mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
BUGFIX Prevent relations without $api_access to be shown through RestfulServer
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78123 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
173711531e
commit
e121c2f8fd
@ -51,6 +51,8 @@ class JSONDataFormatter extends DataFormatter {
|
||||
|
||||
if($this->relationDepth > 0) {
|
||||
foreach($obj->has_one() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
@ -65,6 +67,8 @@ class JSONDataFormatter extends DataFormatter {
|
||||
}
|
||||
|
||||
foreach($obj->has_many() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
@ -80,6 +84,8 @@ class JSONDataFormatter extends DataFormatter {
|
||||
}
|
||||
|
||||
foreach($obj->many_many() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
|
@ -59,6 +59,8 @@ class XMLDataFormatter extends DataFormatter {
|
||||
|
||||
if($this->relationDepth > 0) {
|
||||
foreach($obj->has_one() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
@ -73,6 +75,8 @@ class XMLDataFormatter extends DataFormatter {
|
||||
}
|
||||
|
||||
foreach($obj->has_many() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
@ -88,6 +92,8 @@ class XMLDataFormatter extends DataFormatter {
|
||||
}
|
||||
|
||||
foreach($obj->many_many() as $relName => $relClass) {
|
||||
if(!singleton($relClass)->stat('api_access')) continue;
|
||||
|
||||
// Field filtering
|
||||
if($fields && !in_array($relName, $fields)) continue;
|
||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||
|
@ -275,6 +275,16 @@ class RestfulServerTest extends SapphireTest {
|
||||
);
|
||||
}
|
||||
|
||||
public function testApiAccessRelationRestrictions() {
|
||||
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
|
||||
|
||||
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
|
||||
$response = Director::test($url, null, null, 'GET');
|
||||
var_dump($response->getBody());
|
||||
$this->assertNotContains('<RelatedPages', $response->getBody());
|
||||
$this->assertNotContains('<PublishedPages', $response->getBody());
|
||||
}
|
||||
|
||||
public function testApiAccessWithPUT() {
|
||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
||||
|
||||
@ -377,9 +387,17 @@ class RestfulServerTest_Page extends DataObject implements TestOnly {
|
||||
'Content' => 'HTMLText',
|
||||
);
|
||||
|
||||
static $has_one = array(
|
||||
'Author' => 'RestfulServerTest_Author',
|
||||
);
|
||||
|
||||
static $has_many = array(
|
||||
'TestComments' => 'RestfulServerTest_Comment'
|
||||
);
|
||||
|
||||
static $belongs_many_many = array(
|
||||
'RelatedAuthors' => 'RestfulServerTest_Author',
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
@ -390,8 +408,13 @@ class RestfulServerTest_Author extends DataObject implements TestOnly {
|
||||
static $db = array(
|
||||
'Name' => 'Text',
|
||||
);
|
||||
|
||||
static $many_many = array(
|
||||
'RelatedPages' => 'RestfulServerTest_Page',
|
||||
);
|
||||
|
||||
static $has_many = array(
|
||||
'PublishedPages' => 'RestfulServerTest_Page',
|
||||
'Ratings' => 'RestfulServerTest_AuthorRating',
|
||||
);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user