diff --git a/src/api/wishlists.php b/src/api/wishlists.php index 22bf3be7..2fcf5b34 100644 --- a/src/api/wishlists.php +++ b/src/api/wishlists.php @@ -108,45 +108,36 @@ switch ($_SERVER['REQUEST_METHOD']) { $getOwnWishlists = $user->isLoggedIn(); if ($getWishlistCardsFromPriority) { - /** - * Get wishlist cards with priority - */ $wishlist = Wishlist::getFromId($_GET['wishlist_id']); - $options = array( + + if (false === $wishlist) { + http_response_code(404); + } + + $priorityAll = -1; + $priorityNone = 0; + $priority = (int) $_GET['priority'] ?? $priorityAll; + + $options = array( 'style' => $_GET['style'], 'placeholders' => array(), ); - $where = array( + $where = array( 'wishlist' => '`wishlist` = ' . $wishlist->getId(), - 'priority' => '`priority` = ' . $_GET['priority'], + 'priority' => '`priority` = ' . $priority, ); - if (-1 === $_GET['priority']) { + if ($priorityAll === $priority) { unset($where['priority']); } - if (empty($_GET['priority'])) { - $where['priority'] = '`priority` IS NULL'; + if ($priorityNone === $priority) { + $where['priority'] = '`priority` IS NULL OR `priority` = 0'; } $options['WHERE'] = '(' . implode(') AND (', $where) . ')'; $response['results'] = $wishlist->getCards($options); - /** - * Get wishlist by id - */ - $wishlist = Wishlist::getFromId($_GET['wishlist_id']); - - /** Determine if user is allowed to access wishlist */ - if ($wishlist instanceof Wishlist) { - if ($user->isLoggedIn() && $user->getId() === $wishlist->getUserId()) { - $response['results'] = $wishlist->getCards(); - } else { - http_response_code(403); - } - } else { - http_response_code(404); - } } elseif ($getWishlistFromHash) { $wishlist = Wishlist::getFromHash($_GET['wishlist_hash']); diff --git a/src/classes/wishthis/Wish.php b/src/classes/wishthis/Wish.php index d942fe9b..a9fdadea 100644 --- a/src/classes/wishthis/Wish.php +++ b/src/classes/wishthis/Wish.php @@ -198,7 +198,7 @@ class Wish $userCard->getLocale() . '@currency=' . $userCard->getCurrency(), \NumberFormatter::CURRENCY ); - $userIsCurrent = $userCurrent->getId() === $userCard->getId(); + $userIsCurrent = $userCurrent->isLoggedIn() && $userCurrent->getId() === $userCard->getId(); /** * Card diff --git a/src/pages/parts/wishlist.php b/src/pages/parts/wishlist.php index 6f988ea0..c41dd4b0 100644 --- a/src/pages/parts/wishlist.php +++ b/src/pages/parts/wishlist.php @@ -44,7 +44,7 @@ $user = User::getCurrent(); = __('All priorities') ?> -