/** * Takes a entity that's ready to be returned and removes fields which the user shouldn't be able to access. * @param array $entity * @param \EEM_Base $model * @param string $request_type one of the return values from EEM_Base::valid_cap_contexts() * @param Model_Version_Info $model_version_info * @return array ready for converting into json */ public static function filter_out_inaccessible_entity_fields($entity, $model, $request_type, $model_version_info) { //we only care to do this for frontend reads and when the user can't edit the item if ($request_type !== \EEM_Base::caps_read || $model->exists(array(array($model->primary_key_name() => $entity[$model->primary_key_name()]), 'default_where_conditions' => 'none', 'caps' => \EEM_Base::caps_edit))) { return $entity; } foreach ($model->field_settings() as $field_name => $field_obj) { if ($model_version_info->field_has_rendered_format($field_obj) && isset($entity[$field_name]['raw'])) { unset($entity[$field_name]['raw']); } } //theoretically we may want to filter out specific fields for specific models return apply_filters('FHEE__Capabilities__filter_out_inaccessible_entity_fields', $entity, $model, $request_type); }
/** * @group ignore */ function test_get_all_models_for_requested_version__no_registration_payment_model_in_46() { //pretend we are at version 4.8, and have the Registration_Payment model if (!isset(\EE_Registry::instance()->non_abstract_db_models['Registration_Payment'])) { \EE_Registry::instance()->non_abstract_db_models['Registration_Payment'] = 'EE_Registration_Payment'; $pretend_got_registration_payment = true; } else { $pretend_got_registration_payment = false; } //but the request is for 4.6, where there was no such model $this->_pretend_current_version_48(); $model_info = new Model_Version_Info('4.6'); $models = $model_info->models_for_requested_version(); //cleanup before making an assertion if ($pretend_got_registration_payment) { unset(EE_Registry::instance()->non_abstract_db_models['Registration_Payment']); } $this->assertArrayNotHasKey('Registration_Payment', $models); }