mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
BUGFIX Prevent relations without $api_access to be shown through RestfulServer
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78123 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
173711531e
commit
e121c2f8fd
@ -51,6 +51,8 @@ class JSONDataFormatter extends DataFormatter {
|
|||||||
|
|
||||||
if($this->relationDepth > 0) {
|
if($this->relationDepth > 0) {
|
||||||
foreach($obj->has_one() as $relName => $relClass) {
|
foreach($obj->has_one() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
@ -65,6 +67,8 @@ class JSONDataFormatter extends DataFormatter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
foreach($obj->has_many() as $relName => $relClass) {
|
foreach($obj->has_many() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
@ -80,6 +84,8 @@ class JSONDataFormatter extends DataFormatter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
foreach($obj->many_many() as $relName => $relClass) {
|
foreach($obj->many_many() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
|
@ -59,6 +59,8 @@ class XMLDataFormatter extends DataFormatter {
|
|||||||
|
|
||||||
if($this->relationDepth > 0) {
|
if($this->relationDepth > 0) {
|
||||||
foreach($obj->has_one() as $relName => $relClass) {
|
foreach($obj->has_one() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
@ -73,6 +75,8 @@ class XMLDataFormatter extends DataFormatter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
foreach($obj->has_many() as $relName => $relClass) {
|
foreach($obj->has_many() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
@ -88,6 +92,8 @@ class XMLDataFormatter extends DataFormatter {
|
|||||||
}
|
}
|
||||||
|
|
||||||
foreach($obj->many_many() as $relName => $relClass) {
|
foreach($obj->many_many() as $relName => $relClass) {
|
||||||
|
if(!singleton($relClass)->stat('api_access')) continue;
|
||||||
|
|
||||||
// Field filtering
|
// Field filtering
|
||||||
if($fields && !in_array($relName, $fields)) continue;
|
if($fields && !in_array($relName, $fields)) continue;
|
||||||
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
|
||||||
|
@ -275,6 +275,16 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testApiAccessRelationRestrictions() {
|
||||||
|
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
|
||||||
|
|
||||||
|
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
|
||||||
|
$response = Director::test($url, null, null, 'GET');
|
||||||
|
var_dump($response->getBody());
|
||||||
|
$this->assertNotContains('<RelatedPages', $response->getBody());
|
||||||
|
$this->assertNotContains('<PublishedPages', $response->getBody());
|
||||||
|
}
|
||||||
|
|
||||||
public function testApiAccessWithPUT() {
|
public function testApiAccessWithPUT() {
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
||||||
|
|
||||||
@ -377,10 +387,18 @@ class RestfulServerTest_Page extends DataObject implements TestOnly {
|
|||||||
'Content' => 'HTMLText',
|
'Content' => 'HTMLText',
|
||||||
);
|
);
|
||||||
|
|
||||||
|
static $has_one = array(
|
||||||
|
'Author' => 'RestfulServerTest_Author',
|
||||||
|
);
|
||||||
|
|
||||||
static $has_many = array(
|
static $has_many = array(
|
||||||
'TestComments' => 'RestfulServerTest_Comment'
|
'TestComments' => 'RestfulServerTest_Comment'
|
||||||
);
|
);
|
||||||
|
|
||||||
|
static $belongs_many_many = array(
|
||||||
|
'RelatedAuthors' => 'RestfulServerTest_Author',
|
||||||
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestfulServerTest_Author extends DataObject implements TestOnly {
|
class RestfulServerTest_Author extends DataObject implements TestOnly {
|
||||||
@ -391,7 +409,12 @@ class RestfulServerTest_Author extends DataObject implements TestOnly {
|
|||||||
'Name' => 'Text',
|
'Name' => 'Text',
|
||||||
);
|
);
|
||||||
|
|
||||||
|
static $many_many = array(
|
||||||
|
'RelatedPages' => 'RestfulServerTest_Page',
|
||||||
|
);
|
||||||
|
|
||||||
static $has_many = array(
|
static $has_many = array(
|
||||||
|
'PublishedPages' => 'RestfulServerTest_Page',
|
||||||
'Ratings' => 'RestfulServerTest_AuthorRating',
|
'Ratings' => 'RestfulServerTest_AuthorRating',
|
||||||
);
|
);
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user