mirror of
https://github.com/silverstripe/silverstripe-restfulserver
synced 2024-10-22 14:05:58 +02:00
Merge pull request #26 from helpfulrobot/convert-to-psr-2
Converted to PSR-2
This commit is contained in:
Daniel Hensby
commit
90de9c2260
@ -8,8 +8,8 @@
|
|||||||
* application accessing the RestfulServer to store logins in plain text (or in
|
* application accessing the RestfulServer to store logins in plain text (or in
|
||||||
* decrytable form)
|
* decrytable form)
|
||||||
*/
|
*/
|
||||||
class BasicRestfulAuthenticator {
|
class BasicRestfulAuthenticator
|
||||||
|
{
|
||||||
/**
|
/**
|
||||||
* The authenticate function
|
* The authenticate function
|
||||||
*
|
*
|
||||||
@ -17,9 +17,12 @@ class BasicRestfulAuthenticator {
|
|||||||
*
|
*
|
||||||
* @return Member|false The Member object, or false if no member
|
* @return Member|false The Member object, or false if no member
|
||||||
*/
|
*/
|
||||||
public static function authenticate() {
|
public static function authenticate()
|
||||||
|
{
|
||||||
//if there is no username or password, break
|
//if there is no username or password, break
|
||||||
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) return false;
|
if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
//Attempt to authenticate with the default authenticator for the site
|
//Attempt to authenticate with the default authenticator for the site
|
||||||
$authClass = Authenticator::get_default_authenticator();
|
$authClass = Authenticator::get_default_authenticator();
|
||||||
@ -29,11 +32,10 @@ class BasicRestfulAuthenticator {
|
|||||||
));
|
));
|
||||||
|
|
||||||
//Log the member in and return the member, if they were found
|
//Log the member in and return the member, if they were found
|
||||||
if($member) {
|
if ($member) {
|
||||||
$member->LogIn(false);
|
$member->LogIn(false);
|
||||||
return $member;
|
return $member;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -26,8 +26,9 @@
|
|||||||
* @package framework
|
* @package framework
|
||||||
* @subpackage api
|
* @subpackage api
|
||||||
*/
|
*/
|
||||||
class RestfulServer extends Controller {
|
class RestfulServer extends Controller
|
||||||
static $url_handlers = array(
|
{
|
||||||
|
public static $url_handlers = array(
|
||||||
'$ClassName/$ID/$Relation' => 'handleAction'
|
'$ClassName/$ID/$Relation' => 'handleAction'
|
||||||
#'$ClassName/#ID' => 'handleItem',
|
#'$ClassName/#ID' => 'handleItem',
|
||||||
#'$ClassName' => 'handleList',
|
#'$ClassName' => 'handleList',
|
||||||
@ -72,12 +73,15 @@ class RestfulServer extends Controller {
|
|||||||
}
|
}
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function init() {
|
public function init()
|
||||||
|
{
|
||||||
/* This sets up SiteTree the same as when viewing a page through the frontend. Versioned defaults
|
/* This sets up SiteTree the same as when viewing a page through the frontend. Versioned defaults
|
||||||
* to Stage, and then when viewing the front-end Versioned::choose_site_stage changes it to Live.
|
* to Stage, and then when viewing the front-end Versioned::choose_site_stage changes it to Live.
|
||||||
* TODO: In 3.2 we should make the default Live, then change to Stage in the admin area (with a nicer API)
|
* TODO: In 3.2 we should make the default Live, then change to Stage in the admin area (with a nicer API)
|
||||||
*/
|
*/
|
||||||
if (class_exists('SiteTree')) singleton('SiteTree')->extend('modelascontrollerInit', $this);
|
if (class_exists('SiteTree')) {
|
||||||
|
singleton('SiteTree')->extend('modelascontrollerInit', $this);
|
||||||
|
}
|
||||||
parent::init();
|
parent::init();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -85,16 +89,23 @@ class RestfulServer extends Controller {
|
|||||||
* This handler acts as the switchboard for the controller.
|
* This handler acts as the switchboard for the controller.
|
||||||
* Since no $Action url-param is set, all requests are sent here.
|
* Since no $Action url-param is set, all requests are sent here.
|
||||||
*/
|
*/
|
||||||
function index() {
|
public function index()
|
||||||
if(!isset($this->urlParams['ClassName'])) return $this->notFound();
|
{
|
||||||
|
if (!isset($this->urlParams['ClassName'])) {
|
||||||
|
return $this->notFound();
|
||||||
|
}
|
||||||
$className = $this->urlParams['ClassName'];
|
$className = $this->urlParams['ClassName'];
|
||||||
$id = (isset($this->urlParams['ID'])) ? $this->urlParams['ID'] : null;
|
$id = (isset($this->urlParams['ID'])) ? $this->urlParams['ID'] : null;
|
||||||
$relation = (isset($this->urlParams['Relation'])) ? $this->urlParams['Relation'] : null;
|
$relation = (isset($this->urlParams['Relation'])) ? $this->urlParams['Relation'] : null;
|
||||||
|
|
||||||
// Check input formats
|
// Check input formats
|
||||||
if(!class_exists($className)) return $this->notFound();
|
if (!class_exists($className)) {
|
||||||
if($id && !is_numeric($id)) return $this->notFound();
|
return $this->notFound();
|
||||||
if(
|
}
|
||||||
|
if ($id && !is_numeric($id)) {
|
||||||
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
if (
|
||||||
$relation
|
$relation
|
||||||
&& !preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $relation)
|
&& !preg_match('/^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$/', $relation)
|
||||||
) {
|
) {
|
||||||
@ -103,25 +114,27 @@ class RestfulServer extends Controller {
|
|||||||
|
|
||||||
// if api access is disabled, don't proceed
|
// if api access is disabled, don't proceed
|
||||||
$apiAccess = singleton($className)->stat('api_access');
|
$apiAccess = singleton($className)->stat('api_access');
|
||||||
if(!$apiAccess) return $this->permissionFailure();
|
if (!$apiAccess) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
|
|
||||||
// authenticate through HTTP BasicAuth
|
// authenticate through HTTP BasicAuth
|
||||||
$this->member = $this->authenticate();
|
$this->member = $this->authenticate();
|
||||||
|
|
||||||
// handle different HTTP verbs
|
// handle different HTTP verbs
|
||||||
if($this->request->isGET() || $this->request->isHEAD()) {
|
if ($this->request->isGET() || $this->request->isHEAD()) {
|
||||||
return $this->getHandler($className, $id, $relation);
|
return $this->getHandler($className, $id, $relation);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->request->isPOST()) {
|
if ($this->request->isPOST()) {
|
||||||
return $this->postHandler($className, $id, $relation);
|
return $this->postHandler($className, $id, $relation);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->request->isPUT()) {
|
if ($this->request->isPUT()) {
|
||||||
return $this->putHandler($className, $id, $relation);
|
return $this->putHandler($className, $id, $relation);
|
||||||
}
|
}
|
||||||
|
|
||||||
if($this->request->isDELETE()) {
|
if ($this->request->isDELETE()) {
|
||||||
return $this->deleteHandler($className, $id, $relation);
|
return $this->deleteHandler($className, $id, $relation);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -162,10 +175,11 @@ class RestfulServer extends Controller {
|
|||||||
* @param String $relation
|
* @param String $relation
|
||||||
* @return String The serialized representation of the requested object(s) - usually XML or JSON.
|
* @return String The serialized representation of the requested object(s) - usually XML or JSON.
|
||||||
*/
|
*/
|
||||||
protected function getHandler($className, $id, $relationName) {
|
protected function getHandler($className, $id, $relationName)
|
||||||
|
{
|
||||||
$sort = '';
|
$sort = '';
|
||||||
|
|
||||||
if($this->request->getVar('sort')) {
|
if ($this->request->getVar('sort')) {
|
||||||
$dir = $this->request->getVar('dir');
|
$dir = $this->request->getVar('dir');
|
||||||
$sort = array($this->request->getVar('sort') => ($dir ? $dir : 'ASC'));
|
$sort = array($this->request->getVar('sort') => ($dir ? $dir : 'ASC'));
|
||||||
}
|
}
|
||||||
@ -178,25 +192,32 @@ class RestfulServer extends Controller {
|
|||||||
$params = $this->request->getVars();
|
$params = $this->request->getVars();
|
||||||
|
|
||||||
$responseFormatter = $this->getResponseDataFormatter($className);
|
$responseFormatter = $this->getResponseDataFormatter($className);
|
||||||
if(!$responseFormatter) return $this->unsupportedMediaType();
|
if (!$responseFormatter) {
|
||||||
|
return $this->unsupportedMediaType();
|
||||||
|
}
|
||||||
|
|
||||||
// $obj can be either a DataObject or a SS_List,
|
// $obj can be either a DataObject or a SS_List,
|
||||||
// depending on the request
|
// depending on the request
|
||||||
if($id) {
|
if ($id) {
|
||||||
// Format: /api/v1/<MyClass>/<ID>
|
// Format: /api/v1/<MyClass>/<ID>
|
||||||
$obj = $this->getObjectQuery($className, $id, $params)->First();
|
$obj = $this->getObjectQuery($className, $id, $params)->First();
|
||||||
if(!$obj) return $this->notFound();
|
if (!$obj) {
|
||||||
if(!$obj->canView()) return $this->permissionFailure();
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
if (!$obj->canView()) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
|
|
||||||
// Format: /api/v1/<MyClass>/<ID>/<Relation>
|
// Format: /api/v1/<MyClass>/<ID>/<Relation>
|
||||||
if($relationName) {
|
if ($relationName) {
|
||||||
$obj = $this->getObjectRelationQuery($obj, $params, $sort, $limit, $relationName);
|
$obj = $this->getObjectRelationQuery($obj, $params, $sort, $limit, $relationName);
|
||||||
if(!$obj) return $this->notFound();
|
if (!$obj) {
|
||||||
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
|
||||||
// TODO Avoid creating data formatter again for relation class (see above)
|
// TODO Avoid creating data formatter again for relation class (see above)
|
||||||
$responseFormatter = $this->getResponseDataFormatter($obj->dataClass());
|
$responseFormatter = $this->getResponseDataFormatter($obj->dataClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Format: /api/v1/<MyClass>
|
// Format: /api/v1/<MyClass>
|
||||||
$obj = $this->getObjectsQuery($className, $params, $sort, $limit);
|
$obj = $this->getObjectsQuery($className, $params, $sort, $limit);
|
||||||
@ -207,12 +228,16 @@ class RestfulServer extends Controller {
|
|||||||
$rawFields = $this->request->getVar('fields');
|
$rawFields = $this->request->getVar('fields');
|
||||||
$fields = $rawFields ? explode(',', $rawFields) : null;
|
$fields = $rawFields ? explode(',', $rawFields) : null;
|
||||||
|
|
||||||
if($obj instanceof SS_List) {
|
if ($obj instanceof SS_List) {
|
||||||
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
||||||
$objs = new ArrayList($obj->toArray());
|
$objs = new ArrayList($obj->toArray());
|
||||||
foreach($objs as $obj) if(!$obj->canView()) $objs->remove($obj);
|
foreach ($objs as $obj) {
|
||||||
|
if (!$obj->canView()) {
|
||||||
|
$objs->remove($obj);
|
||||||
|
}
|
||||||
|
}
|
||||||
return $responseFormatter->convertDataObjectSet($objs, $fields);
|
return $responseFormatter->convertDataObjectSet($objs, $fields);
|
||||||
} else if(!$obj) {
|
} elseif (!$obj) {
|
||||||
$responseFormatter->setTotalSize(0);
|
$responseFormatter->setTotalSize(0);
|
||||||
return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);
|
return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);
|
||||||
} else {
|
} else {
|
||||||
@ -235,7 +260,7 @@ class RestfulServer extends Controller {
|
|||||||
protected function getSearchQuery($className, $params = null, $sort = null,
|
protected function getSearchQuery($className, $params = null, $sort = null,
|
||||||
$limit = null, $existingQuery = null
|
$limit = null, $existingQuery = null
|
||||||
) {
|
) {
|
||||||
if(singleton($className)->hasMethod('getRestfulSearchContext')) {
|
if (singleton($className)->hasMethod('getRestfulSearchContext')) {
|
||||||
$searchContext = singleton($className)->{'getRestfulSearchContext'}();
|
$searchContext = singleton($className)->{'getRestfulSearchContext'}();
|
||||||
} else {
|
} else {
|
||||||
$searchContext = singleton($className)->getDefaultSearchContext();
|
$searchContext = singleton($className)->getDefaultSearchContext();
|
||||||
@ -251,63 +276,71 @@ class RestfulServer extends Controller {
|
|||||||
* @param String Classname of a DataObject
|
* @param String Classname of a DataObject
|
||||||
* @return DataFormatter
|
* @return DataFormatter
|
||||||
*/
|
*/
|
||||||
protected function getDataFormatter($includeAcceptHeader = false, $className = null) {
|
protected function getDataFormatter($includeAcceptHeader = false, $className = null)
|
||||||
|
{
|
||||||
$extension = $this->request->getExtension();
|
$extension = $this->request->getExtension();
|
||||||
$contentTypeWithEncoding = $this->request->getHeader('Content-Type');
|
$contentTypeWithEncoding = $this->request->getHeader('Content-Type');
|
||||||
preg_match('/([^;]*)/',$contentTypeWithEncoding, $contentTypeMatches);
|
preg_match('/([^;]*)/', $contentTypeWithEncoding, $contentTypeMatches);
|
||||||
$contentType = $contentTypeMatches[0];
|
$contentType = $contentTypeMatches[0];
|
||||||
$accept = $this->request->getHeader('Accept');
|
$accept = $this->request->getHeader('Accept');
|
||||||
$mimetypes = $this->request->getAcceptMimetypes();
|
$mimetypes = $this->request->getAcceptMimetypes();
|
||||||
if(!$className) $className = $this->urlParams['ClassName'];
|
if (!$className) {
|
||||||
|
$className = $this->urlParams['ClassName'];
|
||||||
|
}
|
||||||
|
|
||||||
// get formatter
|
// get formatter
|
||||||
if(!empty($extension)) {
|
if (!empty($extension)) {
|
||||||
$formatter = DataFormatter::for_extension($extension);
|
$formatter = DataFormatter::for_extension($extension);
|
||||||
}elseif($includeAcceptHeader && !empty($accept) && $accept != '*/*') {
|
} elseif ($includeAcceptHeader && !empty($accept) && $accept != '*/*') {
|
||||||
$formatter = DataFormatter::for_mimetypes($mimetypes);
|
$formatter = DataFormatter::for_mimetypes($mimetypes);
|
||||||
if(!$formatter) $formatter = DataFormatter::for_extension(self::$default_extension);
|
if (!$formatter) {
|
||||||
} elseif(!empty($contentType)) {
|
$formatter = DataFormatter::for_extension(self::$default_extension);
|
||||||
|
}
|
||||||
|
} elseif (!empty($contentType)) {
|
||||||
$formatter = DataFormatter::for_mimetype($contentType);
|
$formatter = DataFormatter::for_mimetype($contentType);
|
||||||
} else {
|
} else {
|
||||||
$formatter = DataFormatter::for_extension(self::$default_extension);
|
$formatter = DataFormatter::for_extension(self::$default_extension);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$formatter) return false;
|
if (!$formatter) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// set custom fields
|
// set custom fields
|
||||||
if($customAddFields = $this->request->getVar('add_fields')) {
|
if ($customAddFields = $this->request->getVar('add_fields')) {
|
||||||
$formatter->setCustomAddFields(explode(',',$customAddFields));
|
$formatter->setCustomAddFields(explode(',', $customAddFields));
|
||||||
}
|
}
|
||||||
if($customFields = $this->request->getVar('fields')) {
|
if ($customFields = $this->request->getVar('fields')) {
|
||||||
$formatter->setCustomFields(explode(',',$customFields));
|
$formatter->setCustomFields(explode(',', $customFields));
|
||||||
}
|
}
|
||||||
$formatter->setCustomRelations($this->getAllowedRelations($className));
|
$formatter->setCustomRelations($this->getAllowedRelations($className));
|
||||||
|
|
||||||
$apiAccess = singleton($className)->stat('api_access');
|
$apiAccess = singleton($className)->stat('api_access');
|
||||||
if(is_array($apiAccess)) {
|
if (is_array($apiAccess)) {
|
||||||
$formatter->setCustomAddFields(
|
$formatter->setCustomAddFields(
|
||||||
array_intersect((array)$formatter->getCustomAddFields(), (array)$apiAccess['view'])
|
array_intersect((array)$formatter->getCustomAddFields(), (array)$apiAccess['view'])
|
||||||
);
|
);
|
||||||
if($formatter->getCustomFields()) {
|
if ($formatter->getCustomFields()) {
|
||||||
$formatter->setCustomFields(
|
$formatter->setCustomFields(
|
||||||
array_intersect((array)$formatter->getCustomFields(), (array)$apiAccess['view'])
|
array_intersect((array)$formatter->getCustomFields(), (array)$apiAccess['view'])
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
$formatter->setCustomFields((array)$apiAccess['view']);
|
$formatter->setCustomFields((array)$apiAccess['view']);
|
||||||
}
|
}
|
||||||
if($formatter->getCustomRelations()) {
|
if ($formatter->getCustomRelations()) {
|
||||||
$formatter->setCustomRelations(
|
$formatter->setCustomRelations(
|
||||||
array_intersect((array)$formatter->getCustomRelations(), (array)$apiAccess['view'])
|
array_intersect((array)$formatter->getCustomRelations(), (array)$apiAccess['view'])
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
$formatter->setCustomRelations((array)$apiAccess['view']);
|
$formatter->setCustomRelations((array)$apiAccess['view']);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// set relation depth
|
// set relation depth
|
||||||
$relationDepth = $this->request->getVar('relationdepth');
|
$relationDepth = $this->request->getVar('relationdepth');
|
||||||
if(is_numeric($relationDepth)) $formatter->relationDepth = (int)$relationDepth;
|
if (is_numeric($relationDepth)) {
|
||||||
|
$formatter->relationDepth = (int)$relationDepth;
|
||||||
|
}
|
||||||
|
|
||||||
return $formatter;
|
return $formatter;
|
||||||
}
|
}
|
||||||
@ -316,7 +349,8 @@ class RestfulServer extends Controller {
|
|||||||
* @param String Classname of a DataObject
|
* @param String Classname of a DataObject
|
||||||
* @return DataFormatter
|
* @return DataFormatter
|
||||||
*/
|
*/
|
||||||
protected function getRequestDataFormatter($className = null) {
|
protected function getRequestDataFormatter($className = null)
|
||||||
|
{
|
||||||
return $this->getDataFormatter(false, $className);
|
return $this->getDataFormatter(false, $className);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -324,17 +358,23 @@ class RestfulServer extends Controller {
|
|||||||
* @param String Classname of a DataObject
|
* @param String Classname of a DataObject
|
||||||
* @return DataFormatter
|
* @return DataFormatter
|
||||||
*/
|
*/
|
||||||
protected function getResponseDataFormatter($className = null) {
|
protected function getResponseDataFormatter($className = null)
|
||||||
|
{
|
||||||
return $this->getDataFormatter(true, $className);
|
return $this->getDataFormatter(true, $className);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handler for object delete
|
* Handler for object delete
|
||||||
*/
|
*/
|
||||||
protected function deleteHandler($className, $id) {
|
protected function deleteHandler($className, $id)
|
||||||
|
{
|
||||||
$obj = DataObject::get_by_id($className, $id);
|
$obj = DataObject::get_by_id($className, $id);
|
||||||
if(!$obj) return $this->notFound();
|
if (!$obj) {
|
||||||
if(!$obj->canDelete()) return $this->permissionFailure();
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
if (!$obj->canDelete()) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
|
|
||||||
$obj->delete();
|
$obj->delete();
|
||||||
|
|
||||||
@ -345,16 +385,25 @@ class RestfulServer extends Controller {
|
|||||||
/**
|
/**
|
||||||
* Handler for object write
|
* Handler for object write
|
||||||
*/
|
*/
|
||||||
protected function putHandler($className, $id) {
|
protected function putHandler($className, $id)
|
||||||
|
{
|
||||||
$obj = DataObject::get_by_id($className, $id);
|
$obj = DataObject::get_by_id($className, $id);
|
||||||
if(!$obj) return $this->notFound();
|
if (!$obj) {
|
||||||
if(!$obj->canEdit()) return $this->permissionFailure();
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
if (!$obj->canEdit()) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
|
|
||||||
$reqFormatter = $this->getRequestDataFormatter($className);
|
$reqFormatter = $this->getRequestDataFormatter($className);
|
||||||
if(!$reqFormatter) return $this->unsupportedMediaType();
|
if (!$reqFormatter) {
|
||||||
|
return $this->unsupportedMediaType();
|
||||||
|
}
|
||||||
|
|
||||||
$responseFormatter = $this->getResponseDataFormatter($className);
|
$responseFormatter = $this->getResponseDataFormatter($className);
|
||||||
if(!$responseFormatter) return $this->unsupportedMediaType();
|
if (!$responseFormatter) {
|
||||||
|
return $this->unsupportedMediaType();
|
||||||
|
}
|
||||||
|
|
||||||
$obj = $this->updateDataObject($obj, $reqFormatter);
|
$obj = $this->updateDataObject($obj, $reqFormatter);
|
||||||
|
|
||||||
@ -382,21 +431,24 @@ class RestfulServer extends Controller {
|
|||||||
* current resolves in creatig a new element,
|
* current resolves in creatig a new element,
|
||||||
* rather than a "Conflict" message.
|
* rather than a "Conflict" message.
|
||||||
*/
|
*/
|
||||||
protected function postHandler($className, $id, $relation) {
|
protected function postHandler($className, $id, $relation)
|
||||||
if($id) {
|
{
|
||||||
if(!$relation) {
|
if ($id) {
|
||||||
|
if (!$relation) {
|
||||||
$this->response->setStatusCode(409);
|
$this->response->setStatusCode(409);
|
||||||
return 'Conflict';
|
return 'Conflict';
|
||||||
}
|
}
|
||||||
|
|
||||||
$obj = DataObject::get_by_id($className, $id);
|
$obj = DataObject::get_by_id($className, $id);
|
||||||
if(!$obj) return $this->notFound();
|
if (!$obj) {
|
||||||
|
|
||||||
if(!$obj->hasMethod($relation)) {
|
|
||||||
return $this->notFound();
|
return $this->notFound();
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!$obj->stat('allowed_actions') || !in_array($relation, $obj->stat('allowed_actions'))) {
|
if (!$obj->hasMethod($relation)) {
|
||||||
|
return $this->notFound();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$obj->stat('allowed_actions') || !in_array($relation, $obj->stat('allowed_actions'))) {
|
||||||
return $this->permissionFailure();
|
return $this->permissionFailure();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -405,11 +457,15 @@ class RestfulServer extends Controller {
|
|||||||
$this->getResponse()->setStatusCode(204); // No Content
|
$this->getResponse()->setStatusCode(204); // No Content
|
||||||
return true;
|
return true;
|
||||||
} else {
|
} else {
|
||||||
if(!singleton($className)->canCreate()) return $this->permissionFailure();
|
if (!singleton($className)->canCreate()) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
$obj = new $className();
|
$obj = new $className();
|
||||||
|
|
||||||
$reqFormatter = $this->getRequestDataFormatter($className);
|
$reqFormatter = $this->getRequestDataFormatter($className);
|
||||||
if(!$reqFormatter) return $this->unsupportedMediaType();
|
if (!$reqFormatter) {
|
||||||
|
return $this->unsupportedMediaType();
|
||||||
|
}
|
||||||
|
|
||||||
$responseFormatter = $this->getResponseDataFormatter($className);
|
$responseFormatter = $this->getResponseDataFormatter($className);
|
||||||
|
|
||||||
@ -444,15 +500,16 @@ class RestfulServer extends Controller {
|
|||||||
* @param DataFormatter $formatter
|
* @param DataFormatter $formatter
|
||||||
* @return DataObject The passed object
|
* @return DataObject The passed object
|
||||||
*/
|
*/
|
||||||
protected function updateDataObject($obj, $formatter) {
|
protected function updateDataObject($obj, $formatter)
|
||||||
|
{
|
||||||
// if neither an http body nor POST data is present, return error
|
// if neither an http body nor POST data is present, return error
|
||||||
$body = $this->request->getBody();
|
$body = $this->request->getBody();
|
||||||
if(!$body && !$this->request->postVars()) {
|
if (!$body && !$this->request->postVars()) {
|
||||||
$this->getResponse()->setStatusCode(204); // No Content
|
$this->getResponse()->setStatusCode(204); // No Content
|
||||||
return 'No Content';
|
return 'No Content';
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($body)) {
|
if (!empty($body)) {
|
||||||
$data = $formatter->convertStringToArray($body);
|
$data = $formatter->convertStringToArray($body);
|
||||||
} else {
|
} else {
|
||||||
// assume application/x-www-form-urlencoded which is automatically parsed by PHP
|
// assume application/x-www-form-urlencoded which is automatically parsed by PHP
|
||||||
@ -460,11 +517,11 @@ class RestfulServer extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// @todo Disallow editing of certain keys in database
|
// @todo Disallow editing of certain keys in database
|
||||||
$data = array_diff_key($data, array('ID','Created'));
|
$data = array_diff_key($data, array('ID', 'Created'));
|
||||||
|
|
||||||
$apiAccess = singleton($this->urlParams['ClassName'])->stat('api_access');
|
$apiAccess = singleton($this->urlParams['ClassName'])->stat('api_access');
|
||||||
if(is_array($apiAccess) && isset($apiAccess['edit'])) {
|
if (is_array($apiAccess) && isset($apiAccess['edit'])) {
|
||||||
$data = array_intersect_key($data, array_combine($apiAccess['edit'],$apiAccess['edit']));
|
$data = array_intersect_key($data, array_combine($apiAccess['edit'], $apiAccess['edit']));
|
||||||
}
|
}
|
||||||
|
|
||||||
$obj->update($data);
|
$obj->update($data);
|
||||||
@ -482,7 +539,8 @@ class RestfulServer extends Controller {
|
|||||||
* @param array $params
|
* @param array $params
|
||||||
* @return DataList
|
* @return DataList
|
||||||
*/
|
*/
|
||||||
protected function getObjectQuery($className, $id, $params) {
|
protected function getObjectQuery($className, $id, $params)
|
||||||
|
{
|
||||||
return DataList::create($className)->byIDs(array($id));
|
return DataList::create($className)->byIDs(array($id));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -493,7 +551,8 @@ class RestfulServer extends Controller {
|
|||||||
* @param int|array $limit
|
* @param int|array $limit
|
||||||
* @return SQLQuery
|
* @return SQLQuery
|
||||||
*/
|
*/
|
||||||
protected function getObjectsQuery($className, $params, $sort, $limit) {
|
protected function getObjectsQuery($className, $params, $sort, $limit)
|
||||||
|
{
|
||||||
return $this->getSearchQuery($className, $params, $sort, $limit);
|
return $this->getSearchQuery($className, $params, $sort, $limit);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -506,10 +565,11 @@ class RestfulServer extends Controller {
|
|||||||
* @param string $relationName
|
* @param string $relationName
|
||||||
* @return SQLQuery|boolean
|
* @return SQLQuery|boolean
|
||||||
*/
|
*/
|
||||||
protected function getObjectRelationQuery($obj, $params, $sort, $limit, $relationName) {
|
protected function getObjectRelationQuery($obj, $params, $sort, $limit, $relationName)
|
||||||
|
{
|
||||||
// The relation method will return a DataList, that getSearchQuery subsequently manipulates
|
// The relation method will return a DataList, that getSearchQuery subsequently manipulates
|
||||||
if($obj->hasMethod($relationName)) {
|
if ($obj->hasMethod($relationName)) {
|
||||||
if($relationClass = $obj->has_one($relationName)) {
|
if ($relationClass = $obj->has_one($relationName)) {
|
||||||
$joinField = $relationName . 'ID';
|
$joinField = $relationName . 'ID';
|
||||||
$list = DataList::create($relationClass)->byIDs(array($obj->$joinField));
|
$list = DataList::create($relationClass)->byIDs(array($obj->$joinField));
|
||||||
} else {
|
} else {
|
||||||
@ -517,13 +577,16 @@ class RestfulServer extends Controller {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$apiAccess = singleton($list->dataClass())->stat('api_access');
|
$apiAccess = singleton($list->dataClass())->stat('api_access');
|
||||||
if(!$apiAccess) return false;
|
if (!$apiAccess) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return $this->getSearchQuery($list->dataClass(), $params, $sort, $limit, $list);
|
return $this->getSearchQuery($list->dataClass(), $params, $sort, $limit, $list);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function permissionFailure() {
|
protected function permissionFailure()
|
||||||
|
{
|
||||||
// return a 401
|
// return a 401
|
||||||
$this->getResponse()->setStatusCode(401);
|
$this->getResponse()->setStatusCode(401);
|
||||||
$this->getResponse()->addHeader('WWW-Authenticate', 'Basic realm="API Access"');
|
$this->getResponse()->addHeader('WWW-Authenticate', 'Basic realm="API Access"');
|
||||||
@ -531,20 +594,23 @@ class RestfulServer extends Controller {
|
|||||||
return "You don't have access to this item through the API.";
|
return "You don't have access to this item through the API.";
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function notFound() {
|
protected function notFound()
|
||||||
|
{
|
||||||
// return a 404
|
// return a 404
|
||||||
$this->getResponse()->setStatusCode(404);
|
$this->getResponse()->setStatusCode(404);
|
||||||
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
||||||
return "That object wasn't found";
|
return "That object wasn't found";
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function methodNotAllowed() {
|
protected function methodNotAllowed()
|
||||||
|
{
|
||||||
$this->getResponse()->setStatusCode(405);
|
$this->getResponse()->setStatusCode(405);
|
||||||
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
||||||
return "Method Not Allowed";
|
return "Method Not Allowed";
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function unsupportedMediaType() {
|
protected function unsupportedMediaType()
|
||||||
|
{
|
||||||
$this->response->setStatusCode(415); // Unsupported Media Type
|
$this->response->setStatusCode(415); // Unsupported Media Type
|
||||||
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
$this->getResponse()->addHeader('Content-Type', 'text/plain');
|
||||||
return "Unsupported Media Type";
|
return "Unsupported Media Type";
|
||||||
@ -555,7 +621,8 @@ class RestfulServer extends Controller {
|
|||||||
*
|
*
|
||||||
* @return Member|false the logged in member
|
* @return Member|false the logged in member
|
||||||
*/
|
*/
|
||||||
protected function authenticate() {
|
protected function authenticate()
|
||||||
|
{
|
||||||
$authClass = self::config()->authenticator;
|
$authClass = self::config()->authenticator;
|
||||||
return $authClass::authenticate();
|
return $authClass::authenticate();
|
||||||
}
|
}
|
||||||
@ -568,18 +635,20 @@ class RestfulServer extends Controller {
|
|||||||
* @param Member $member
|
* @param Member $member
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
protected function getAllowedRelations($class, $member = null) {
|
protected function getAllowedRelations($class, $member = null)
|
||||||
|
{
|
||||||
$allowedRelations = array();
|
$allowedRelations = array();
|
||||||
$obj = singleton($class);
|
$obj = singleton($class);
|
||||||
$relations = (array)$obj->has_one() + (array)$obj->has_many() + (array)$obj->many_many();
|
$relations = (array)$obj->has_one() + (array)$obj->has_many() + (array)$obj->many_many();
|
||||||
if($relations) foreach($relations as $relName => $relClass) {
|
if ($relations) {
|
||||||
if(singleton($relClass)->stat('api_access')) {
|
foreach ($relations as $relName => $relClass) {
|
||||||
|
if (singleton($relClass)->stat('api_access')) {
|
||||||
$allowedRelations[] = $relName;
|
$allowedRelations[] = $relName;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return $allowedRelations;
|
return $allowedRelations;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -588,16 +657,19 @@ class RestfulServer extends Controller {
|
|||||||
* @package framework
|
* @package framework
|
||||||
* @subpackage api
|
* @subpackage api
|
||||||
*/
|
*/
|
||||||
class RestfulServer_List {
|
class RestfulServer_List
|
||||||
static $url_handlers = array(
|
{
|
||||||
|
public static $url_handlers = array(
|
||||||
'#ID' => 'handleItem',
|
'#ID' => 'handleItem',
|
||||||
);
|
);
|
||||||
|
|
||||||
function __construct($list) {
|
public function __construct($list)
|
||||||
|
{
|
||||||
$this->list = $list;
|
$this->list = $list;
|
||||||
}
|
}
|
||||||
|
|
||||||
function handleItem($request) {
|
public function handleItem($request)
|
||||||
|
{
|
||||||
return new RestulServer_Item($this->list->getById($request->param('ID')));
|
return new RestulServer_Item($this->list->getById($request->param('ID')));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -608,20 +680,26 @@ class RestfulServer_List {
|
|||||||
* @package framework
|
* @package framework
|
||||||
* @subpackage api
|
* @subpackage api
|
||||||
*/
|
*/
|
||||||
class RestfulServer_Item {
|
class RestfulServer_Item
|
||||||
static $url_handlers = array(
|
{
|
||||||
|
public static $url_handlers = array(
|
||||||
'$Relation' => 'handleRelation',
|
'$Relation' => 'handleRelation',
|
||||||
);
|
);
|
||||||
|
|
||||||
function __construct($item) {
|
public function __construct($item)
|
||||||
|
{
|
||||||
$this->item = $item;
|
$this->item = $item;
|
||||||
}
|
}
|
||||||
|
|
||||||
function handleRelation($request) {
|
public function handleRelation($request)
|
||||||
|
{
|
||||||
$funcName = $request('Relation');
|
$funcName = $request('Relation');
|
||||||
$relation = $this->item->$funcName();
|
$relation = $this->item->$funcName();
|
||||||
|
|
||||||
if($relation instanceof SS_List) return new RestfulServer_List($relation);
|
if ($relation instanceof SS_List) {
|
||||||
else return new RestfulServer_Item($relation);
|
return new RestfulServer_List($relation);
|
||||||
|
} else {
|
||||||
|
return new RestfulServer_Item($relation);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -19,4 +19,6 @@ MySQLDatabase::set_connection_charset('utf8');
|
|||||||
SSViewer::set_theme('simple');
|
SSViewer::set_theme('simple');
|
||||||
|
|
||||||
// Enable nested URLs for this site (e.g. page/sub-page/)
|
// Enable nested URLs for this site (e.g. page/sub-page/)
|
||||||
if(class_exists('SiteTree')) SiteTree::enable_nested_urls();
|
if (class_exists('SiteTree')) {
|
||||||
|
SiteTree::enable_nested_urls();
|
||||||
|
}
|
||||||
|
|||||||
@ -5,7 +5,7 @@ define('SS_ENVIRONMENT_TYPE', 'dev');
|
|||||||
|
|
||||||
/* Database connection */
|
/* Database connection */
|
||||||
$db = getenv('TESTDB');
|
$db = getenv('TESTDB');
|
||||||
switch($db) {
|
switch ($db) {
|
||||||
case "PGSQL";
|
case "PGSQL";
|
||||||
define('SS_DATABASE_CLASS', 'PostgreSQLDatabase');
|
define('SS_DATABASE_CLASS', 'PostgreSQLDatabase');
|
||||||
define('SS_DATABASE_USERNAME', 'postgres');
|
define('SS_DATABASE_USERNAME', 'postgres');
|
||||||
|
|||||||
@ -6,9 +6,9 @@
|
|||||||
* @todo Test DELETE verb
|
* @todo Test DELETE verb
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
class RestfulServerTest extends SapphireTest {
|
class RestfulServerTest extends SapphireTest
|
||||||
|
{
|
||||||
static $fixture_file = 'RestfulServerTest.yml';
|
public static $fixture_file = 'RestfulServerTest.yml';
|
||||||
|
|
||||||
protected $extraDataObjects = array(
|
protected $extraDataObjects = array(
|
||||||
'RestfulServerTest_Comment',
|
'RestfulServerTest_Comment',
|
||||||
@ -18,7 +18,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
'RestfulServerTest_AuthorRating',
|
'RestfulServerTest_AuthorRating',
|
||||||
);
|
);
|
||||||
|
|
||||||
public function testApiAccess() {
|
public function testApiAccess()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
$page1 = $this->objFromFixture('RestfulServerTest_Page', 'page1');
|
$page1 = $this->objFromFixture('RestfulServerTest_Page', 'page1');
|
||||||
|
|
||||||
@ -39,7 +40,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessBoolean() {
|
public function testApiAccessBoolean()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
||||||
@ -51,7 +53,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertContains('<Author', $response->getBody());
|
$this->assertContains('<Author', $response->getBody());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testAuthenticatedGET() {
|
public function testAuthenticatedGET()
|
||||||
|
{
|
||||||
$thing1 = $this->objFromFixture('RestfulServerTest_SecretThing', 'thing1');
|
$thing1 = $this->objFromFixture('RestfulServerTest_SecretThing', 'thing1');
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
@ -71,7 +74,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testAuthenticatedPUT() {
|
public function testAuthenticatedPUT()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
||||||
@ -89,7 +93,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGETRelationshipsXML() {
|
public function testGETRelationshipsXML()
|
||||||
|
{
|
||||||
$author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
|
$author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
||||||
$rating2 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating2');
|
$rating2 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating2');
|
||||||
@ -113,7 +118,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertContains($rating2->ID, $ratingIDs);
|
$this->assertContains($rating2->ID, $ratingIDs);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testGETManyManyRelationshipsXML() {
|
public function testGETManyManyRelationshipsXML()
|
||||||
|
{
|
||||||
// author4 has related authors author2 and author3
|
// author4 has related authors author2 and author3
|
||||||
$author2 = $this->objFromFixture('RestfulServerTest_Author', 'author2');
|
$author2 = $this->objFromFixture('RestfulServerTest_Author', 'author2');
|
||||||
$author3 = $this->objFromFixture('RestfulServerTest_Author', 'author3');
|
$author3 = $this->objFromFixture('RestfulServerTest_Author', 'author3');
|
||||||
@ -134,7 +140,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertContains($author3->ID, $ratingIDs);
|
$this->assertContains($author3->ID, $ratingIDs);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPUTWithFormEncoded() {
|
public function testPUTWithFormEncoded()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
||||||
@ -157,7 +164,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPOSTWithFormEncoded() {
|
public function testPOSTWithFormEncoded()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
||||||
@ -185,7 +193,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPUTwithJSON() {
|
public function testPUTwithJSON()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
||||||
@ -217,7 +226,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testPUTwithXML() {
|
public function testPUTwithXML()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
||||||
@ -249,7 +259,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testHTTPAcceptAndContentType() {
|
public function testHTTPAcceptAndContentType()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
||||||
@ -262,7 +273,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertEquals($response->getHeader('Content-Type'), 'application/json');
|
$this->assertEquals($response->getHeader('Content-Type'), 'application/json');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testNotFound(){
|
public function testNotFound()
|
||||||
|
{
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'user@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'user@test.com';
|
||||||
$_SERVER['PHP_AUTH_PW'] = 'user';
|
$_SERVER['PHP_AUTH_PW'] = 'user';
|
||||||
|
|
||||||
@ -274,7 +286,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testMethodNotAllowed() {
|
public function testMethodNotAllowed()
|
||||||
|
{
|
||||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
|
||||||
@ -282,7 +295,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertEquals($response->getStatusCode(), 405);
|
$this->assertEquals($response->getStatusCode(), 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testConflictOnExistingResourceWhenUsingPost() {
|
public function testConflictOnExistingResourceWhenUsingPost()
|
||||||
|
{
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
||||||
@ -290,7 +304,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertEquals($response->getStatusCode(), 409);
|
$this->assertEquals($response->getStatusCode(), 409);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUnsupportedMediaType() {
|
public function testUnsupportedMediaType()
|
||||||
|
{
|
||||||
$_SERVER['PHP_AUTH_USER'] = 'user@test.com';
|
$_SERVER['PHP_AUTH_USER'] = 'user@test.com';
|
||||||
$_SERVER['PHP_AUTH_PW'] = 'user';
|
$_SERVER['PHP_AUTH_PW'] = 'user';
|
||||||
|
|
||||||
@ -304,8 +319,9 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testXMLValueFormatting() {
|
public function testXMLValueFormatting()
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
{
|
||||||
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
||||||
$response = Director::test($url, null, null, 'GET');
|
$response = Director::test($url, null, null, 'GET');
|
||||||
@ -313,9 +329,10 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertContains('<Rating>' . $rating1->Rating . '</Rating>', $response->getBody());
|
$this->assertContains('<Rating>' . $rating1->Rating . '</Rating>', $response->getBody());
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessFieldRestrictions() {
|
public function testApiAccessFieldRestrictions()
|
||||||
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
|
{
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
$author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
|
||||||
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
||||||
$response = Director::test($url, null, null, 'GET');
|
$response = Director::test($url, null, null, 'GET');
|
||||||
@ -353,8 +370,9 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessRelationRestrictionsInline() {
|
public function testApiAccessRelationRestrictionsInline()
|
||||||
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
|
{
|
||||||
|
$author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
|
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
|
||||||
$response = Director::test($url, null, null, 'GET');
|
$response = Director::test($url, null, null, 'GET');
|
||||||
@ -362,8 +380,9 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertNotContains('<PublishedPages', $response->getBody(), 'Restricts has-many with api_access=false');
|
$this->assertNotContains('<PublishedPages', $response->getBody(), 'Restricts has-many with api_access=false');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessRelationRestrictionsOnEndpoint() {
|
public function testApiAccessRelationRestrictionsOnEndpoint()
|
||||||
$author1 = $this->objFromFixture('RestfulServerTest_Author','author1');
|
{
|
||||||
|
$author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . "/ProfilePage";
|
$url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . "/ProfilePage";
|
||||||
$response = Director::test($url, null, null, 'GET');
|
$response = Director::test($url, null, null, 'GET');
|
||||||
@ -378,8 +397,9 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertEquals(404, $response->getStatusCode(), 'Restricts has-many with api_access=false');
|
$this->assertEquals(404, $response->getStatusCode(), 'Restricts has-many with api_access=false');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessWithPUT() {
|
public function testApiAccessWithPUT()
|
||||||
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating','rating1');
|
{
|
||||||
|
$rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
|
||||||
|
|
||||||
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
$url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
|
||||||
$data = array(
|
$data = array(
|
||||||
@ -393,7 +413,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
|
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testJSONDataFormatter() {
|
public function testJSONDataFormatter()
|
||||||
|
{
|
||||||
$formatter = new JSONDataFormatter();
|
$formatter = new JSONDataFormatter();
|
||||||
$editor = $this->objFromFixture('Member', 'editor');
|
$editor = $this->objFromFixture('Member', 'editor');
|
||||||
$user = $this->objFromFixture('Member', 'user');
|
$user = $this->objFromFixture('Member', 'user');
|
||||||
@ -415,7 +436,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
"Correct JSON formatting on a dataobjectset with field filter");
|
"Correct JSON formatting on a dataobjectset with field filter");
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testApiAccessWithPOST() {
|
public function testApiAccessWithPOST()
|
||||||
|
{
|
||||||
$url = "/api/v1/RestfulServerTest_AuthorRating";
|
$url = "/api/v1/RestfulServerTest_AuthorRating";
|
||||||
$data = array(
|
$data = array(
|
||||||
'Rating' => '42',
|
'Rating' => '42',
|
||||||
@ -428,7 +450,8 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
|
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testCanViewRespectedInList() {
|
public function testCanViewRespectedInList()
|
||||||
|
{
|
||||||
// Default content type
|
// Default content type
|
||||||
$url = "/api/v1/RestfulServerTest_SecretThing/";
|
$url = "/api/v1/RestfulServerTest_SecretThing/";
|
||||||
$response = Director::test($url, null, null, 'GET');
|
$response = Director::test($url, null, null, 'GET');
|
||||||
@ -451,7 +474,6 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
unset($_SERVER['PHP_AUTH_USER']);
|
unset($_SERVER['PHP_AUTH_USER']);
|
||||||
unset($_SERVER['PHP_AUTH_PW']);
|
unset($_SERVER['PHP_AUTH_PW']);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -459,21 +481,22 @@ class RestfulServerTest extends SapphireTest {
|
|||||||
* but only "editors" can edit or delete them.
|
* but only "editors" can edit or delete them.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
class RestfulServerTest_Comment extends DataObject implements PermissionProvider,TestOnly {
|
class RestfulServerTest_Comment extends DataObject implements PermissionProvider,TestOnly
|
||||||
|
{
|
||||||
|
public static $api_access = true;
|
||||||
|
|
||||||
static $api_access = true;
|
public static $db = array(
|
||||||
|
|
||||||
static $db = array(
|
|
||||||
"Name" => "Varchar(255)",
|
"Name" => "Varchar(255)",
|
||||||
"Comment" => "Text"
|
"Comment" => "Text"
|
||||||
);
|
);
|
||||||
|
|
||||||
static $has_one = array(
|
public static $has_one = array(
|
||||||
'Page' => 'RestfulServerTest_Page',
|
'Page' => 'RestfulServerTest_Page',
|
||||||
'Author' => 'RestfulServerTest_Author',
|
'Author' => 'RestfulServerTest_Author',
|
||||||
);
|
);
|
||||||
|
|
||||||
public function providePermissions(){
|
public function providePermissions()
|
||||||
|
{
|
||||||
return array(
|
return array(
|
||||||
'EDIT_Comment' => 'Edit Comment Objects',
|
'EDIT_Comment' => 'Edit Comment Objects',
|
||||||
'CREATE_Comment' => 'Create Comment Objects',
|
'CREATE_Comment' => 'Create Comment Objects',
|
||||||
@ -481,90 +504,97 @@ class RestfulServerTest_Comment extends DataObject implements PermissionProvider
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canView($member = null) {
|
public function canView($member = null)
|
||||||
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canEdit($member = null) {
|
public function canEdit($member = null)
|
||||||
|
{
|
||||||
return Permission::checkMember($member, 'EDIT_Comment');
|
return Permission::checkMember($member, 'EDIT_Comment');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canDelete($member = null) {
|
public function canDelete($member = null)
|
||||||
|
{
|
||||||
return Permission::checkMember($member, 'DELETE_Comment');
|
return Permission::checkMember($member, 'DELETE_Comment');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canCreate($member = null) {
|
public function canCreate($member = null)
|
||||||
|
{
|
||||||
return Permission::checkMember($member, 'CREATE_Comment');
|
return Permission::checkMember($member, 'CREATE_Comment');
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestfulServerTest_SecretThing extends DataObject implements TestOnly,PermissionProvider{
|
class RestfulServerTest_SecretThing extends DataObject implements TestOnly,PermissionProvider
|
||||||
static $api_access = true;
|
{
|
||||||
|
public static $api_access = true;
|
||||||
|
|
||||||
static $db = array(
|
public static $db = array(
|
||||||
"Name" => "Varchar(255)",
|
"Name" => "Varchar(255)",
|
||||||
);
|
);
|
||||||
|
|
||||||
public function canView($member = null) {
|
public function canView($member = null)
|
||||||
|
{
|
||||||
return Permission::checkMember($member, 'VIEW_SecretThing');
|
return Permission::checkMember($member, 'VIEW_SecretThing');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function providePermissions(){
|
public function providePermissions()
|
||||||
|
{
|
||||||
return array(
|
return array(
|
||||||
'VIEW_SecretThing' => 'View Secret Things',
|
'VIEW_SecretThing' => 'View Secret Things',
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestfulServerTest_Page extends DataObject implements TestOnly {
|
class RestfulServerTest_Page extends DataObject implements TestOnly
|
||||||
|
{
|
||||||
|
public static $api_access = false;
|
||||||
|
|
||||||
static $api_access = false;
|
public static $db = array(
|
||||||
|
|
||||||
static $db = array(
|
|
||||||
'Title' => 'Text',
|
'Title' => 'Text',
|
||||||
'Content' => 'HTMLText',
|
'Content' => 'HTMLText',
|
||||||
);
|
);
|
||||||
|
|
||||||
static $has_one = array(
|
public static $has_one = array(
|
||||||
'Author' => 'RestfulServerTest_Author',
|
'Author' => 'RestfulServerTest_Author',
|
||||||
);
|
);
|
||||||
|
|
||||||
static $has_many = array(
|
public static $has_many = array(
|
||||||
'TestComments' => 'RestfulServerTest_Comment'
|
'TestComments' => 'RestfulServerTest_Comment'
|
||||||
);
|
);
|
||||||
|
|
||||||
static $belongs_many_many = array(
|
public static $belongs_many_many = array(
|
||||||
'RelatedAuthors' => 'RestfulServerTest_Author',
|
'RelatedAuthors' => 'RestfulServerTest_Author',
|
||||||
);
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestfulServerTest_Author extends DataObject implements TestOnly {
|
class RestfulServerTest_Author extends DataObject implements TestOnly
|
||||||
|
{
|
||||||
|
public static $api_access = true;
|
||||||
|
|
||||||
static $api_access = true;
|
public static $db = array(
|
||||||
|
|
||||||
static $db = array(
|
|
||||||
'Name' => 'Text',
|
'Name' => 'Text',
|
||||||
);
|
);
|
||||||
|
|
||||||
static $many_many = array(
|
public static $many_many = array(
|
||||||
'RelatedPages' => 'RestfulServerTest_Page',
|
'RelatedPages' => 'RestfulServerTest_Page',
|
||||||
'RelatedAuthors' => 'RestfulServerTest_Author',
|
'RelatedAuthors' => 'RestfulServerTest_Author',
|
||||||
);
|
);
|
||||||
|
|
||||||
static $has_many = array(
|
public static $has_many = array(
|
||||||
'PublishedPages' => 'RestfulServerTest_Page',
|
'PublishedPages' => 'RestfulServerTest_Page',
|
||||||
'Ratings' => 'RestfulServerTest_AuthorRating',
|
'Ratings' => 'RestfulServerTest_AuthorRating',
|
||||||
);
|
);
|
||||||
|
|
||||||
public function canView($member = null) {
|
public function canView($member = null)
|
||||||
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class RestfulServerTest_AuthorRating extends DataObject implements TestOnly {
|
class RestfulServerTest_AuthorRating extends DataObject implements TestOnly
|
||||||
static $api_access = array(
|
{
|
||||||
|
public static $api_access = array(
|
||||||
'view' => array(
|
'view' => array(
|
||||||
'Rating',
|
'Rating',
|
||||||
'WriteProtectedField',
|
'WriteProtectedField',
|
||||||
@ -575,27 +605,29 @@ class RestfulServerTest_AuthorRating extends DataObject implements TestOnly {
|
|||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
static $db = array(
|
public static $db = array(
|
||||||
'Rating' => 'Int',
|
'Rating' => 'Int',
|
||||||
'SecretField' => 'Text',
|
'SecretField' => 'Text',
|
||||||
'WriteProtectedField' => 'Text',
|
'WriteProtectedField' => 'Text',
|
||||||
);
|
);
|
||||||
|
|
||||||
static $has_one = array(
|
public static $has_one = array(
|
||||||
'Author' => 'RestfulServerTest_Author',
|
'Author' => 'RestfulServerTest_Author',
|
||||||
'SecretRelation' => 'RestfulServerTest_Author',
|
'SecretRelation' => 'RestfulServerTest_Author',
|
||||||
);
|
);
|
||||||
|
|
||||||
public function canView($member = null) {
|
public function canView($member = null)
|
||||||
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canEdit($member = null) {
|
public function canEdit($member = null)
|
||||||
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function canCreate($member = null) {
|
public function canCreate($member = null)
|
||||||
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user