Merged from branches/2.3

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75572 467b73ca-7a2a-4603-9d3b-597d59a354a9

api/RestfulServer.php

@@ -383,12 +383,29 @@ class RestfulServer extends Controller {
 	 * current resolves in creatig a new element,
 	 * rather than a "Conflict" message.
 	 */
-	protected function postHandler($className, $id) {
+	protected function postHandler($className, $id, $relation) {
 		if($id) {
+			if(!$relation) {
 				$this->response->setStatusCode(409);
 				return 'Conflict';
 			}
 			
+			$obj = DataObject::get_by_id($className, $id);
+			if(!$obj) return $this->notFound();
+			
+			if(!$obj->hasMethod($relation)) {
+				return $this->notFound();
+			}
+			
+			if(!$obj->stat('allowed_actions') || !in_array($relation, $obj->stat('allowed_actions'))) {
+				return $this->permissionFailure();
+			}
+			
+			$obj->$relation();
+			
+			$this->getResponse()->setStatusCode(204); // No Content
+			return true;
+		} else {
 			if(!singleton($className)->canCreate()) return $this->permissionFailure();
 			$obj = new $className();
 		
@@ -405,7 +422,7 @@ class RestfulServer extends Controller {
 			$this->getResponse()->addHeader('Location', $objHref);
 		
 			return $responseFormatter->convertDataObject($obj);
-		
+		}
 	}
 	
 	/**

core/SSViewer.php

@@ -123,7 +123,6 @@ class SSViewer extends Object {
 		if (isset($_GET['flush']) && $_GET['flush'] == 'all') {
 			if(Director::isDev() || Permission::check('ADMIN')) {
 				self::flush_template_cache();
-				Debug::message('flushed!');
 			} else {
 				Security::permissionFailure(null, 'Please log in as an administrator to flush the template cache.');
 			}

core/control/ContentController.php

@@ -262,7 +262,7 @@ JS
 				$surname = Convert::raw2xml($member->Surame);
 				$logInMessage = _t('ContentController.LOGGEDINAS', 'Logged in as') ." {$firstname} {$surname} - <a href=\"Security/logout\">". _t('ContentController.LOGOUT', 'Log out'). "</a>";
 			} else {
-				$logInMessage = _t('ContentController.NOTLOGGEDIN', 'Not logged in') ." - <a href='Security/login'>". _t('ContentController.LOGIN', 'Login') ."</a>";
+				$logInMessage = _t('ContentController.NOTLOGGEDIN', 'Not logged in') ." - <a href=\"Security/login\">". _t('ContentController.LOGIN', 'Login') ."</a>";
 			}
 			$viewPageIn = _t('ContentController.VIEWPAGEIN', 'View Page in:');
 			/**

core/control/Controller.php

@@ -518,7 +518,7 @@ class Controller extends RequestHandler {
 	 */
 	function isAjax() {
 		return (
-			isset($this->requestParams['ajax']) ||
+			isset($this->requestParams['ajax']) || isset($_REQUEST['ajax']) ||
 			(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == "XMLHttpRequest")
 		);
 	}

core/control/ModelAsController.php

@@ -18,7 +18,8 @@ class ModelAsController extends Controller implements NestedController {
 		// If the basic database hasn't been created, then build it.
 		if(!DB::isActive() || !ClassInfo::hasTable('SiteTree')) {
 			$this->response = new HTTPResponse();
-			$this->redirect("dev/build?returnURL=" . urlencode($_GET['url']));
+			$this->redirect("dev/build?returnURL=" . (isset($_GET['url']) ? urlencode($_GET['url']) : ''));
+			$this->popCurrent();
 			return $this->response;
 		}
 

core/model/DataObject.php

@@ -3142,6 +3142,11 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
 	 */
 	public static $summary_fields = null;
 	
+	/**
+	 * Provides a list of allowed methods that can be called via RESTful api.
+	 */
+	public static $allowed_actions = null;
+	
 	/**
 	 * Collect all static properties on the object
 	 * which contain natural language, and need to be translated.

search/SearchContext.php

@@ -108,7 +108,7 @@ class SearchContext extends Object {
 		if($existingQuery) {
 			$query = $existingQuery;
 		} else {
-			$query = $model->buildSQL();
+			$query = $model->extendedSQL();
 		}
 
 		$SQL_limit = Convert::raw2sql($limit);