@evan Fixed message domain for messages in plugins for recent commits.

[quix0rs-gnu-social.git] / actions / apistatusesretweet.php

diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php
index fc71d2274332625e6fa46713b5dfc42dad714eac..6e6ebb038f8c83d6b8aa755fc4f6b738a4512aed 100644 (file)
--- a/actions/apistatusesretweet.php
+++ b/actions/apistatusesretweet.php
@@ -43,7 +43,6 @@ require_once INSTALLDIR . '/lib/mediafile.php';
  * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
  * @link     http://status.net/
  */
-
 class ApiStatusesRetweetAction extends ApiAuthAction
 {
     var $original = null;
@@ -54,14 +53,13 @@ class ApiStatusesRetweetAction extends ApiAuthAction
      * @param array $args $_REQUEST args
      *
      * @return boolean success flag
-     *
      */
-
     function prepare($args)
     {
         parent::prepare($args);
 
         if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            // TRANS: Client error. POST is a HTTP command. It should not be translated.
             $this->clientError(_('This method requires a POST.'),
                                400, $this->format);
             return false;
@@ -72,27 +70,52 @@ class ApiStatusesRetweetAction extends ApiAuthAction
         $this->original = Notice::staticGet('id', $id);
 
         if (empty($this->original)) {
-            $this->clientError(_('No such notice'),
+            // TRANS: Client error displayed trying to repeat a non-existing notice through the API.
+            $this->clientError(_('No such notice.'),
                                400, $this->format);
             return false;
         }
 
         $this->user = $this->auth_user;
 
-        if ($this->user->id == $notice->profile_id) {
-            $this->clientError(_('Cannot repeat your own notice'));
+        if ($this->user->id == $this->original->profile_id) {
+            // TRANS: Client error displayed trying to repeat an own notice through the API.
+            $this->clientError(_('Cannot repeat your own notice.'),
                                400, $this->format);
             return false;
         }
 
+        // Is it OK to repeat that notice (general enough scope)?
+
+        if ($this->original->scope != Notice::SITE_SCOPE &&
+            $this->original->scope != Notice::PUBLIC_SCOPE) {
+            // TRANS: Client error displayed when trying to repeat a private notice.
+            $this->clientError(_('You may not repeat a private notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         $profile = $this->user->getProfile();
 
+        // Can the profile actually see that notice?
+
+        if (!$this->original->inScope($profile)) {
+            // TRANS: Client error displayed when trying to repeat a notice the user has no access to.
+            $this->clientError(_('No access to that notice.'),
+                               403,
+                               $this->format);
+            return false;
+        }
+
         if ($profile->hasRepeated($id)) {
-            $this->clientError(_('Already repeated that notice'),
+            // TRANS: Client error displayed trying to re-repeat a notice through the API.
+            $this->clientError(_('Already repeated that notice.'),
                                400, $this->format);
             return false;
         }
 
+
         return true;
     }
 
@@ -105,15 +128,12 @@ class ApiStatusesRetweetAction extends ApiAuthAction
      *
      * @return void
      */
-
     function handle($args)
     {
         parent::handle($args);
 
         $repeat = $this->original->repeat($this->user->id, $this->source);
 
-        common_broadcast_notice($repeat);
-
         $this->showNotice($repeat);
     }
 
@@ -122,7 +142,6 @@ class ApiStatusesRetweetAction extends ApiAuthAction
      *
      * @return void
      */
-
     function showNotice($notice)
     {
         if (!empty($notice)) {