diff options
author | Yorhel <git@yorhel.nl> | 2014-08-19 09:14:21 +0200 |
---|---|---|
committer | Yorhel <git@yorhel.nl> | 2014-08-19 09:14:21 +0200 |
commit | 4be09bd3aee68c3f0b671eef21730f9a595c6e5c (patch) | |
tree | 4de3e3f0e0f928a20f9f833facf584e1ba784ef9 | |
parent | aae112a5af748b69d1a7cda5431da9c03fa967e7 (diff) |
API: Allow access to other users' public lists
-rw-r--r-- | data/docs/11 | 15 | ||||
-rw-r--r-- | lib/Multi/API.pm | 26 |
2 files changed, 29 insertions, 12 deletions
diff --git a/data/docs/11 b/data/docs/11 index eafe7d5f..432b6286 100644 --- a/data/docs/11 +++ b/data/docs/11 @@ -1127,7 +1127,9 @@ however still required.<br /> <td>vn</td> <td>id</td> <td>=</td> - <td>Find characters linked to the given visual novel ID.</td> + <td>Find characters linked to the given visual novel ID. Note that this may + also include characters that are normally hidden by spoiler settings. + </td> </tr> </table> @@ -1179,13 +1181,16 @@ however still required.<br /> <td>uid</td> <td>integer</td> <td>=</td> - <td>This filter must be present, and currently must be '0' (= logged in user)</td> + <td>This filter must be present. The special value '0' is recognized as the currently logged in user.</td> </tr> </table> <p> Note: It's possible that a user has voted on a VN that has been deleted. The vote is still included this list, but a 'get vn' command on its id will not - return anything. + return anything.<br /> + Note#2: This command will not return any results for users who have their vote + list hidden from the public in their preferences, except when the user itself + has logged into the API and the uid filter is 0. </p> :SUBSUB:get vnlist @@ -1245,7 +1250,7 @@ however still required.<br /> <td>This filter must be present, and currently must be '0' (= logged in user)</td> </tr> </table> -<p>The note about deleted VNs for 'get votelist' also applies here.</p> +<p>The notes mentioned under 'get votelist' also apply here.</p> :SUBSUB:get wishlist <p>Provides access to the wish list of the logged in user. As such, this command is only available when logged in as a user.</p> @@ -1297,7 +1302,7 @@ however still required.<br /> <td>This filter must be present, and currently must be '0' (= logged in user)</td> </tr> </table> -<p>The note about deleted VNs for 'get votelist' also applies here.</p> +<p>The notes mentioned under 'get votelist' also apply here.</p> :SUB:The 'set' command diff --git a/lib/Multi/API.pm b/lib/Multi/API.pm index c7b1b882..814bd58e 100644 --- a/lib/Multi/API.pm +++ b/lib/Multi/API.pm @@ -375,7 +375,6 @@ sub client_input { opt => $opt, ); return cerr $c, 'gettype', "Unknown get type: '$arg->[0]'" if $arg->[0] !~ /^(?:vn|release|producer|character|votelist|vnlist|wishlist)$/; - return cerr $c, needlogin => 'Not logged in as a user' if $arg->[0] =~ /^list$/ && !$c->{uid}; return $_[KERNEL]->yield("get_$arg->[0]", \%obj); } @@ -1002,16 +1001,21 @@ sub get_votelist { my $select = "vid AS vn, vote, extract('epoch' from date) AS added"; my @placeholders; + my $uid; my $where = encode_filters $get->{filters}, \&filtertosql, $get->{c}, \@placeholders, [ [ 'uid', - [ 'int' => 'uid :op: :value:', {qw|= =|}, process => sub { $_[0] eq '0' ? $get->{c}{uid} : \'uid filter must be 0' } ], + [ 'int' => 'uid :op: :value:', {qw|= =|}, range => [0,1e6], process => sub { $uid = $_[0]; $_[0] || $get->{c}{uid} || 0 } ], ] ]; + my $last = sqllast $get, 'vn', { vn => 'vid %s' }; return if !$where || !$last; + return cerr $get->{c}, needlogin => 'Not logged in as a user' if !$uid && !$get->{c}{uid}; + $where = "($where) AND NOT EXISTS(SELECT 1 FROM users_prefs WHERE uid = v.uid AND key = 'hide_list')" if $uid; + $_[KERNEL]->post(pg => query => - qq|SELECT $select FROM votes WHERE $where $last|, + qq|SELECT $select FROM votes v WHERE $where $last|, \@placeholders, 'get_votelist_res', $get); } @@ -1043,16 +1047,20 @@ sub get_vnlist { my $select = "vid AS vn, status, extract('epoch' from added) AS added, notes"; my @placeholders; + my $uid; my $where = encode_filters $get->{filters}, \&filtertosql, $get->{c}, \@placeholders, [ [ 'uid', - [ 'int' => 'uid :op: :value:', {qw|= =|}, process => sub { $_[0] eq '0' ? $get->{c}{uid} : \'uid filter must be 0' } ], + [ 'int' => 'uid :op: :value:', {qw|= =|}, range => [0,1e6], process => sub { $uid = $_[0]; $_[0] || $get->{c}{uid} || 0 } ], ] ]; my $last = sqllast $get, 'vn', { vn => 'vid %s' }; return if !$where || !$last; + return cerr $get->{c}, needlogin => 'Not logged in as a user' if !$uid && !$get->{c}{uid}; + $where = "($where) AND NOT EXISTS(SELECT 1 FROM users_prefs WHERE uid = v.uid AND key = 'hide_list')" if $uid; + $_[KERNEL]->post(pg => query => - qq|SELECT $select FROM vnlists WHERE $where $last|, + qq|SELECT $select FROM vnlists v WHERE $where $last|, \@placeholders, 'get_vnlist_res', $get); } @@ -1085,16 +1093,20 @@ sub get_wishlist { my $select = "vid AS vn, wstat AS priority, extract('epoch' from added) AS added"; my @placeholders; + my $uid; my $where = encode_filters $get->{filters}, \&filtertosql, $get->{c}, \@placeholders, [ [ 'uid', - [ 'int' => 'uid :op: :value:', {qw|= =|}, process => sub { $_[0] eq '0' ? $get->{c}{uid} : \'uid filter must be 0' } ], + [ 'int' => 'uid :op: :value:', {qw|= =|}, range => [0,1e6], process => sub { $uid = $_[0]; $_[0] || $get->{c}{uid} || 0 } ], ] ]; my $last = sqllast $get, 'vn', { vn => 'vid %s' }; return if !$where || !$last; + return cerr $get->{c}, needlogin => 'Not logged in as a user' if !$uid && !$get->{c}{uid}; + $where = "($where) AND NOT EXISTS(SELECT 1 FROM users_prefs WHERE uid = w.uid AND key = 'hide_list')" if $uid; + $_[KERNEL]->post(pg => query => - qq|SELECT $select FROM wlists WHERE $where $last|, + qq|SELECT $select FROM wlists w WHERE $where $last|, \@placeholders, 'get_wishlist_res', $get); } |