X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapistatusesshow.php;h=8b9cc347797bdfeb4b7bbff62def398e354edd2c;hb=46cf5aa2a40af94e42d44135560a6464f8e7d5d4;hp=e684a07eec90a56033ecf31106e886e57ab1bfd3;hpb=407663fb402f0384cced2b63a2f901d19ab71d19;p=quix0rs-gnu-social.git

diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php
index e684a07eec..8b9cc34779 100644
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@@ -34,11 +34,7 @@
  * @link      http://status.net/
  */
 
-if (!defined('STATUSNET')) {
-    exit(1);
-}
-
-require_once INSTALLDIR . '/lib/apiprivateauth.php';
+if (!defined('GNUSOCIAL')) { exit(1); }
 
 /**
  * Returns the notice specified by id as a Twitter-style status and inline user
@@ -67,7 +63,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * @return boolean success flag
      */
-    function prepare($args)
+    protected function prepare(array $args=array())
     {
         parent::prepare($args);
 
@@ -78,11 +74,20 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
 
         $this->notice_id = (int)$this->trimmed('id');
 
-        if (empty($notice_id)) {
-            $this->notice_id = (int)$this->arg('id');
+        $this->notice = Notice::getKV('id', $this->notice_id);
+        if (!$this->notice instanceof Notice) {
+            $deleted = Deleted_notice::getKV('id', $this->notice_id);
+            if ($deleted instanceof Deleted_notice) {
+                // TRANS: Client error displayed trying to show a deleted notice.
+                $this->clientError(_('Notice deleted.'), 410);
+            }
+            // TRANS: Client error displayed trying to show a non-existing notice.
+            $this->clientError(_('No such notice.'), 404);
+        }
+        if (!$this->notice->inScope($this->scoped)) {
+            // TRANS: Client exception thrown when trying a view a notice the user has no access to.
+            throw new ClientException(_('Access restricted.'), 403);
         }
-
-        $this->notice = Notice::staticGet((int)$this->notice_id);
 
         return true;
     }
@@ -92,18 +97,15 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
      *
      * Check the format and show the notice
      *
-     * @param array $args $_REQUEST data (unused)
-     *
      * @return void
      */
-    function handle($args)
+    protected function handle()
     {
-        parent::handle($args);
+        parent::handle();
 
         if (!in_array($this->format, array('xml', 'json', 'atom'))) {
-            // TRANS: Client error displayed when trying to handle an unknown API method.
+            // TRANS: Client error displayed when coming across a non-supported API method.
             $this->clientError(_('API method not found.'), 404);
-            return;
         }
 
         switch ($_SERVER['REQUEST_METHOD']) {
@@ -114,8 +116,8 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
             $this->deleteNotice();
             break;
         default:
+            // TRANS: Client error displayed calling an unsupported HTTP error in API status show.
             $this->clientError(_('HTTP method not supported.'), 405);
-            return;
         }
     }
 
@@ -138,13 +140,15 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
                 $this->showSingleAtomStatus($this->notice);
                 break;
             default:
-                throw new Exception(sprintf(_("Unsupported format: %s"), $this->format));
+                // TRANS: Exception thrown requesting an unsupported notice output format.
+                // TRANS: %s is the requested output format.
+                throw new Exception(sprintf(_("Unsupported format: %s."), $this->format));
             }
         } else {
             // XXX: Twitter just sets a 404 header and doens't bother
             // to return an err msg
 
-            $deleted = Deleted_notice::staticGet($this->notice_id);
+            $deleted = Deleted_notice::getKV($this->notice_id);
 
             if (!empty($deleted)) {
                 $this->clientError(
@@ -165,20 +169,16 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
     }
 
     /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
      *
      * @param array $args other arguments
      *
      * @return boolean true
      */
-    
+
     function isReadOnly($args)
     {
-        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-	    return true;
-	} else {
-	    return false;
-	}
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
     }
 
     /**
@@ -224,15 +224,15 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
     function deleteNotice()
     {
         if ($this->format != 'atom') {
-            $this->clientError(_("Can only delete using the Atom format."));
-            return;
+            // TRANS: Client error displayed when trying to delete a notice not using the Atom format.
+            $this->clientError(_('Can only delete using the Atom format.'));
         }
 
         if (empty($this->auth_user) ||
             ($this->notice->profile_id != $this->auth_user->id &&
              !$this->auth_user->hasRight(Right::DELETEOTHERSNOTICE))) {
-            $this->clientError(_('Can\'t delete this notice.'), 403);
-            return;
+            // TRANS: Client error displayed when a user has no rights to delete notices of other users.
+            $this->clientError(_('Cannot delete this notice.'), 403);
         }
 
         if (Event::handle('StartDeleteOwnNotice', array($this->auth_user, $this->notice))) {
@@ -244,6 +244,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
 
         header('HTTP/1.1 200 OK');
         header('Content-Type: text/plain');
+        // TRANS: Confirmation of notice deletion in API. %d is the ID (number) of the deleted notice.
         print(sprintf(_('Deleted notice %d'), $this->notice->id));
         print("\n");
     }