mirror of
https://github.com/silverstripe/silverstripe-restfulserver
synced 2024-10-22 14:05:58 +02:00
API Added canView() checks to record listing logic
In preparation for removal of those checks from the underlying JSONDataFormatter and XMLDataFormatter implementations in core, which shouldn't deal with these kinds of model concerns.
This commit is contained in:
parent
90bfa5eac6
commit
9732ec8932
@ -178,7 +178,9 @@ class RestfulServer extends Controller {
|
||||
|
||||
if($obj instanceof SS_List) {
|
||||
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
||||
return $responseFormatter->convertDataObjectSet($obj, $fields);
|
||||
$objs = new ArrayList($obj->toArray());
|
||||
foreach($objs as $obj) if(!$obj->canView()) $objs->remove($obj);
|
||||
return $responseFormatter->convertDataObjectSet($objs, $fields);
|
||||
} else if(!$obj) {
|
||||
$responseFormatter->setTotalSize(0);
|
||||
return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);
|
||||
|
@ -54,7 +54,7 @@ class RestfulServerTest extends SapphireTest {
|
||||
public function testAuthenticatedGET() {
|
||||
$thing1 = $this->objFromFixture('RestfulServerTest_SecretThing', 'thing1');
|
||||
$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
|
||||
|
||||
|
||||
// @todo create additional mock object with authenticated VIEW permissions
|
||||
$url = "/api/v1/RestfulServerTest_SecretThing/" . $thing1->ID;
|
||||
$response = Director::test($url, null, null, 'GET');
|
||||
@ -417,6 +417,30 @@ class RestfulServerTest extends SapphireTest {
|
||||
$this->assertEquals($responseArr['Rating'], 42);
|
||||
$this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');
|
||||
}
|
||||
|
||||
public function testCanViewRespectedInList() {
|
||||
// Default content type
|
||||
$url = "/api/v1/RestfulServerTest_SecretThing/";
|
||||
$response = Director::test($url, null, null, 'GET');
|
||||
$this->assertEquals($response->getStatusCode(), 200);
|
||||
$this->assertNotContains('Unspeakable', $response->getBody());
|
||||
|
||||
// JSON content type
|
||||
$url = "/api/v1/RestfulServerTest_SecretThing.json";
|
||||
$response = Director::test($url, null, null, 'GET');
|
||||
$this->assertEquals($response->getStatusCode(), 200);
|
||||
$this->assertNotContains('Unspeakable', $response->getBody());
|
||||
|
||||
// With authentication
|
||||
$_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
|
||||
$_SERVER['PHP_AUTH_PW'] = 'editor';
|
||||
$url = "/api/v1/RestfulServerTest_SecretThing/";
|
||||
$response = Director::test($url, null, null, 'GET');
|
||||
$this->assertEquals($response->getStatusCode(), 200);
|
||||
$this->assertContains('Unspeakable', $response->getBody());
|
||||
unset($_SERVER['PHP_AUTH_USER']);
|
||||
unset($_SERVER['PHP_AUTH_PW']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user