tonyair
/
silverstripe-restfulserver
mirror of https://github.com/silverstripe/silverstripe-restfulserver
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

API Added canView() checks to record listing logic 

In preparation for removal of those checks from the underlying
JSONDataFormatter and XMLDataFormatter implementations in core,
which shouldn't deal with these kinds of model concerns.
This commit is contained in:
Ingo Schommer 2012-10-31 00:14:46 +01:00
parent 90bfa5eac6
commit 9732ec8932
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/RestfulServer.php
View File

@ -178,7 +178,9 @@ class RestfulServer extends Controller {
if($obj instanceof SS_List) {
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
return $responseFormatter->convertDataObjectSet($obj, $fields);
$objs = new ArrayList($obj->toArray());
foreach($objs as $obj) if(!$obj->canView()) $objs->remove($obj);
return $responseFormatter->convertDataObjectSet($objs, $fields);
} else if(!$obj) {
$responseFormatter->setTotalSize(0);
return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);

26
tests/RestfulServerTest.php
View File

@ -54,7 +54,7 @@ class RestfulServerTest extends SapphireTest {
public function testAuthenticatedGET() {
$thing1 = $this->objFromFixture('RestfulServerTest_SecretThing', 'thing1');
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
// @todo create additional mock object with authenticated VIEW permissions
$url = "/api/v1/RestfulServerTest_SecretThing/" . $thing1->ID;
$response = Director::test($url, null, null, 'GET');
@ -417,6 +417,30 @@ class RestfulServerTest extends SapphireTest {
$this->assertEquals($responseArr['Rating'], 42);
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
}
public function testCanViewRespectedInList() {
// Default content type
$url = "/api/v1/RestfulServerTest_SecretThing/";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotContains('Unspeakable', $response->getBody());
// JSON content type
$url = "/api/v1/RestfulServerTest_SecretThing.json";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotContains('Unspeakable', $response->getBody());
// With authentication
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
$_SERVER['PHP_AUTH_PW'] = 'editor';
$url = "/api/v1/RestfulServerTest_SecretThing/";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertContains('Unspeakable', $response->getBody());
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
}
}