FIX Ensure a Member object is passed to canView etc methods if available

This commit is contained in:
Robbie Averill 2017-11-03 10:20:11 +13:00
parent a12e6d48f5
commit cb92696392

View File

@ -204,7 +204,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canView()) { if (!$obj->canView($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -232,7 +232,7 @@ class RestfulServer extends Controller
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount()); $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
$objs = new ArrayList($obj->toArray()); $objs = new ArrayList($obj->toArray());
foreach ($objs as $obj) { foreach ($objs as $obj) {
if (!$obj->canView()) { if (!$obj->canView($this->getMember())) {
$objs->remove($obj); $objs->remove($obj);
} }
} }
@ -372,7 +372,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canDelete()) { if (!$obj->canDelete($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -391,7 +391,7 @@ class RestfulServer extends Controller
if (!$obj) { if (!$obj) {
return $this->notFound(); return $this->notFound();
} }
if (!$obj->canEdit()) { if (!$obj->canEdit($this->getMember())) {
return $this->permissionFailure(); return $this->permissionFailure();
} }
@ -456,37 +456,37 @@ class RestfulServer extends Controller
$this->getResponse()->setStatusCode(204); // No Content $this->getResponse()->setStatusCode(204); // No Content
return true; return true;
} else {
if (!singleton($className)->canCreate()) {
return $this->permissionFailure();
}
$obj = new $className();
$reqFormatter = $this->getRequestDataFormatter($className);
if (!$reqFormatter) {
return $this->unsupportedMediaType();
}
$responseFormatter = $this->getResponseDataFormatter($className);
$obj = $this->updateDataObject($obj, $reqFormatter);
$this->getResponse()->setStatusCode(201); // Created
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
// Append the default extension for the output format to the Location header
// or else we'll use the default (XML)
$types = $responseFormatter->supportedExtensions();
$type = '';
if (count($types)) {
$type = ".{$types[0]}";
}
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
$this->getResponse()->addHeader('Location', $objHref);
return $responseFormatter->convertDataObject($obj);
} }
if (!singleton($className)->canCreate($this->getMember())) {
return $this->permissionFailure();
}
$obj = new $className();
$reqFormatter = $this->getRequestDataFormatter($className);
if (!$reqFormatter) {
return $this->unsupportedMediaType();
}
$responseFormatter = $this->getResponseDataFormatter($className);
$obj = $this->updateDataObject($obj, $reqFormatter);
$this->getResponse()->setStatusCode(201); // Created
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
// Append the default extension for the output format to the Location header
// or else we'll use the default (XML)
$types = $responseFormatter->supportedExtensions();
$type = '';
if (count($types)) {
$type = ".{$types[0]}";
}
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
$this->getResponse()->addHeader('Location', $objHref);
return $responseFormatter->convertDataObject($obj);
} }
/** /**
@ -649,6 +649,16 @@ class RestfulServer extends Controller
} }
return $allowedRelations; return $allowedRelations;
} }
/**
* Get the current Member, if available
*
* @return Member|null
*/
protected function getMember()
{
return Member::currentUser();
}
} }
/** /**