
+ }
+ }
+ if ($containAnonymousUser && (count($userIds) == 0)) {
+ $people = array(SecurityToken::$ANONYMOUS => self::$ANONYMOUS_VIEWER);
+ $collection = new RestfulCollection($people, $options->getStartIndex(),
1);
+ $collection->setItemsPerPage($options->getCount());
+ return $collection;
+ }
+ $service = $this->service;
+ $ret = null;
if (count($userIds) == 1) {
if (count($optionalPersonId) == 0) {
- if ($groupId->getType() == 'self') {
- return $this->service->getPerson($userIds[0], $groupId, $fields,
$request->getToken());
+ if ($groupType == 'self') {
+ $ret = $service->getPerson($userIds[0], $groupId, $fields, $token);
} else {
- return $this->service->getPeople($userIds, $groupId, $options,
$fields, $request->getToken());
+ $ret = $service->getPeople($userIds, $groupId, $options, $fields,
$token);
}
} elseif (count($optionalPersonId) == 1) {
- return $this->service->getPerson($optionalPersonId[0], $groupId,
$fields, $request->getToken());
+ $ret = $service->getPerson($optionalPersonId[0], $groupId, $fields,
$token);
} else {
$personIds = array();
foreach ($optionalPersonId as $pid) {
$personIds[] = new UserId('userId', $pid);
}
// Every other case is a collection response of optional person ids
- return $this->service->getPeople($personIds, new GroupId('self',
null), $options, $fields, $request->getToken());
+ $ret = $service->getPeople($personIds, new GroupId('self', null),
$options, $fields, $token);
}
}
// Every other case is a collection response.
- return $this->service->getPeople($userIds, $groupId, $options, $fields,
$request->getToken());
+ $ret = $service->getPeople($userIds, $groupId, $options, $fields, $token);
+ // Append anonymous viewer
+ if ($containAnonymousUser) {
+ $ret->entry[SecurityToken::$ANONYMOUS] = self::$ANONYMOUS_VIEWER;
+ $ret->totalResults += 1;
+ }
+ return $ret;
}
}
