FIX Ensure a Member object is passed to canView etc methods if available

2024-06-13 16:29:09 +02:00 · 2017-11-03 10:20:11 +13:00 · 2017-11-03 10:20:11 +13:00 · cb92696392
commit cb92696392
parent a12e6d48f5
1 changed files with 119 additions and 109 deletions
--- a/code/RestfulServer.php
+++ b/code/RestfulServer.php
@ -204,7 +204,7 @@ class RestfulServer extends Controller
            if (!$obj) {
                return $this->notFound();
            }
-            if (!$obj->canView()) {
+            if (!$obj->canView($this->getMember())) {
                return $this->permissionFailure();
            }

@ -232,7 +232,7 @@ class RestfulServer extends Controller
            $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
            $objs = new ArrayList($obj->toArray());
            foreach ($objs as $obj) {
-                if (!$obj->canView()) {
+                if (!$obj->canView($this->getMember())) {
                    $objs->remove($obj);
                }
            }
@ -372,7 +372,7 @@ class RestfulServer extends Controller
        if (!$obj) {
            return $this->notFound();
        }
-        if (!$obj->canDelete()) {
+        if (!$obj->canDelete($this->getMember())) {
            return $this->permissionFailure();
        }

@ -391,7 +391,7 @@ class RestfulServer extends Controller
        if (!$obj) {
            return $this->notFound();
        }
-        if (!$obj->canEdit()) {
+        if (!$obj->canEdit($this->getMember())) {
            return $this->permissionFailure();
        }

@ -456,8 +456,9 @@ class RestfulServer extends Controller

            $this->getResponse()->setStatusCode(204); // No Content
            return true;
-        } else {
-            if (!singleton($className)->canCreate()) {
+        }
+
+        if (!singleton($className)->canCreate($this->getMember())) {
            return $this->permissionFailure();
        }
        $obj = new $className();
@ -487,7 +488,6 @@ class RestfulServer extends Controller

        return $responseFormatter->convertDataObject($obj);
    }
-    }

    /**
     * Converts either the given HTTP Body into an array
@ -649,6 +649,16 @@ class RestfulServer extends Controller
        }
        return $allowedRelations;
    }
+
+    /**
+     * Get the current Member, if available
+     *
+     * @return Member|null
+     */
+    protected function getMember()
+    {
+        return Member::currentUser();
+    }
 }

 /**