diff --git a/app/Commands/DeleteTrackCommand.php b/app/Commands/DeleteTrackCommand.php index 9fa22835..fde024ca 100644 --- a/app/Commands/DeleteTrackCommand.php +++ b/app/Commands/DeleteTrackCommand.php @@ -20,6 +20,7 @@ namespace Poniverse\Ponyfm\Commands; +use Gate; use Poniverse\Ponyfm\Models\Track; class DeleteTrackCommand extends CommandBase @@ -41,9 +42,7 @@ class DeleteTrackCommand extends CommandBase */ public function authorize() { - $user = \Auth::user(); - - return $this->_track && $user != null && $this->_track->user_id == $user->id; + return Gate::allows('delete', $this->_track); } /** diff --git a/app/Commands/EditTrackCommand.php b/app/Commands/EditTrackCommand.php index c9688344..0e2ee814 100644 --- a/app/Commands/EditTrackCommand.php +++ b/app/Commands/EditTrackCommand.php @@ -142,7 +142,7 @@ class EditTrackCommand extends CommandBase } else { if (isset($this->_input['cover'])) { $cover = $this->_input['cover']; - $track->cover_id = Image::upload($cover, Auth::user())->id; + $track->cover_id = Image::upload($cover, $track->user_id)->id; } else { if ($this->_input['remove_cover'] == 'true') { $track->cover_id = null; diff --git a/app/Http/Controllers/Api/Web/AlbumsController.php b/app/Http/Controllers/Api/Web/AlbumsController.php index c6b718f9..f5056802 100644 --- a/app/Http/Controllers/Api/Web/AlbumsController.php +++ b/app/Http/Controllers/Api/Web/AlbumsController.php @@ -141,13 +141,13 @@ class AlbumsController extends ApiControllerBase 200); } - public function getOwned($id) + public function getOwned(User $user) { - $user = User::findOrFail($id); $this->authorize('get-albums', $user); - $query = Album::summary()->where('user_id', $id)->orderBy('created_at', 'desc')->get(); + $query = Album::summary()->where('user_id', $user->id)->orderBy('created_at', 'desc')->get(); $albums = []; + foreach ($query as $album) { $albums[] = [ 'id' => $album->id, diff --git a/app/Http/Controllers/Api/Web/ImagesController.php b/app/Http/Controllers/Api/Web/ImagesController.php index a7071211..390da1a4 100644 --- a/app/Http/Controllers/Api/Web/ImagesController.php +++ b/app/Http/Controllers/Api/Web/ImagesController.php @@ -20,17 +20,21 @@ namespace Poniverse\Ponyfm\Http\Controllers\Api\Web; +use Auth; use Poniverse\Ponyfm\Http\Controllers\ApiControllerBase; use Poniverse\Ponyfm\Models\Image; -use Cover; -use Illuminate\Support\Facades\Response; +use Poniverse\Ponyfm\Models\User; +use Response; class ImagesController extends ApiControllerBase { - public function getOwned() + public function getOwned(User $user) { - $query = Image::where('uploaded_by', \Auth::user()->id); + $this->authorize('get-images', $user); + + $query = Image::where('uploaded_by', $user->id); $images = []; + foreach ($query->get() as $image) { $images[] = [ 'id' => $image->id, diff --git a/app/Http/routes.php b/app/Http/routes.php index 70b7a65f..349c006d 100644 --- a/app/Http/routes.php +++ b/app/Http/routes.php @@ -132,13 +132,12 @@ Route::group(['prefix' => 'api/web'], function() { Route::group(['middleware' => 'auth'], function() { Route::get('/account/settings', 'Api\Web\AccountController@getSettings'); - Route::get('/images/owned', 'Api\Web\ImagesController@getOwned'); - Route::get('/tracks/owned', 'Api\Web\TracksController@getOwned'); Route::get('/tracks/edit/{id}', 'Api\Web\TracksController@getEdit'); - Route::get('/users/{id}/albums', 'Api\Web\AlbumsController@getOwned')->where('id', '\d+'); -// Route::get('/albums/owned', 'Api\Web\AlbumsController@getOwned'); + Route::get('/users/{userId}/albums', 'Api\Web\AlbumsController@getOwned')->where('id', '\d+'); + Route::get('/users/{userId}/images', 'Api\Web\ImagesController@getOwned')->where('id', '\d+'); + Route::get('/albums/edit/{id}', 'Api\Web\AlbumsController@getEdit'); Route::get('/playlists/owned', 'Api\Web\PlaylistsController@getOwned'); diff --git a/app/Models/Image.php b/app/Models/Image.php index 75ac2c20..95d9ff13 100644 --- a/app/Models/Image.php +++ b/app/Models/Image.php @@ -68,7 +68,7 @@ class Image extends Model /** * @param UploadedFile $file - * @param $user + * @param int|User $user * @param bool $forceReupload forces the image to be re-processed even if a matching hash is found * @return Image * @throws \Exception diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php index 76d13507..ac81c6d3 100644 --- a/app/Policies/UserPolicy.php +++ b/app/Policies/UserPolicy.php @@ -27,4 +27,8 @@ class UserPolicy public function getAlbums(User $userToAuthorize, User $user) { return $userToAuthorize->id === $user->id || $userToAuthorize->hasRole('admin'); } + + public function getImages(User $userToAuthorize, User $user) { + return $userToAuthorize->id === $user->id || $userToAuthorize->hasRole('admin'); + } } diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 6c785098..39111b4f 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -22,6 +22,7 @@ namespace Poniverse\Ponyfm\Providers; use Illuminate\Routing\Router; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; +use Poniverse\Ponyfm\Models\User; class RouteServiceProvider extends ServiceProvider { @@ -42,9 +43,9 @@ class RouteServiceProvider extends ServiceProvider */ public function boot(Router $router) { - // - parent::boot($router); + + $router->model('userId', User::class); } /** diff --git a/public/templates/directives/track-editor.html b/public/templates/directives/track-editor.html index 155830ef..1fd4ef9c 100644 --- a/public/templates/directives/track-editor.html +++ b/public/templates/directives/track-editor.html @@ -82,7 +82,7 @@
- +
diff --git a/public/templates/directives/track-player.html b/public/templates/directives/track-player.html index 39be2738..27dbf1b7 100644 --- a/public/templates/directives/track-player.html +++ b/public/templates/directives/track-player.html @@ -1,7 +1,7 @@
- - + +
diff --git a/resources/assets/scripts/app/controllers/account-image-select.coffee b/resources/assets/scripts/app/controllers/account-image-select.coffee deleted file mode 100644 index a790759e..00000000 --- a/resources/assets/scripts/app/controllers/account-image-select.coffee +++ /dev/null @@ -1,26 +0,0 @@ -# Pony.fm - A community for pony fan music. -# Copyright (C) 2015 Peter Deltchev -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -module.exports = angular.module('ponyfm').controller "account-image-select", [ - '$scope' - ($scope) -> - $scope.images = [] - $scope.isLoading = true - - $.getJSON('/api/web/images/owned').done (images) -> $scope.$apply -> - $scope.images = images - $scope.isLoading = false -] diff --git a/resources/assets/scripts/app/controllers/track.coffee b/resources/assets/scripts/app/controllers/track.coffee index 84787b37..8344a6a7 100644 --- a/resources/assets/scripts/app/controllers/track.coffee +++ b/resources/assets/scripts/app/controllers/track.coffee @@ -30,6 +30,11 @@ module.exports = angular.module('ponyfm').controller "track", [ $scope.$on 'track-updated', () -> updateTrackData(true) + $scope.$on 'track-deleted', () -> + # This is meant to take you back to whatever state you found + # this track from. + $window.history.go(-2) + $scope.playlists = [] if auth.data.isLogged diff --git a/resources/assets/scripts/app/directives/image-upload.coffee b/resources/assets/scripts/app/directives/image-upload.coffee index 71760713..e3b178e3 100644 --- a/resources/assets/scripts/app/directives/image-upload.coffee +++ b/resources/assets/scripts/app/directives/image-upload.coffee @@ -23,6 +23,8 @@ module.exports = angular.module('ponyfm').directive 'pfmImageUpload', () -> scope: setImage: '=setImage' image: '=image' + # ID of the user to upload images on behalf of + userId: '=userId' compile: (element) -> $image = element.find 'img' @@ -31,6 +33,7 @@ module.exports = angular.module('ponyfm').directive 'pfmImageUpload', () -> controller: [ 'images', '$scope', 'lightbox' (images, $scope, lightbox) -> + $scope.imageObject = null $scope.imageFile = null $scope.imageUrl = null @@ -40,7 +43,7 @@ module.exports = angular.module('ponyfm').directive 'pfmImageUpload', () -> $scope.$watch 'image', (val) -> $scope.imageObject = $scope.imageFile = $scope.imageUrl = null $scope.isImageLoaded = false - return if !val + return unless val? $scope.imageUrl = val $image.attr 'src', val @@ -50,7 +53,9 @@ module.exports = angular.module('ponyfm').directive 'pfmImageUpload', () -> $scope.isImageLoaded = true window.setTimeout (() -> window.alignVertically($image)), 0 - images.refresh().done (images) -> $scope.images = images + $scope.$watch 'userId', (val)-> + return unless val? + images.refresh(false, $scope.userId).done (images) -> $scope.images = images $scope.previewImage = () -> return if !$scope.isImageLoaded diff --git a/resources/assets/scripts/app/directives/track-editor.coffee b/resources/assets/scripts/app/directives/track-editor.coffee index 31e83ff5..10c5909d 100644 --- a/resources/assets/scripts/app/directives/track-editor.coffee +++ b/resources/assets/scripts/app/directives/track-editor.coffee @@ -91,7 +91,7 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () -> $scope.track.is_published = true $scope.isDirty = false $scope.errors = {} - images.refresh true + images.refresh(true, track.user_id) formData = new FormData(); _.each $scope.track, (value, name) -> @@ -129,6 +129,7 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () -> # ======================================== tracks.getEdit($scope.trackId, true) .then (track)-> + images.refresh(true, track.user_id) $.when( albums.refresh(false, track.user_id), taxonomies.refresh() @@ -139,6 +140,7 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () -> for album in albums albumsDb[album.id] = album $scope.albums.push album + $scope.selectedAlbum = if track.album_id then albumsDb[track.album_id] else null # Update track data @@ -153,6 +155,7 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () -> $scope.track = id: track.id title: track.title + user_id: track.user_id description: track.description lyrics: track.lyrics is_explicit: track.is_explicit @@ -169,7 +172,6 @@ module.exports = angular.module('ponyfm').directive 'pfmTrackEditor', () -> is_published: track.is_published is_listed: track.is_listed - $scope.selectedAlbum = if track.album_id then albumsDb[track.album_id] else null $scope.selectedSongs = {} $scope.selectedSongs[song.id] = song for song in track.show_songs updateSongDisplay() diff --git a/resources/assets/scripts/app/services/images.coffee b/resources/assets/scripts/app/services/images.coffee index 390767b0..5abe29a0 100644 --- a/resources/assets/scripts/app/services/images.coffee +++ b/resources/assets/scripts/app/services/images.coffee @@ -18,17 +18,21 @@ module.exports = angular.module('ponyfm').factory('images', [ '$rootScope' ($rootScope) -> def = null + currentlyLoadedUserId = null + self = images: [] isLoading: true - refresh: (force) -> - return def if !force && def + + refresh: (force, userId = window.pfm.auth.user.id) -> + return def if !force && def && userId == currentlyLoadedUserId def = new $.Deferred() self.images = [] self.isLoading = true - $.getJSON('/api/web/images/owned').done (images) -> $rootScope.$apply -> + $.getJSON("/api/web/users/#{userId}/images").done (images) -> $rootScope.$apply -> + currentlyLoadedUserId = userId self.images = images self.isLoading = false def.resolve images @@ -38,4 +42,3 @@ module.exports = angular.module('ponyfm').factory('images', [ self.refresh() return self ]) -