package Newslash::Web::Controller::API::Submission;
-use Mojo::Base 'Mojolicious::Controller';
-use Mojo::Util qw(dumper);
+use Mojo::Base 'Newslash::Web::Controller';
+#use Mojo::Base 'Mojolicious::Controller';
+use Data::Dumper;
use Mojo::JSON qw(decode_json encode_json);
+use Mojo::URL;
+use Email::Valid;
sub get {
my $c = shift;
my $subid = $c->param('subid');
+ my $user = $c->stash('user');
if (!$subid) {
$c->render(json => { err => 1, message => "not_found" });
}
my $submissions = $c->model('submissions');
my $submission = $submissions->select(submission_id => $subid);
+ $c->apply_seclev_filter("submissions", $submission);
+
if (!$submission) {
- $c->render(json => { err => 1, message => "submission_not_found" });
+ $c->render(json => { err => 1, message => "not_found" });
$c->rendered(404);
return;
}
return;
}
+sub list {
+ my $c = shift;
+ my $submissions = $c->app->model('submissions');
+ my $items = [];
+ my $message = "";
+ my $user = $c->stash('user');
+
+ my $show_deleted = 0;
+ if ($c->param('show_deleted') && $user->{is_admin}) {
+ $show_deleted = 1;
+ }
+
+ my $limit = 50;
+ my $skip = 0;
+ if ($c->param('limit')
+ && $c->param('limit') =~ m/\A[0-9]+\z/
+ && $c->param('limit') < 50) {
+ $limit = $c->param('limit');
+ }
+ if ($c->param('skip')
+ && $c->param('skip') =~ m/\A[0-9]+\z/) {
+ $skip = $c->param('skip');
+ }
+
+ $items = $submissions->select(del => $show_deleted,
+ order_by => {create_time => "DESC"},
+ limit => $limit,
+ skip => $skip);
+ $c->apply_seclev_filter("submissions", $items);
+
+ if (!$items) {
+ $message = $submissions->last_error;
+ $c->render(json => {message => $message, error => 1});
+ }
+ else {
+ $c->render(json => {message => $message, items => $items});
+ }
+ return;
+}
+
sub post {
my $c = shift;
my $params = {};
- my $extra_params = {};
- my $opts = {};
-
my $user = $c->stash('user');
# check permission
if (!$user->{permissions}->{submission}) {
- $c->render(json => { err => 1, message => "not_allowed" });
+ $c->render(json => { err => 1, reason => "not_allowed", message => "not_allowed" });
$c->rendered(403);
return;
}
my $submissions = $c->model('submissions');
- my $util = $c->model('util');
-
- my $allowed = $c->app->config->{Editor}->{allowed_tags};
my $data = $c->req->json;
my $item = $data->{item};
+ my $message = "";
+
+ # check body
+ if ($item->{introtext} || $item->{intro_text}) {
+ my $text = $item->{introtext} || $item->{intro_text};
+ $text =~ s/\s+\z//m;
+ $params->{introtext} = $c->format_htmltext($text, "submission");
+ $params->{introtext} =~ s/\s+\z//m;
+ }
+ else {
+ $params->{introtext} = "";
+ }
+ $message = "no_content" if (!$params->{introtext} && !$item->{url});
+
+ # check title
+ $params->{title} = $c->escape_title($item->{title});
+ $message = "no_title" if !$params->{title};
+
+ # check URL
+ if ($item->{url}) {
+ my $url = Mojo::URL->new($item->{url});
+ if ($url->is_abs) {
+ $params->{url} = $item->{url};
+ my $footer = $c->tt2renderer->render("system/submission/footer", {url => $item->{url}});
+ $params->{introtext} = $params->{introtext} . $footer;
+ }
+ else {
+ $message = "invalid_url";
+ }
+ }
+
+ # check Email
+ if ($item->{email}) {
+ if (Email::Valid->address($item->{email})) {
+ $params->{email} = $item->{email};
+ }
+ else {
+ my $url = Mojo::URL->new($item->{email});
+ if ($url->is_abs) {
+ $params->{email} = $item->{email};
+ }
+ else {
+ $message = "invalid_email";
+ }
+ }
+ }
- $params->{title} = $util->escape_html({}, $item->{title});
- $params->{url} = $item->{url};
- $params->{email} = $item->{email};
- $params->{introtext} = $util->clean_html($allowed, $item->{introtext});
- $params->{tid} = 49; #mainpage
$params->{action} = $data->{action} || 'preview';
- $extra_params->{createheaders} = $c->req->headers->to_string;
+ $params->{extra_params} = { createheaders => $c->req->headers->to_string };
+
+ # parse tags
+ #$params->{tid} = 49; #mainpage
+ my $tags_string = $item->{tags_string} || "";
+ my @tags = split(/\s+/, $tags_string);
+ my $topic = $c->model('topics')->get_primary_topic_from_tags(\@tags) || {};
+ $params->{tid} = $topic->{tid} || 49;
+ $params->{tags_string} = $tags_string;
+
+
+ if ($message) {
+ $c->render(json => { err => 1, message => $message });
+ $c->rendered(400);
+ return;
+ }
if ($params->{action} eq 'preview') {
my $result = {
title => $params->{title},
introtext => $params->{introtext},
email => $params->{email},
+ topic => $topic,
+ url => $params->{url},
tid => $params->{tid},
};
$c->render(json => {item => $result});
}
elsif ($params->{action} eq 'post') {
- my $sub_id = $submissions->create($params, $user, $extra_params, $opts);
+ my $sub_id = $submissions->create(user => $user, %$params);
if ($sub_id) {
$c->render(json => {type => "submission", id => $sub_id});
$c->event_que->emit("submission", "post", $user->{uid}, $sub_id);
else {
#if ($submissions->last_errorno && $submissions->last_errorno == 1062) { #ER_DUP_ENTRY
if (defined $sub_id) {
+ $c->render(json => { err => 1, reason => "duplicated_post", message => "duplicated_post" });
$c->rendered(409);
return;
}
- $c->render(json => { err => 1, message => $submissions->last_error });
+ $c->render(json => { err => 1, reason => "server_error", message => $submissions->last_error });
$c->rendered(500);
}
}