Merge pull request #39 from creative-commoners/pulls/1.0/pass-member

FIX Ensure a Member object is passed to canView etc methods if available
2024-06-13 08:24:53 +02:00 · 2017-11-06 12:16:33 +00:00 · 2017-11-06 12:16:33 +00:00 · 4ba5bf5853
commit 4ba5bf5853
parent a12e6d48f5 e54e23ede0
2 changed files with 125 additions and 121 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -4,22 +4,16 @@ sudo: false

 language: php

-php:
-  - 5.3
-  - 5.4
-  - 5.5
-
-env:
-  - DB=MYSQL CORE_RELEASE=3.5
-
 matrix:
  include:
+    - php: 5.4
+      env: DB=MYSQL CORE_RELEASE=3.3
+    - php: 5.5
+      env: DB=MYSQL CORE_RELEASE=3.4
    - php: 5.6
+      env: DB=PGSQL CORE_RELEASE=3.5
+    - php: 7.0
      env: DB=MYSQL CORE_RELEASE=3
-    - php: 5.6
-      env: DB=MYSQL CORE_RELEASE=3.1
-    - php: 5.6
-      env: DB=PGSQL CORE_RELEASE=3.2
    - php: 7.1
      env: DB=MYSQL CORE_RELEASE=3.6

--- a/code/RestfulServer.php
+++ b/code/RestfulServer.php
@ -204,7 +204,7 @@ class RestfulServer extends Controller
            if (!$obj) {
                return $this->notFound();
            }
-            if (!$obj->canView()) {
+            if (!$obj->canView($this->getMember())) {
                return $this->permissionFailure();
            }

@ -232,7 +232,7 @@ class RestfulServer extends Controller
            $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
            $objs = new ArrayList($obj->toArray());
            foreach ($objs as $obj) {
-                if (!$obj->canView()) {
+                if (!$obj->canView($this->getMember())) {
                    $objs->remove($obj);
                }
            }
@ -372,7 +372,7 @@ class RestfulServer extends Controller
        if (!$obj) {
            return $this->notFound();
        }
-        if (!$obj->canDelete()) {
+        if (!$obj->canDelete($this->getMember())) {
            return $this->permissionFailure();
        }

@ -391,7 +391,7 @@ class RestfulServer extends Controller
        if (!$obj) {
            return $this->notFound();
        }
-        if (!$obj->canEdit()) {
+        if (!$obj->canEdit($this->getMember())) {
            return $this->permissionFailure();
        }

@ -456,37 +456,37 @@ class RestfulServer extends Controller

            $this->getResponse()->setStatusCode(204); // No Content
            return true;
-        } else {
-            if (!singleton($className)->canCreate()) {
-                return $this->permissionFailure();
-            }
-            $obj = new $className();
-        
-            $reqFormatter = $this->getRequestDataFormatter($className);
-            if (!$reqFormatter) {
-                return $this->unsupportedMediaType();
-            }
-        
-            $responseFormatter = $this->getResponseDataFormatter($className);
-        
-            $obj = $this->updateDataObject($obj, $reqFormatter);
-        
-            $this->getResponse()->setStatusCode(201); // Created
-            $this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
-
-            // Append the default extension for the output format to the Location header
-            // or else we'll use the default (XML)
-            $types = $responseFormatter->supportedExtensions();
-            $type = '';
-            if (count($types)) {
-                $type = ".{$types[0]}";
-            }
-
-            $objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
-            $this->getResponse()->addHeader('Location', $objHref);
-        
-            return $responseFormatter->convertDataObject($obj);
        }
+
+        if (!singleton($className)->canCreate($this->getMember())) {
+            return $this->permissionFailure();
+        }
+        $obj = new $className();
+
+        $reqFormatter = $this->getRequestDataFormatter($className);
+        if (!$reqFormatter) {
+            return $this->unsupportedMediaType();
+        }
+
+        $responseFormatter = $this->getResponseDataFormatter($className);
+
+        $obj = $this->updateDataObject($obj, $reqFormatter);
+
+        $this->getResponse()->setStatusCode(201); // Created
+        $this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
+
+        // Append the default extension for the output format to the Location header
+        // or else we'll use the default (XML)
+        $types = $responseFormatter->supportedExtensions();
+        $type = '';
+        if (count($types)) {
+            $type = ".{$types[0]}";
+        }
+
+        $objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
+        $this->getResponse()->addHeader('Location', $objHref);
+
+        return $responseFormatter->convertDataObject($obj);
    }

    /**
@ -649,6 +649,16 @@ class RestfulServer extends Controller
        }
        return $allowedRelations;
    }
+
+    /**
+     * Get the current Member, if available
+     *
+     * @return Member|null
+     */
+    protected function getMember()
+    {
+        return Member::currentUser();
+    }
 }

 /**