mirror of
https://github.com/silverstripe/silverstripe-restfulserver
synced 2024-10-22 14:05:58 +02:00
FIX Ensure a Member object is passed to canView etc methods if available
This commit is contained in:
parent
a12e6d48f5
commit
cb92696392
@ -204,7 +204,7 @@ class RestfulServer extends Controller
|
|||||||
if (!$obj) {
|
if (!$obj) {
|
||||||
return $this->notFound();
|
return $this->notFound();
|
||||||
}
|
}
|
||||||
if (!$obj->canView()) {
|
if (!$obj->canView($this->getMember())) {
|
||||||
return $this->permissionFailure();
|
return $this->permissionFailure();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -232,7 +232,7 @@ class RestfulServer extends Controller
|
|||||||
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
|
||||||
$objs = new ArrayList($obj->toArray());
|
$objs = new ArrayList($obj->toArray());
|
||||||
foreach ($objs as $obj) {
|
foreach ($objs as $obj) {
|
||||||
if (!$obj->canView()) {
|
if (!$obj->canView($this->getMember())) {
|
||||||
$objs->remove($obj);
|
$objs->remove($obj);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -372,7 +372,7 @@ class RestfulServer extends Controller
|
|||||||
if (!$obj) {
|
if (!$obj) {
|
||||||
return $this->notFound();
|
return $this->notFound();
|
||||||
}
|
}
|
||||||
if (!$obj->canDelete()) {
|
if (!$obj->canDelete($this->getMember())) {
|
||||||
return $this->permissionFailure();
|
return $this->permissionFailure();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -391,7 +391,7 @@ class RestfulServer extends Controller
|
|||||||
if (!$obj) {
|
if (!$obj) {
|
||||||
return $this->notFound();
|
return $this->notFound();
|
||||||
}
|
}
|
||||||
if (!$obj->canEdit()) {
|
if (!$obj->canEdit($this->getMember())) {
|
||||||
return $this->permissionFailure();
|
return $this->permissionFailure();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -456,37 +456,37 @@ class RestfulServer extends Controller
|
|||||||
|
|
||||||
$this->getResponse()->setStatusCode(204); // No Content
|
$this->getResponse()->setStatusCode(204); // No Content
|
||||||
return true;
|
return true;
|
||||||
} else {
|
|
||||||
if (!singleton($className)->canCreate()) {
|
|
||||||
return $this->permissionFailure();
|
|
||||||
}
|
|
||||||
$obj = new $className();
|
|
||||||
|
|
||||||
$reqFormatter = $this->getRequestDataFormatter($className);
|
|
||||||
if (!$reqFormatter) {
|
|
||||||
return $this->unsupportedMediaType();
|
|
||||||
}
|
|
||||||
|
|
||||||
$responseFormatter = $this->getResponseDataFormatter($className);
|
|
||||||
|
|
||||||
$obj = $this->updateDataObject($obj, $reqFormatter);
|
|
||||||
|
|
||||||
$this->getResponse()->setStatusCode(201); // Created
|
|
||||||
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
|
|
||||||
|
|
||||||
// Append the default extension for the output format to the Location header
|
|
||||||
// or else we'll use the default (XML)
|
|
||||||
$types = $responseFormatter->supportedExtensions();
|
|
||||||
$type = '';
|
|
||||||
if (count($types)) {
|
|
||||||
$type = ".{$types[0]}";
|
|
||||||
}
|
|
||||||
|
|
||||||
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
|
|
||||||
$this->getResponse()->addHeader('Location', $objHref);
|
|
||||||
|
|
||||||
return $responseFormatter->convertDataObject($obj);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!singleton($className)->canCreate($this->getMember())) {
|
||||||
|
return $this->permissionFailure();
|
||||||
|
}
|
||||||
|
$obj = new $className();
|
||||||
|
|
||||||
|
$reqFormatter = $this->getRequestDataFormatter($className);
|
||||||
|
if (!$reqFormatter) {
|
||||||
|
return $this->unsupportedMediaType();
|
||||||
|
}
|
||||||
|
|
||||||
|
$responseFormatter = $this->getResponseDataFormatter($className);
|
||||||
|
|
||||||
|
$obj = $this->updateDataObject($obj, $reqFormatter);
|
||||||
|
|
||||||
|
$this->getResponse()->setStatusCode(201); // Created
|
||||||
|
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
|
||||||
|
|
||||||
|
// Append the default extension for the output format to the Location header
|
||||||
|
// or else we'll use the default (XML)
|
||||||
|
$types = $responseFormatter->supportedExtensions();
|
||||||
|
$type = '';
|
||||||
|
if (count($types)) {
|
||||||
|
$type = ".{$types[0]}";
|
||||||
|
}
|
||||||
|
|
||||||
|
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
|
||||||
|
$this->getResponse()->addHeader('Location', $objHref);
|
||||||
|
|
||||||
|
return $responseFormatter->convertDataObject($obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -649,6 +649,16 @@ class RestfulServer extends Controller
|
|||||||
}
|
}
|
||||||
return $allowedRelations;
|
return $allowedRelations;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the current Member, if available
|
||||||
|
*
|
||||||
|
* @return Member|null
|
||||||
|
*/
|
||||||
|
protected function getMember()
|
||||||
|
{
|
||||||
|
return Member::currentUser();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user