public function testHttpMethodOverrides()
{
$request = new SS_HTTPRequest('GET', 'admin/crm');
$this->assertTrue($request->isGET(), 'GET with no method override');
$request = new SS_HTTPRequest('POST', 'admin/crm');
$this->assertTrue($request->isPOST(), 'POST with no method override');
$request = new SS_HTTPRequest('GET', 'admin/crm', array('_method' => 'DELETE'));
$this->assertTrue($request->isGET(), 'GET with invalid POST method override');
$request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'DELETE'));
$this->assertTrue($request->isDELETE(), 'POST with valid method override to DELETE');
$request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'put'));
$this->assertTrue($request->isPUT(), 'POST with valid method override to PUT');
$request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head'));
$this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD ');
$request = new SS_HTTPRequest('POST', 'admin/crm', array(), array('_method' => 'head'));
$this->assertTrue($request->isHEAD(), 'POST with valid method override to HEAD');
$request = new SS_HTTPRequest('POST', 'admin/crm', array('_method' => 'head'));
$this->assertTrue($request->isPOST(), 'POST with invalid method override by GET parameters to HEAD');
}
/**
* All requests pass through here and are redirected depending on HTTP verb and params
*
* @param SS_HTTPRequest $request HTTP request
* @return DataObjec|DataList DataObject/DataList result or stdClass on error
*/
public function handleQuery(SS_HTTPRequest $request)
{
//get requested model(s) details
$model = $request->param('ClassName');
$id = $request->param('ID');
$response = false;
$queryParams = $this->parseQueryParameters($request->getVars());
//validate Model name + store
if ($model) {
$model = $this->deSerializer->unformatName($model);
if (!class_exists($model)) {
return new RESTfulAPI_Error(400, "Model does not exist. Received '{$model}'.");
} else {
//store requested model data and query data
$this->requestedData['model'] = $model;
}
} else {
//if model missing, stop + return blank object
return new RESTfulAPI_Error(400, "Missing Model parameter.");
}
//validate ID + store
if (($request->isPUT() || $request->isDELETE()) && !is_numeric($id)) {
return new RESTfulAPI_Error(400, "Invalid or missing ID. Received '{$id}'.");
} else {
if ($id !== NULL && !is_numeric($id)) {
return new RESTfulAPI_Error(400, "Invalid ID. Received '{$id}'.");
} else {
$this->requestedData['id'] = $id;
}
}
//store query parameters
if ($queryParams) {
$this->requestedData['params'] = $queryParams;
}
//check API access rules on model
if (!RESTfulAPI::api_access_control($model, $request->httpMethod())) {
return new RESTfulAPI_Error(403, "API access denied.");
}
//map HTTP word to module method
if ($request->isGET()) {
$result = $this->findModel($model, $id, $queryParams, $request);
} elseif ($request->isPOST()) {
$result = $this->createModel($model, $request);
} elseif ($request->isPUT()) {
$result = $this->updateModel($model, $id, $request);
} elseif ($request->isDELETE()) {
$result = $this->deleteModel($model, $id, $request);
} else {
return new RESTfulAPI_Error(403, "HTTP method mismatch.");
}
return $result;
}
