tonyair/silverstripe-restfulserver
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-restfulserver synced 2024-10-22 14:05:58 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #39 from creative-commoners/pulls/1.0/pass-member

Browse Source 
FIX Ensure a Member object is passed to canView etc methods if available
This commit is contained in:
Daniel Hensby 2017-11-06 12:16:33 +00:00 committed by GitHub
commit 4ba5bf5853
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 125 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.travis.yml
View File

@ -4,22 +4,16 @@ sudo: false
language: php language: php
php:
- 5.3
- 5.4
- 5.5
env:
- DB=MYSQL CORE_RELEASE=3.5
matrix: matrix:
include: include:
- php: 5.4
env: DB=MYSQL CORE_RELEASE=3.3
- php: 5.5
env: DB=MYSQL CORE_RELEASE=3.4
- php: 5.6 - php: 5.6
env: DB=PGSQL CORE_RELEASE=3.5
- php: 7.0
env: DB=MYSQL CORE_RELEASE=3 env: DB=MYSQL CORE_RELEASE=3
- php: 5.6
env: DB=MYSQL CORE_RELEASE=3.1
- php: 5.6
env: DB=PGSQL CORE_RELEASE=3.2
- php: 7.1 - php: 7.1
env: DB=MYSQL CORE_RELEASE=3.6 env: DB=MYSQL CORE_RELEASE=3.6

24
code/RestfulServer.php
View File

@ -204,7 +204,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canView()) { if (!$obj->canView($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -232,7 +232,7 @@ class RestfulServer extends Controller
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount()); $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
$objs = new ArrayList($obj->toArray()); $objs = new ArrayList($obj->toArray());
foreach ($objs as $obj) { foreach ($objs as $obj) {
if (!$obj->canView()) { if (!$obj->canView($this->getMember())) {
$objs->remove($obj); $objs->remove($obj);
} }
} }
@ -372,7 +372,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canDelete()) { if (!$obj->canDelete($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -391,7 +391,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canEdit()) { if (!$obj->canEdit($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -456,8 +456,9 @@ class RestfulServer extends Controller
$this->getResponse()->setStatusCode(204); // No Content $this->getResponse()->setStatusCode(204); // No Content
return true; return true;
} else { }
if (!singleton($className)->canCreate()) {
if (!singleton($className)->canCreate($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
$obj = new $className(); $obj = new $className();
@ -487,7 +488,6 @@ class RestfulServer extends Controller
return $responseFormatter->convertDataObject($obj); return $responseFormatter->convertDataObject($obj);
} }
}
/** /**
* Converts either the given HTTP Body into an array * Converts either the given HTTP Body into an array
@ -649,6 +649,16 @@ class RestfulServer extends Controller
} }
return $allowedRelations; return $allowedRelations;
} }
/**
* Get the current Member, if available
*
* @return Member|null
*/
protected function getMember()
{
return Member::currentUser();
}
} }
/** /**