Don't use the implicit perms='user' arg for make_*hook.

[platal.git] / modules / api.php

diff --git a/modules/api.php b/modules/api.php
index ecdd645..11630cc 100644 (file)
--- a/modules/api.php
+++ b/modules/api.php
@@ -26,8 +26,8 @@ class ApiModule extends PlModule
         return array(
             // TODO(vzanotti): Extend the plat/al engine to support placeholders
             // in handler urls, for instance "api/1/user/%forlife/isRegistered".
-            'api/1/user'   => $this->make_api_hook('user', AUTH_COOKIE, 'api_user_readonly'),
-            'api/1/search' => $this->make_api_hook('search', AUTH_COOKIE),
+            'api/1/user'   => $this->make_api_hook('user',   AUTH_COOKIE, 'api_user_readonly'),
+            'api/1/search' => $this->make_api_hook('search', AUTH_COOKIE, 'user'),
         );
     }
 
@@ -56,12 +56,30 @@ class ApiModule extends PlModule
             $page->trigError('Malformed search query');
             return PL_BAD_REQUEST;
         }
-        if (strlen(trim($payload['quick'])) < 3) {
+
+        $query = trim($payload['quick']);
+        if (@$payload['allow_special']) {
+            if (starts_with($query, 'admin:')) {
+                $page->jsonAssign('link_type', 'admin');
+                $query = substr($query, 6);
+            } else if (starts_with($query, 'adm:')) {
+                $page->jsonAssign('link_type', 'admin');
+                $query = substr($query, 4);
+            } else if (starts_with('admin', $query) || strpos($query, ':') !== false) {
+                $page->jsonAssign('profile_count', -1);
+                $page->jsonAssign('profiles', array());
+                return PL_JSON;
+            } else {
+                $page->jsonAssign('link_type', 'profile');
+            }
+        }
+        if (strlen($query) < 3) {
             $page->jsonAssign('profile_count', -1);
             $page->jsonAssign('profiles', array());
             return PL_JSON;
         }
-        Env::set('quick', $payload['quick']);
+
+        Env::set('quick', $query);
         foreach (array('with_soundex', 'exact') as $key) {
             if (isset($payload[$key])) {
                 Env::set($key, $payload[$key]);
@@ -70,7 +88,7 @@ class ApiModule extends PlModule
 
         require_once 'userset.inc.php';
         $view = new QuickSearchSet();
-        $view->addMod('json', 'JSon', true, array('with_score' => true, 'starts_with' => $byletter));
+        $view->addMod('json', 'JSon', true, $payload);
         $view->apply('api/1/search', $page, 'json');
         return PL_JSON;
     }