diff --git a/api/RestfulServer.php b/api/RestfulServer.php index 3d0f29efd..cb2c257d6 100644 --- a/api/RestfulServer.php +++ b/api/RestfulServer.php @@ -123,6 +123,10 @@ class RestfulServer extends Controller { */ protected $member; + static $allowed_actions = array( + 'index' + ); + /* function handleItem($request) { return new RestfulServer_Item(DataObject::get_by_id($request->param("ClassName"), $request->param("ID"))); diff --git a/api/SapphireSoapServer.php b/api/SapphireSoapServer.php index d3a043e48..48124aef6 100755 --- a/api/SapphireSoapServer.php +++ b/api/SapphireSoapServer.php @@ -26,6 +26,11 @@ class SapphireSoapServer extends Controller { 'binary' => 'xsd:base64Binary', ); + static $allowed_actions = array( + 'index', + 'wsdl' + ); + function wsdl() { $this->getResponse()->addHeader("Content-Type", "text/xml"); diff --git a/api/VersionedRestfulServer.php b/api/VersionedRestfulServer.php index dd2d32e87..b40413f7c 100644 --- a/api/VersionedRestfulServer.php +++ b/api/VersionedRestfulServer.php @@ -6,6 +6,11 @@ * @subpackage integration */ class VersionedRestfulServer extends Controller { + + static $allowed_actions = array( + 'index' + ); + function handleRequest($request) { Versioned::reading_stage('Live'); $restfulserver = new RestfulServer(); diff --git a/cli/CliController.php b/cli/CliController.php index 7c3758b98..2c912b6a9 100755 --- a/cli/CliController.php +++ b/cli/CliController.php @@ -10,6 +10,10 @@ * @subpackage cron */ abstract class CliController extends Controller { + + static $allowed_actions = array( + 'index' + ); function init() { parent::init(); diff --git a/dev/CodeViewer.php b/dev/CodeViewer.php index 614fb56d3..140af42e4 100644 --- a/dev/CodeViewer.php +++ b/dev/CodeViewer.php @@ -7,11 +7,17 @@ */ class CodeViewer extends Controller { - public static $url_handlers = array ( + public static $url_handlers = array( '' => 'browse', '$Class' => 'viewClass' ); + static $allowed_actions = array( + 'index', + 'browse', + 'viewClass' + ); + /** * Define a simple finite state machine. * Top keys are the state names. 'start' is the first state, and 'die' is the error state. diff --git a/dev/DevelopmentAdmin.php b/dev/DevelopmentAdmin.php index 0008d1744..f40b8a5c5 100644 --- a/dev/DevelopmentAdmin.php +++ b/dev/DevelopmentAdmin.php @@ -17,6 +17,17 @@ class DevelopmentAdmin extends Controller { '$Action//$Action/$ID' => 'handleAction', ); + static $allowed_actions = array( + 'index', + 'tests', + 'jstests', + 'tasks', + 'viewmodel', + 'build', + 'reset', + 'viewcode' + ); + function init() { parent::init(); diff --git a/dev/InstallerTest.php b/dev/InstallerTest.php index b061235b3..d89fb3e52 100644 --- a/dev/InstallerTest.php +++ b/dev/InstallerTest.php @@ -5,6 +5,10 @@ * @subpackage testing */ class InstallerTest extends Controller { + + static $allowed_actions = array( + 'testrewrite' + ); function testrewrite() { echo "OK"; diff --git a/dev/JSTestRunner.php b/dev/JSTestRunner.php index 89b61db78..517fe2ffb 100644 --- a/dev/JSTestRunner.php +++ b/dev/JSTestRunner.php @@ -42,6 +42,13 @@ class JSTestRunner extends Controller { '$TestCase' => 'only', ); + static $allowed_actions = array( + 'index', + 'all', + 'browse', + 'only' + ); + /** * Override the default reporter with a custom configured subclass. * diff --git a/dev/SapphireREPL.php b/dev/SapphireREPL.php index d8ef2cd31..4b5b520cb 100644 --- a/dev/SapphireREPL.php +++ b/dev/SapphireREPL.php @@ -23,6 +23,10 @@ define('30719',E_ALL); * @subpackage dev */ class SapphireREPL extends Controller { + + static $allowed_actions = array( + 'index' + ); public function error_handler( $errno, $errstr, $errfile, $errline, $errctx ) { // Ignore unless important error diff --git a/dev/TaskRunner.php b/dev/TaskRunner.php index 367e5c125..f0c28bdc1 100644 --- a/dev/TaskRunner.php +++ b/dev/TaskRunner.php @@ -10,6 +10,10 @@ class TaskRunner extends Controller { '$TaskName' => 'runTask' ); + static $allowed_actions = array( + 'index' + ); + function init() { parent::init(); diff --git a/dev/TestRunner.php b/dev/TestRunner.php index 7adf7b85d..a7d89942c 100644 --- a/dev/TestRunner.php +++ b/dev/TestRunner.php @@ -40,6 +40,21 @@ class TestRunner extends Controller { '$TestCase' => 'only', ); + static $allowed_actions = array( + 'index', + 'browse', + 'coverage', + 'startsession', + 'endsession', + 'cleanupdb', + 'module', + 'all', + 'build', + 'only' + ); + + + /** * @var Array Blacklist certain directories for the coverage report. * Filepaths are relative to the webroot, without leading slash. diff --git a/email/Email.php b/email/Email.php index 58c79182d..f5bd36271 100755 --- a/email/Email.php +++ b/email/Email.php @@ -616,6 +616,10 @@ class Email extends ViewableData { */ class Email_BounceHandler extends Controller { + static $allowed_actions = array( + 'index' + ); + function init() { BasicAuth::protect_entire_site(false); parent::init(); diff --git a/filesystem/Upload.php b/filesystem/Upload.php index 1e833c3eb..e1dbfaab9 100644 --- a/filesystem/Upload.php +++ b/filesystem/Upload.php @@ -21,6 +21,11 @@ */ class Upload extends Controller { + static $allowed_actions = array( + 'index', + 'load' + ); + /** * A File object * @var File diff --git a/security/Security.php b/security/Security.php index 395912a33..5507561dd 100644 --- a/security/Security.php +++ b/security/Security.php @@ -5,6 +5,18 @@ * @subpackage security */ class Security extends Controller { + + static $allowed_actions = array( + 'index', + 'login', + 'logout', + 'basicauthlogin', + 'lostpassword', + 'passwordsent', + 'changepassword', + 'ping', + 'LoginForm' + ); /** * Default user name. Only used in dev-mode by {@link setDefaultAdmin()} diff --git a/tests/ControllerTest.php b/tests/ControllerTest.php index 43d19477b..acc12d586 100755 --- a/tests/ControllerTest.php +++ b/tests/ControllerTest.php @@ -139,7 +139,7 @@ class ControllerTest extends FunctionalTest { /** * Simple controller for testing */ -class ControllerTest_Controller extends Controller { +class ControllerTest_Controller extends Controller implements TestOnly { public $Content = "default content"; function methodaction() { @@ -156,7 +156,7 @@ class ControllerTest_Controller extends Controller { /** * Controller with an $allowed_actions value */ -class ControllerTest_SecuredController extends Controller { +class ControllerTest_SecuredController extends Controller implements TestOnly { static $allowed_actions = array( "methodaction", "adminonly" => "ADMIN", @@ -179,7 +179,7 @@ class ControllerTest_SecuredController extends Controller { } } -class ControllerTest_FullSecuredController extends Controller { +class ControllerTest_FullSecuredController extends Controller implements TestOnly { static $allowed_actions = array( "*" => "ADMIN", @@ -195,7 +195,7 @@ class ControllerTest_FullSecuredController extends Controller { } } -class ControllerTest_UnsecuredController extends ControllerTest_SecuredController {} +class ControllerTest_UnsecuredController extends ControllerTest_SecuredController implements TestOnly {} class ControllerTest_HasAction extends Controller { @@ -210,7 +210,7 @@ class ControllerTest_HasAction extends Controller { } -class ControllerTest_HasAction_Unsecured extends ControllerTest_HasAction { +class ControllerTest_HasAction_Unsecured extends ControllerTest_HasAction implements TestOnly { public function defined_action() { } diff --git a/tests/RequestHandlingTest.php b/tests/RequestHandlingTest.php index 027d2d8b1..4bdf7a48d 100755 --- a/tests/RequestHandlingTest.php +++ b/tests/RequestHandlingTest.php @@ -265,7 +265,7 @@ Director::addRules(50, array( /** * Controller for the test */ -class RequestHandlingTest_Controller extends Controller { +class RequestHandlingTest_Controller extends Controller implements TestOnly { static $url_handlers = array( // The double-slash is need here to ensure that '$Action//$ID/$OtherID' => "handleAction", @@ -383,7 +383,7 @@ class RequestHandlingTest_ControllerExtension extends Extension { /** * Controller for the test */ -class RequestHandlingTest_AllowedController extends Controller { +class RequestHandlingTest_AllowedController extends Controller implements TestOnly { static $url_handlers = array( // The double-slash is need here to ensure that '$Action//$ID/$OtherID' => "handleAction", @@ -458,7 +458,7 @@ class RequestHandlingTest_Form extends Form { } } -class RequestHandlingTest_ControllerFormWithAllowedActions extends Controller { +class RequestHandlingTest_ControllerFormWithAllowedActions extends Controller implements TestOnly { function Form() { return new RequestHandlingTest_FormWithAllowedActions( diff --git a/tests/WebserverRoutingTest.php b/tests/WebserverRoutingTest.php index fc82efc37..cd7be56f4 100644 --- a/tests/WebserverRoutingTest.php +++ b/tests/WebserverRoutingTest.php @@ -37,7 +37,7 @@ class WebserverRoutingTest extends SapphireTest { * @package sapphire * @subpackage tests */ -class WebserverRoutingTest_Controller extends Controller { +class WebserverRoutingTest_Controller extends Controller implements TestOnly { function index() { BasicAuth::protect_entire_site(false); diff --git a/tests/api/RestfulServiceTest.php b/tests/api/RestfulServiceTest.php index 0da14a7a0..2387e6354 100644 --- a/tests/api/RestfulServiceTest.php +++ b/tests/api/RestfulServiceTest.php @@ -134,7 +134,7 @@ class RestfulServiceTest extends SapphireTest { } } -class RestfulServiceTest_Controller extends Controller { +class RestfulServiceTest_Controller extends Controller implements TestOnly { public function init() { $this->basicAuthEnabled = false; parent::init(); diff --git a/tests/forms/FormTest.php b/tests/forms/FormTest.php index e45aba6e4..c6517558b 100755 --- a/tests/forms/FormTest.php +++ b/tests/forms/FormTest.php @@ -368,7 +368,7 @@ class FormTest_Team extends DataObject implements TestOnly { ); } -class FormTest_Controller extends Controller { +class FormTest_Controller extends Controller implements TestOnly { static $url_handlers = array( '$Action//$ID/$OtherID' => "handleAction", ); @@ -424,7 +424,7 @@ class FormTest_Controller extends Controller { } } -class FormTest_ControllerWithSecurityToken extends Controller { +class FormTest_ControllerWithSecurityToken extends Controller implements TestOnly { static $url_handlers = array( '$Action//$ID/$OtherID' => "handleAction", ); diff --git a/tests/forms/TableFieldTest.php b/tests/forms/TableFieldTest.php index 96ef3921f..5cbb2391e 100755 --- a/tests/forms/TableFieldTest.php +++ b/tests/forms/TableFieldTest.php @@ -288,7 +288,7 @@ class TableFieldTest extends SapphireTest { /** * Stub controller */ -class TableFieldTest_Controller extends Controller { +class TableFieldTest_Controller extends Controller implements TestOnly { function Link($action = null) { return Controller::join_links('TableFieldTest/', $action); } diff --git a/widgets/Widget.php b/widgets/Widget.php index 96a8d785b..aaddd2afb 100755 --- a/widgets/Widget.php +++ b/widgets/Widget.php @@ -150,6 +150,10 @@ class Widget_Controller extends Controller { */ protected $widget; + static $allowed_actions = array( + 'editablesegment' + ); + function __construct($widget = null) { // TODO This shouldn't be optional, is only necessary for editablesegment() if($widget) {