Custom Query (1173 matches)
Results (178 - 180 of 1173)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#637 | fixed | Callable hooks that iterate through vs hooks that halt | ||
Description |
We can handle notification and transform via the "callable hooks" system, but we don't have a "handler" that is the last one to get it and then things stop. One way to handle this: have a series of method calling handlers that do things in different ways, like:
.. both of those would expect It might also be possible to make some callable classes like this, like: callable_hook = CallableHookRunone( 'some_hookname', accrue=True) # accrues the results into a list results = callable_hook(arg1, arg2, kwarg="foo") |
|||
#5356 | fixed | Can't GET another user's outbox | ||
Description |
When a pump client tries to GET the outbox of another user, the API always returns the outbox of the requesting user. The below patch addresses this issue. From c5f40d03a2ae6dd5f5c8ea67e441d4711e052c35 Mon Sep 17 00:00:00 2001 From: ayleph <ayleph@thisshitistemp.com> Date: Sat, 31 Oct 2015 04:18:44 -0400 Subject: [PATCH 2/2] Allow API client to GET another user's outbox --- mediagoblin/api/views.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mediagoblin/api/views.py b/mediagoblin/api/views.py index 671c3b3..dcd04cd 100644 --- a/mediagoblin/api/views.py +++ b/mediagoblin/api/views.py @@ -565,9 +565,9 @@ def feed_endpoint(request, outbox=None): # Create outbox if outbox is None: - outbox = Activity.query.filter_by(actor=request.user.id) + outbox = Activity.query.filter_by(actor=requested_user.id) else: - outbox = outbox.filter_by(actor=request.user.id) + outbox = outbox.filter_by(actor=requested_user.id) # We want the newest things at the top (issue: #1055) outbox = outbox.order_by(Activity.published.desc()) -- 2.6.2 I think this change is safe to make because:
421 # Check that the person trying to update the comment is 422 # the author of the comment. 423 if image.actor != request.user.id: 424 return json_error( 425 "Only uploader of image is able to update image.", 426 status=403 427 )
548 elif request.method != "GET": 549 return json_error( 550 "Unsupported HTTP method {0}".format(request.method), 551 status=501 552 So theoretically only a GET request should be able to pass through with the requested user not the same as the requesting user. |
|||
#5513 | fixed | Can't delete draft blog posts | ||
Description |
Draft blog posts are set to the 'failed' state. The generated blogpost_delete_url link for a draft gets routed to a 404 page. |