public function testHttpMethodOverrides() { $request = new SS_HTTPRequest('GET', 'admin/crm'); $this->assertTrue($request->isGET(), 'GET with no method override'); $request = new SS_HTTPRequest('POST', 'admin/crm'); $this->assertTrue($request->isPOST(), 'POST with no method override'); $request = new SS_HTTPRequest('GET', 'admin/crm', array('_method' => 'DELETE')); $this->assertTrue($request->isGET(), 'GET with invalid POST method override'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'DELETE')); $this->assertTrue($request->isDELETE(), 'POST with valid method override to DELETE'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'put')); $this->assertTrue($request->isPUT(), 'POST with valid method override to PUT'); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head')); $this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD '); $request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head')); $this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD'); $request = new SS_HTTPRequest('POST', 'admin/crm', array('_method' => 'head')); $this->assertTrue($request->isPOST(), 'POST with invalid method override by GET parameters to HEAD'); }
/** * All requests pass through here and are redirected depending on HTTP verb and params * * @param SS_HTTPRequest $request HTTP request * @return DataObjec|DataList DataObject/DataList result or stdClass on error */ public function handleQuery(SS_HTTPRequest $request) { //get requested model(s) details $model = $request->param('ClassName'); $id = $request->param('ID'); $response = false; $queryParams = $this->parseQueryParameters($request->getVars()); //validate Model name + store if ($model) { $model = $this->deSerializer->unformatName($model); if (!class_exists($model)) { return new RESTfulAPI_Error(400, "Model does not exist. Received '{$model}'."); } else { //store requested model data and query data $this->requestedData['model'] = $model; } } else { //if model missing, stop + return blank object return new RESTfulAPI_Error(400, "Missing Model parameter."); } //validate ID + store if (($request->isPUT() || $request->isDELETE()) && !is_numeric($id)) { return new RESTfulAPI_Error(400, "Invalid or missing ID. Received '{$id}'."); } else { if ($id !== NULL && !is_numeric($id)) { return new RESTfulAPI_Error(400, "Invalid ID. Received '{$id}'."); } else { $this->requestedData['id'] = $id; } } //store query parameters if ($queryParams) { $this->requestedData['params'] = $queryParams; } //check API access rules on model if (!RESTfulAPI::api_access_control($model, $request->httpMethod())) { return new RESTfulAPI_Error(403, "API access denied."); } //map HTTP word to module method if ($request->isGET()) { $result = $this->findModel($model, $id, $queryParams, $request); } elseif ($request->isPOST()) { $result = $this->createModel($model, $request); } elseif ($request->isPUT()) { $result = $this->updateModel($model, $id, $request); } elseif ($request->isDELETE()) { $result = $this->deleteModel($model, $id, $request); } else { return new RESTfulAPI_Error(403, "HTTP method mismatch."); } return $result; }