tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Prevent relations without $api_access to be shown through RestfulServer

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@78123 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2009-05-29 01:04:40 +00:00
parent 173711531e
commit e121c2f8fd
3 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
api/JSONDataFormatter.php
View File

@ -51,6 +51,8 @@ class JSONDataFormatter extends DataFormatter {
if($this->relationDepth > 0) { if($this->relationDepth > 0) {
foreach($obj->has_one() as $relName => $relClass) { foreach($obj->has_one() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
@ -65,6 +67,8 @@ class JSONDataFormatter extends DataFormatter {
} }
foreach($obj->has_many() as $relName => $relClass) { foreach($obj->has_many() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
@ -80,6 +84,8 @@ class JSONDataFormatter extends DataFormatter {
} }
foreach($obj->many_many() as $relName => $relClass) { foreach($obj->many_many() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;

6
api/XMLDataFormatter.php
View File

@ -59,6 +59,8 @@ class XMLDataFormatter extends DataFormatter {
if($this->relationDepth > 0) { if($this->relationDepth > 0) {
foreach($obj->has_one() as $relName => $relClass) { foreach($obj->has_one() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
@ -73,6 +75,8 @@ class XMLDataFormatter extends DataFormatter {
} }
foreach($obj->has_many() as $relName => $relClass) { foreach($obj->has_many() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;
@ -88,6 +92,8 @@ class XMLDataFormatter extends DataFormatter {
} }
foreach($obj->many_many() as $relName => $relClass) { foreach($obj->many_many() as $relName => $relClass) {
if(!singleton($relClass)->stat('api_access')) continue;
// Field filtering // Field filtering
if($fields && !in_array($relName, $fields)) continue; if($fields && !in_array($relName, $fields)) continue;
if($this->customRelations && !in_array($relName, $this->customRelations)) continue; if($this->customRelations && !in_array($relName, $this->customRelations)) continue;

23
tests/api/RestfulServerTest.php
View File

@ -275,6 +275,16 @@ class RestfulServerTest extends SapphireTest {
); );
} }
public function testApiAccessRelationRestrictions() {
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
$response = Director::test($url, null, null, 'GET');
var_dump($response->getBody());
$this->assertNotContains('<RelatedPages', $response->getBody());
$this->assertNotContains('<PublishedPages', $response->getBody());
}
public function testApiAccessWithPUT() { public function testApiAccessWithPUT() {
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1'); $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
@ -377,10 +387,18 @@ class RestfulServerTest_Page extends DataObject implements TestOnly {
'Content' => 'HTMLText', 'Content' => 'HTMLText',
); );
static $has_one = array(
'Author' => 'RestfulServerTest_Author',
);
static $has_many = array( static $has_many = array(
'TestComments' => 'RestfulServerTest_Comment' 'TestComments' => 'RestfulServerTest_Comment'
); );
static $belongs_many_many = array(
'RelatedAuthors' => 'RestfulServerTest_Author',
);
} }
class RestfulServerTest_Author extends DataObject implements TestOnly { class RestfulServerTest_Author extends DataObject implements TestOnly {
@ -391,7 +409,12 @@ class RestfulServerTest_Author extends DataObject implements TestOnly {
'Name' => 'Text', 'Name' => 'Text',
); );
static $many_many = array(
'RelatedPages' => 'RestfulServerTest_Page',
);
static $has_many = array( static $has_many = array(
'PublishedPages' => 'RestfulServerTest_Page',
'Ratings' => 'RestfulServerTest_AuthorRating', 'Ratings' => 'RestfulServerTest_AuthorRating',
); );