Don’t get the current Sone, we allow to modify local Sones only.

[Sone.git] / src / main / java / net / pterodactylus / sone / web / EditAlbumPage.java

diff --git a/src/main/java/net/pterodactylus/sone/web/EditAlbumPage.java b/src/main/java/net/pterodactylus/sone/web/EditAlbumPage.java
index fd4bf7c..3db14d5 100644 (file)
--- a/src/main/java/net/pterodactylus/sone/web/EditAlbumPage.java
+++ b/src/main/java/net/pterodactylus/sone/web/EditAlbumPage.java
@@ -1,5 +1,5 @@
 /*
- * Sone - EditAlbumPage.java - Copyright © 2011 David Roden
+ * Sone - EditAlbumPage.java - Copyright © 2011–2013 David Roden
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -18,6 +18,8 @@
 package net.pterodactylus.sone.web;
 
 import net.pterodactylus.sone.data.Album;
+import net.pterodactylus.sone.data.Sone;
+import net.pterodactylus.sone.text.TextFilter;
 import net.pterodactylus.sone.web.page.FreenetRequest;
 import net.pterodactylus.util.template.Template;
 import net.pterodactylus.util.template.TemplateContext;
@@ -54,9 +56,18 @@ public class EditAlbumPage extends SoneTemplatePage {
                        if (album == null) {
                                throw new RedirectException("invalid.html");
                        }
-                       if (!webInterface.getCore().isLocalSone(album.getSone())) {
+                       if (!album.getSone().isLocal()) {
                                throw new RedirectException("noPermission.html");
                        }
+                       if ("true".equals(request.getHttpRequest().getPartAsStringFailsafe("moveLeft", 4))) {
+                               album.getParent().moveAlbumUp(album);
+                               webInterface.getCore().touchConfiguration();
+                               throw new RedirectException("imageBrowser.html?album=" + album.getParent().getId());
+                       } else if ("true".equals(request.getHttpRequest().getPartAsStringFailsafe("moveRight", 4))) {
+                               album.getParent().moveAlbumDown(album);
+                               webInterface.getCore().touchConfiguration();
+                               throw new RedirectException("imageBrowser.html?album=" + album.getParent().getId());
+                       }
                        String albumImageId = request.getHttpRequest().getPartAsStringFailsafe("album-image", 36);
                        if (webInterface.getCore().getImage(albumImageId, false) == null) {
                                albumImageId = null;
@@ -68,7 +79,7 @@ public class EditAlbumPage extends SoneTemplatePage {
                                return;
                        }
                        String description = request.getHttpRequest().getPartAsStringFailsafe("description", 1000).trim();
-                       album.setTitle(title).setDescription(description);
+                       album.setTitle(title).setDescription(TextFilter.filter(request.getHttpRequest().getHeader("host"), description));
                        webInterface.getCore().touchConfiguration();
                        throw new RedirectException("imageBrowser.html?album=" + album.getId());
                }