mirror of
https://github.com/silverstripe/silverstripe-restfulserver
synced 2024-10-22 14:05:58 +02:00
Merge pull request #39 from creative-commoners/pulls/1.0/pass-member
FIX Ensure a Member object is passed to canView etc methods if available
This commit is contained in:
Daniel Hensby
GitHub
commit
4ba5bf5853
18
.travis.yml
18
.travis.yml
@ -4,22 +4,16 @@ sudo: false
|
||||
|
||||
language: php
|
||||
|
||||
php:
|
||||
- 5.3
|
||||
- 5.4
|
||||
- 5.5
|
||||
|
||||
env:
|
||||
- DB=MYSQL CORE_RELEASE=3.5
|
||||
|
||||
matrix:
|
||||
include:
|
||||
- php: 5.4
|
||||
env: DB=MYSQL CORE_RELEASE=3.3
|
||||
- php: 5.5
|
||||
env: DB=MYSQL CORE_RELEASE=3.4
|
||||
- php: 5.6
|
||||
env: DB=PGSQL CORE_RELEASE=3.5
|
||||
- php: 7.0
|
||||
env: DB=MYSQL CORE_RELEASE=3
|
||||
- php: 5.6
|
||||
env: DB=MYSQL CORE_RELEASE=3.1
|
||||
- php: 5.6
|
||||
env: DB=PGSQL CORE_RELEASE=3.2
|
||||
- php: 7.1
|
||||
env: DB=MYSQL CORE_RELEASE=3.6
|
||||
|
||||
|
||||
@ -204,7 +204,7 @@ class RestfulServer extends Controller
|
||||
if (!$obj) {
|
||||
return $this->notFound();
|
||||
}
|
||||
if (!$obj->canView()) {
|
||||
if (!$obj->canView($this->getMember())) {
|
||||
return $this->permissionFailure();
|
||||
}
|
||||
|
||||
@ -232,7 +232,7 @@ class RestfulServer extends Controller
|
||||
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
||||
$objs = new ArrayList($obj->toArray());
|
||||
foreach ($objs as $obj) {
|
||||
if (!$obj->canView()) {
|
||||
if (!$obj->canView($this->getMember())) {
|
||||
$objs->remove($obj);
|
||||
}
|
||||
}
|
||||
@ -372,7 +372,7 @@ class RestfulServer extends Controller
|
||||
if (!$obj) {
|
||||
return $this->notFound();
|
||||
}
|
||||
if (!$obj->canDelete()) {
|
||||
if (!$obj->canDelete($this->getMember())) {
|
||||
return $this->permissionFailure();
|
||||
}
|
||||
|
||||
@ -391,7 +391,7 @@ class RestfulServer extends Controller
|
||||
if (!$obj) {
|
||||
return $this->notFound();
|
||||
}
|
||||
if (!$obj->canEdit()) {
|
||||
if (!$obj->canEdit($this->getMember())) {
|
||||
return $this->permissionFailure();
|
||||
}
|
||||
|
||||
@ -456,8 +456,9 @@ class RestfulServer extends Controller
|
||||
|
||||
$this->getResponse()->setStatusCode(204); // No Content
|
||||
return true;
|
||||
} else {
|
||||
if (!singleton($className)->canCreate()) {
|
||||
}
|
||||
|
||||
if (!singleton($className)->canCreate($this->getMember())) {
|
||||
return $this->permissionFailure();
|
||||
}
|
||||
$obj = new $className();
|
||||
@ -487,7 +488,6 @@ class RestfulServer extends Controller
|
||||
|
||||
return $responseFormatter->convertDataObject($obj);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Converts either the given HTTP Body into an array
|
||||
@ -649,6 +649,16 @@ class RestfulServer extends Controller
|
||||
}
|
||||
return $allowedRelations;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the current Member, if available
|
||||
*
|
||||
* @return Member|null
|
||||
*/
|
||||
protected function getMember()
|
||||
{
|
||||
return Member::currentUser();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user