tonyair/silverstripe-restfulserver
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-restfulserver synced 2024-10-22 14:05:58 +02:00
Code Issues Projects Releases Wiki Activity

API Added canView() checks to record listing logic

Browse Source 
In preparation for removal of those checks from the underlying
JSONDataFormatter and XMLDataFormatter implementations in core,
which shouldn't deal with these kinds of model concerns.
This commit is contained in:
Ingo Schommer 2012-10-31 00:14:46 +01:00
parent 90bfa5eac6
commit 9732ec8932
2 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
code/RestfulServer.php
View File

@ -178,7 +178,9 @@ class RestfulServer extends Controller {
if($obj instanceof SS_List) { if($obj instanceof SS_List) {
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount()); $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
return $responseFormatter->convertDataObjectSet($obj, $fields); $objs = new ArrayList($obj->toArray());
foreach($objs as $obj) if(!$obj->canView()) $objs->remove($obj);
return $responseFormatter->convertDataObjectSet($objs, $fields);
} else if(!$obj) { } else if(!$obj) {
$responseFormatter->setTotalSize(0); $responseFormatter->setTotalSize(0);
return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields); return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);

24
tests/RestfulServerTest.php
View File

@ -418,6 +418,30 @@ class RestfulServerTest extends SapphireTest {
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red'); $this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
} }
public function testCanViewRespectedInList() {
// Default content type
$url = "/api/v1/RestfulServerTest_SecretThing/";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotContains('Unspeakable', $response->getBody());
// JSON content type
$url = "/api/v1/RestfulServerTest_SecretThing.json";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertNotContains('Unspeakable', $response->getBody());
// With authentication
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
$_SERVER['PHP_AUTH_PW'] = 'editor';
$url = "/api/v1/RestfulServerTest_SecretThing/";
$response = Director::test($url, null, null, 'GET');
$this->assertEquals($response->getStatusCode(), 200);
$this->assertContains('Unspeakable', $response->getBody());
unset($_SERVER['PHP_AUTH_USER']);
unset($_SERVER['PHP_AUTH_PW']);
}
} }
/** /**