/** * test grabbing access by name that does not exist **/ public function testGetInvalidAccessByAccessName() { // grab a user id that exceeds the maximum allowable user id $access = Access::getAccessByAccessName($this->getPDO(), "nobody was ever given this access"); $this->assertCount(0, $access); }
$accessName = filter_input(INPUT_GET, "accessName", FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); //handle REST calls, while only allowing administrators to access database-modifying methods if ($method === "GET") { //set XSRF cookie setXsrfCookie("/"); //get the Access based on the given field if (empty($id) === false) { $access = Access::getAccessByAccessId($pdo, $id); // this is for restricting by company - remember is access is wide open // however keep this stuff for other APIs :D if ($access !== null) { $reply->data = $access; } } else { if (empty($id) === false) { $access = Access::getAccessByAccessName($pdo, $accessName); if ($access !== null) { $reply->data = $reply; } } else { $accessors = Access::getAllAccess($pdo); if ($accessors !== null) { $reply->data = $accessors; } } } //if the session belongs to an admin, allow post, put and delete methods if (Access::isAdminLoggedIn() === true) { if ($method === "PUT" || $method === "POST") { verifyXsrf(); $requestContent = file_get_contents("php://input");