getTestSoapConnection(); $soapResponse = $c->getXML( "SoapModelAccessTest_Comment", 1, null, null, 'editor@test.com', 'editor' ); $responseArr = Convert::xml2array($soapResponse); $this->assertEquals($responseArr['ID'], 1); $this->assertEquals($responseArr['Name'], 'Joe'); } public function testAuthenticatedPUT() { $comment1 = $this->objFromFixture('SoapModelAccessTest_Comment', 'comment1'); $comment1ID = $comment1->ID; // test wrong details $c = $this->getTestSoapConnection(); $updateXML = << $comment1ID Jimmy XML; $soapResponse = $c->putXML( "SoapModelAccessTest_Comment", $comment1->ID, null, $updateXML, 'editor@test.com', 'wrongpassword' ); $this->assertEquals('Unauthorized', $soapResponse); // Check that the details weren't saved $c = $this->getTestSoapConnection(); $soapResponse = $c->getXML("SoapModelAccessTest_Comment", $comment1->ID, null, 'editor@test.com', 'editor'); $responseArr = Convert::xml2array($soapResponse); $this->assertEquals($comment1->ID, $responseArr['ID']); $this->assertEquals('Joe', $responseArr['Name']); // Now do an update with the right password $soapResponse = $c->putXML( "SoapModelAccessTest_Comment", $comment1->ID, null, $updateXML, 'editor@test.com', 'editor' ); // Check that the details were saved $c = $this->getTestSoapConnection(); $soapResponse = $c->getXML("SoapModelAccessTest_Comment", $comment1->ID, null, 'editor@test.com', 'editor'); $responseArr = Convert::xml2array($soapResponse); $this->assertEquals($comment1->ID, $responseArr['ID']); $this->assertEquals('Jimmy', $responseArr['Name']); } public function testAuthenticatedPOST() { /* $c = $this->getTestSoapConnection(); $soapResponse = $c->getXML( "SoapModelAccessTest_Comment", null, null, 'editor@test.com', 'editor' ); Debug::message($soapResponse); $responseArr = Convert::xml2array($soapResponse); Debug::show($responseArr); $this->assertEquals($responseArr['Name'], 'Created Name'); */ } } /** * Everybody can view comments, logged in members in the "users" group can create comments, * but only "editors" can edit or delete them. * */ class SoapModelAccessTest_Comment extends DataObject implements PermissionProvider,TestOnly { static $api_access = true; static $db = array( "Name" => "Varchar(255)", "Comment" => "Text" ); static $has_many = array(); public function providePermissions(){ return array( 'EDIT_Comment' => 'Edit Comment Objects', 'CREATE_Comment' => 'Create Comment Objects', 'DELETE_Comment' => 'Delete Comment Objects', ); } public function canView($member = null) { return true; } public function canEdit($member = null) { return Permission::checkMember($member, 'EDIT_Comment'); } public function canDelete($member = null) { return Permission::checkMember($member, 'DELETE_Comment'); } public function canCreate($member = null) { return Permission::checkMember($member, 'CREATE_Comment'); } } class SoapModelAccessTest_Page extends DataObject implements TestOnly { static $api_access = false; static $db = array( 'Title' => 'Text', 'Content' => 'HTMLText', ); }