tonyair/silverstripe-restfulserver
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-restfulserver synced 2024-10-22 14:05:58 +02:00
Code Issues Projects Releases Wiki Activity

FIX Ensure a Member object is passed to canView etc methods if available

Browse Source
This commit is contained in:
Robbie Averill 2017-11-03 10:20:11 +13:00
parent a12e6d48f5
commit cb92696392
1 changed files with 119 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
code/RestfulServer.php
View File

@ -204,7 +204,7 @@ class RestfulServer extends Controller
if (!$obj) {
return $this->notFound();
}
if (!$obj->canView()) {
if (!$obj->canView($this->getMember())) {
return $this->permissionFailure();
}
@ -232,7 +232,7 @@ class RestfulServer extends Controller
$responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
$objs = new ArrayList($obj->toArray());
foreach ($objs as $obj) {
if (!$obj->canView()) {
if (!$obj->canView($this->getMember())) {
$objs->remove($obj);
}
}
@ -372,7 +372,7 @@ class RestfulServer extends Controller
if (!$obj) {
return $this->notFound();
}
if (!$obj->canDelete()) {
if (!$obj->canDelete($this->getMember())) {
return $this->permissionFailure();
}
@ -391,7 +391,7 @@ class RestfulServer extends Controller
if (!$obj) {
return $this->notFound();
}
if (!$obj->canEdit()) {
if (!$obj->canEdit($this->getMember())) {
return $this->permissionFailure();
}
@ -456,37 +456,37 @@ class RestfulServer extends Controller
$this->getResponse()->setStatusCode(204); // No Content
return true;
} else {
if (!singleton($className)->canCreate()) {
return $this->permissionFailure();
}
$obj = new $className();
$reqFormatter = $this->getRequestDataFormatter($className);
if (!$reqFormatter) {
return $this->unsupportedMediaType();
}
$responseFormatter = $this->getResponseDataFormatter($className);
$obj = $this->updateDataObject($obj, $reqFormatter);
$this->getResponse()->setStatusCode(201); // Created
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
// Append the default extension for the output format to the Location header
// or else we'll use the default (XML)
$types = $responseFormatter->supportedExtensions();
$type = '';
if (count($types)) {
$type = ".{$types[0]}";
}
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
$this->getResponse()->addHeader('Location', $objHref);
return $responseFormatter->convertDataObject($obj);
}
if (!singleton($className)->canCreate($this->getMember())) {
return $this->permissionFailure();
}
$obj = new $className();
$reqFormatter = $this->getRequestDataFormatter($className);
if (!$reqFormatter) {
return $this->unsupportedMediaType();
}
$responseFormatter = $this->getResponseDataFormatter($className);
$obj = $this->updateDataObject($obj, $reqFormatter);
$this->getResponse()->setStatusCode(201); // Created
$this->getResponse()->addHeader('Content-Type', $responseFormatter->getOutputContentType());
// Append the default extension for the output format to the Location header
// or else we'll use the default (XML)
$types = $responseFormatter->supportedExtensions();
$type = '';
if (count($types)) {
$type = ".{$types[0]}";
}
$objHref = Director::absoluteURL(self::$api_base . "$obj->class/$obj->ID" . $type);
$this->getResponse()->addHeader('Location', $objHref);
return $responseFormatter->convertDataObject($obj);
}
/**
@ -649,6 +649,16 @@ class RestfulServer extends Controller
}
return $allowedRelations;
}
/**
* Get the current Member, if available
*
* @return Member|null
*/
protected function getMember()
{
return Member::currentUser();
}
}
/**