mmangino-facebooker 1.0.2 → 1.0.3

data/init.rb

@@ -41,6 +41,22 @@ class ActionController::Routing::Route
   alias_method_chain :recognition_conditions, :facebooker
 end
 
+# When making get requests, Facebook sends fb_sig parameters both in the query string
+# and also in the post body. We want to ignore the query string ones because they are one
+# request out of date
+# We only do thise when there are POST parameters so that IFrame linkage still works
+class ActionController::AbstractRequest
+  def query_parameters_with_facebooker
+    if request_parameters.blank?
+      query_parameters_without_facebooker
+    else
+      (query_parameters_without_facebooker||{}).reject {|key,value| key.to_s =~ /^fb_sig/}
+    end
+  end
+  
+  alias_method_chain :query_parameters, :facebooker
+end
+
 # We turn off route optimization to make named routes use our code for figuring out if they should go to the session
 # If this fails, it means we're on rails 1.2, we can ignore it
 begin

data/lib/facebooker/models/user.rb

@@ -43,13 +43,18 @@ module Facebooker
     # Returns a user's events, params correspond to API call parameters (except UID):
     # http://wiki.developers.facebook.com/index.php/Events.get
     # E.g:
-    #  @user.events(:start_time => Time.now.to_i, :end_time => 1.month.from_now.to_i)
+    #  @user.events(:start_time => Time.now, :end_time => 1.month.from_now)
     #  # => Returns events betwen now and a month from now
     def events(params={})
-      @events ||= @session.post('facebook.events.get', {:uid => self.id}.merge(params)).map do |event|
+      @events ||= {}
+      [:start_time,:end_time].compact.each do |key|
+        params[key] = params[key].to_i
+      end
+#      puts @events[params.to_s].nil?
+      @events[params.to_s] ||= @session.post('facebook.events.get', {:uid => self.id}.merge(params)).map do |event|
         Event.from_hash(event)
       end
-    end
+    end    
     
     # 
     # Set the list of friends, given an array of User objects.  If the list has been retrieved previously, will not set
@@ -219,24 +224,35 @@ module Facebooker
     end
     
     ##
-    # Set the status of the user
-    #
-    # DOES NOT prepend "is" to the message
-    #
-    # requires extended permission. 
+    # This DOES NOT set the status of a user on Facebook
+    # Use the set_status method instead
     def status=(message)
       case message
-      when String
-        session.post('facebook.users.setStatus',:status=>message,:status_includes_verb=>1) do |ret|
-          ret
-        end
-      when Status
+      when String,Status
         @status = message
       when Hash
         @status = Status.from_hash(message)
       end
     end
     
+    ##
+    # Set the status for a user
+    # DOES NOT prepend "is" to the message
+    #
+    # requires extended permission. 
+    def set_status(message)
+      self.status=message
+      session.post('facebook.users.setStatus',:status=>message,:status_includes_verb=>1) do |ret|
+        ret
+      end
+    end
+    
+    ##
+    # Checks to see if the user has enabled the given extended permission
+    def has_permission?(ext_perm) # ext_perm = email, offline_access, status_update, photo_upload, create_listing, create_event, rsvp_event, sms
+      session.post('facebook.users.hasAppPermission',:ext_perm=>ext_perm) == "1"
+    end    
+    
     ##
     # Convenience method to send email to the current user
     def send_email(subject, text=nil, fbml=nil)

data/lib/facebooker/parser.rb

@@ -401,8 +401,8 @@ module Facebooker
         memo
       end
     end
-    
-    private
+
+  private
     def self.are_friends?(raw_value)
       if raw_value == '1'
         true
@@ -432,6 +432,12 @@ module Facebooker
     end
   end
     
+  class UserHasPermission < Parser
+    def self.process(data)
+      element('users_hasAppPermission_response', data).text_value
+    end
+  end  
+
   class Errors < Parser#:nodoc:
     EXCEPTIONS = {
       1 	=> Facebooker::Session::UnknownError,
@@ -492,6 +498,7 @@ module Facebooker
       'facebook.users.getStandardInfo' => UserStandardInfo,
       'facebook.users.setStatus' => SetStatus,
       'facebook.users.getLoggedInUser' => GetLoggedInUser,
+      'facebook.users.hasAppPermission' => UserHasPermission,
       'facebook.pages.isAdmin' => PagesIsAdmin,
       'facebook.pages.getInfo' => PagesGetInfo,
       'facebook.friends.get' => GetFriends,

data/lib/facebooker/rails/facebook_url_helper.rb

@@ -0,0 +1,191 @@
+# Extends the ActionView::Helpers::UrlHelper module.  See it for details on
+# the usual url helper methods: url_for, link_to, button_to, etc.  
+#
+# Mostly, the changes sanitize javascript into facebook javascript.  
+# It sanitizes link_to solely by altering the private methods: 
+# convert_options_to_javascript!, confirm_javascript_function, and 
+# method_javascript_function.  For button_to, it alters button_to
+# itself, as well as confirm_javascript_function.  No other methods 
+# need to be changed because of Facebook javascript.
+#
+# For button_to and link_to, adds alternate confirm options for facebook.
+# ==== Options
+# * <tt>:confirm => 'question?'</tt> - This will add a JavaScript confirm
+#   prompt with the question specified.
+#
+#   Example:
+#     # Generates: <a href="http://rubyforge.org/projects/facebooker" onclick="
+#     #			var dlg = new Dialog().showChoice('Please Confirm', 'Go to Facebooker?').setStyle();
+#     #			var a=this;dlg.onconfirm = function() {
+#     #		          document.setLocation(a.getHref()); 
+#     #			}; return false;">Facebooker</a>
+#     link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>"Go to Facebooker?")
+#
+#   Alternatively, options[:confirm] may be specified.  
+#   See the Facebook page http://wiki.developers.facebook.com/index.php/FBJS.
+#   These options are:
+#   <tt>:title</tt>::       Specifies the title of the Facebook dialog. Default is "Please Confirm".
+#   <tt>:content</tt>::       Specifies the title of the Facebook dialog. Default is "Are you sure?".
+#
+#   Example:
+#     # Generates: <a href="http://rubyforge.org/projects/facebooker" onclick="
+#     #			var dlg = new Dialog().showChoice('the page says:', 'Go to Facebooker?').setStyle();
+#     #			var a=this;dlg.onconfirm = function() {
+#     #		          document.setLocation(a.getHref()); 
+#     #			}; return false;">Facebooker</a>
+#     link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:", :content=>"Go to Facebooker?"})
+#
+#   Any other options passed are assumed to be css styles.
+#   Again, see the Facebook page http://wiki.developers.facebook.com/index.php/FBJS.
+#
+#   Example:
+#     # Generates: <a href="http://rubyforge.org/projects/facebooker" onclick="
+#     #			var dlg = new Dialog().showChoice('the page says:', 'Are you sure?').setStyle({color: 'pink', width: '200px'});
+#     #			var a=this;dlg.onconfirm = function() {
+#     #		          document.setLocation(a.getHref()); 
+#     #			}; return false;">Facebooker</a>
+#     link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:, :color=>"pink", :width=>"200px"})
+module ActionView
+  module Helpers
+    module UrlHelper
+      # Alters one and only one line of the Rails button_to.  See below.
+      def button_to_with_facebooker(name, options={}, html_options = {})
+        if !request_comes_from_facebook?
+           button_to_without_facebooker(name,options,html_options)
+        else
+          html_options = html_options.stringify_keys
+          convert_boolean_attributes!(html_options, %w( disabled ))
+
+          method_tag = ''
+          if (method = html_options.delete('method')) && %w{put delete}.include?(method.to_s)
+            method_tag = tag('input', :type => 'hidden', :name => '_method', :value => method.to_s)
+          end
+
+          form_method = method.to_s == 'get' ? 'get' : 'post'
+        
+          request_token_tag = ''
+          if form_method == 'post' && protect_against_forgery?
+            request_token_tag = tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token)
+          end
+        
+          if confirm = html_options.delete("confirm")
+            # this line is the only change => html_options["onclick"] = "return #{confirm_javascript_function(confirm)}"
+            html_options["onclick"] = "#{confirm_javascript_function(confirm, 'a.getForm().submit();')}return false;"
+          end
+
+          url = options.is_a?(String) ? options : self.url_for(options)
+          name ||= url
+ 
+          html_options.merge!("type" => "submit", "value" => name)
+
+          "<form method=\"#{form_method}\" action=\"#{escape_once url}\" class=\"button-to\"><div>" +
+            method_tag + tag("input", html_options) + request_token_tag + "</div></form>"
+        end
+      end
+
+      alias_method_chain :button_to, :facebooker
+
+      private
+
+	# Altered to throw an error on :popup and sanitize the javascript
+	# for Facebook.
+        def convert_options_to_javascript_with_facebooker!(html_options, url ='')
+          if !request_comes_from_facebook?
+            convert_options_to_javascript_without_facebooker!(html_options,url)
+   	  else
+            confirm, popup = html_options.delete("confirm"), html_options.delete("popup")
+
+            method, href = html_options.delete("method"), html_options['href']
+
+            html_options["onclick"] = case
+              when popup
+                raise ActionView::ActionViewError, "You can't use :popup"
+              when method # or maybe (confirm and method)
+                "#{method_javascript_function(method, url, href, confirm)}return false;"
+              when confirm # and only confirm
+                "#{confirm_javascript_function(confirm)}return false;"
+              else
+                html_options["onclick"]
+            end
+ 	  end
+        end
+
+	alias_method_chain :convert_options_to_javascript!, :facebooker
+
+
+	# Overrides a private method that link_to calls via convert_options_to_javascript! and
+	# also, button_to calls directly.  For Facebook, confirm can be a hash of options to 
+	# stylize the Facebook dialog.  Takes :title, :content, :style options.  See
+	# the Facebook page http://wiki.developers.facebook.com/index.php/FBJS for valid
+	# style formats like "color: 'black', background: 'white'" or like "'color','black'".
+	#
+	# == Examples ==
+	#
+	# link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>"Go to Facebooker?")
+	# link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:, :content=>"Go to Facebooker?"})
+	# link_to("Facebooker", "http://rubyforge.org/projects/facebooker", :confirm=>{:title=>"the page says:, :content=>"Go to Facebooker?", :color=>"pink"})
+        def confirm_javascript_function_with_facebooker(confirm, fun = nil)
+          if !request_comes_from_facebook?
+            confirm_javascript_function_without_facebooker(confirm)
+ 	  else
+  	    if(confirm.is_a?(Hash))
+                confirm_options = confirm.stringify_keys
+		title = confirm_options.delete("title") || "Please Confirm"
+		content = confirm_options.delete("content") || "Are you sure?"
+		style = confirm_options.empty? ? "" : convert_options_to_css(confirm_options)
+  	    else
+	      title,content,style = 'Please Confirm', confirm, ""
+	    end
+
+            "var dlg = new Dialog().showChoice('#{escape_javascript(title.to_s)}','#{escape_javascript(content.to_s)}').setStyle(#{style});"+
+	    "var a=this;dlg.onconfirm = function() { #{fun ? fun : 'document.setLocation(a.getHref());'} };"
+	  end
+        end
+
+	alias_method_chain :confirm_javascript_function, :facebooker
+
+	def convert_options_to_css(options)
+	  key_pair = options.shift
+	  style = "{#{key_pair[0]}: '#{key_pair[1]}'"
+	  for key in options.keys
+	    style << ", #{key}: '#{options[key]}'"
+	  end
+	  style << "}"
+	end
+
+	# Dynamically creates a form for link_to with method.  Calls confirm_javascript_function if and 
+	# only if (confirm && method) for link_to
+        def method_javascript_function_with_facebooker(method, url = '', href = nil, confirm = nil)
+          if !request_comes_from_facebook?
+            method_javascript_function_without_facebooker(method,url,href)
+ 	  else
+            action = (href && url.size > 0) ? "'#{url}'" : 'a.getHref()'
+            submit_function =
+              "var f = document.createElement('form'); f.setStyle('display','none'); " +
+              "a.getParentNode().appendChild(f); f.setMethod('POST'); f.setAction(#{action});"
+
+            unless method == :post
+              submit_function << "var m = document.createElement('input'); m.setType('hidden'); "
+              submit_function << "m.setName('_method'); m.setValue('#{method}'); f.appendChild(m);"
+            end
+
+            if protect_against_forgery?
+              submit_function << "var s = document.createElement('input'); s.setType('hidden'); "
+              submit_function << "s.setName('#{request_forgery_protection_token}'); s.setValue('#{escape_javascript form_authenticity_token}'); f.appendChild(s);"
+            end
+            submit_function << "f.submit();"
+
+	    if(confirm)
+	      confirm_javascript_function(confirm, submit_function)
+  	    else
+	      "var a=this;" + submit_function
+ 	    end
+          end
+	end
+
+	alias_method_chain :method_javascript_function, :facebooker
+
+    end
+  end
+end
+

data/test/user_test.rb

@@ -15,6 +15,11 @@ class UserTest < Test::Unit::TestCase
     @user.friends = [@other_user]
   end
   
+  def test_has_permission
+    expect_http_posts_with_responses(has_app_permission_response_xml)
+    assert @user.has_permission?("status_update")
+  end
+  
   def test_can_ask_user_if_he_or_she_is_friends_with_another_user
     assert(@user.friends_with?(@other_user))
   end
@@ -109,9 +114,13 @@ class UserTest < Test::Unit::TestCase
     @user.send_email("subject", nil, "body fbml")
   end
   
+  def test_doesnt_post_to_facebook_when_assigning_status
+    @session.expects(:post).never
+    @user.status="my status"
+  end
   def test_can_set_status_with_string
     @session.expects(:post).with('facebook.users.setStatus', :status=>"my status",:status_includes_verb=>1)
-    @user.status="my status"
+    @user.set_status("my status")
   end
   
   def test_get_events
@@ -120,12 +129,18 @@ class UserTest < Test::Unit::TestCase
     events = @user.events
     assert_equal "29511517904", events.first.eid
   end
-  
-  def test_can_get_events
-    @user.expects(:events)
-    @user.events
+
+  def test_events_caching_honors_params
+    @user = Facebooker::User.new(9507801, @session)
+    @session.expects(:post).returns([{:eid=>1}])
+    assert_equal 1,@user.events.first.eid
+    @session.expects(:post).returns([{:eid=>2}])
+    assert_equal 2,@user.events(:start_time=>1.day.ago).first.eid
+    @session.expects(:post).never
+    assert_equal 1,@user.events.first.eid
   end
   
+  
   def test_to_s
     assert_equal("1234",@user.to_s)
   end
@@ -226,4 +241,13 @@ class UserTest < Test::Unit::TestCase
     </connect_registerUsers_response>
     XML
   end
-end
+  
+  def has_app_permission_response_xml
+    <<-XML
+    <?xml version="1.0" encoding="UTF-8"?>
+    <users_hasAppPermission_response xmlns="http://api.facebook.com/1.0/"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd">1</users_hasAppPermission_response>
+    XML
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: mmangino-facebooker
 version: !ruby/object:Gem::Version 
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors: 
 - Chad Fowler
@@ -115,6 +115,7 @@ files:
 - lib/facebooker/rails/facebook_pretty_errors.rb
 - lib/facebooker/rails/facebook_request_fix.rb
 - lib/facebooker/rails/facebook_session_handling.rb
+- lib/facebooker/rails/facebook_url_helper.rb
 - lib/facebooker/rails/facebook_url_rewriting.rb
 - lib/facebooker/rails/helpers.rb
 - lib/facebooker/rails/profile_publisher_extensions.rb