[Jifty-commit] r6562 - in jifty/trunk: . lib/Jifty/Plugin/REST t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST
Jifty commits
jifty-commit at lists.jifty.org
Fri Mar 6 16:54:34 EST 2009
Author: alexmv
Date: Fri Mar 6 16:54:33 2009
New Revision: 6562
Modified:
jifty/trunk/ (props changed)
jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm
jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t
Log:
r43041 at kohr-ah: chmrr | 2009-03-06 16:53:50 -0500
* POST'ing to a model with a denied CreateModel should 403
Modified: jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm (original)
+++ jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm Fri Mar 6 16:54:33 2009
@@ -376,26 +376,25 @@
return dl( map {dt($_), dd($hash{$_}) } keys %hash )
}
-=head2 action ACTION
+=head2 action ACTION, [CODE]
-Canonicalizes ACTION into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns 404 if it can't work its magic
+Canonicalizes ACTION into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns CODE (defaulting to 404) if it can't work its magic
=cut
-sub action { _resolve($_[0], 'Jifty::Action', Jifty->api->visible_actions) }
+sub action { _resolve($_[0], 'Jifty::Action', [Jifty->api->visible_actions], $_[1]) }
=head2 model MODEL
-Canonicalizes MODEL into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns 404 if it can't work its magic
+Canonicalizes MODEL into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns CODE (defaulting to 404) if it can't work its magic
=cut
-sub model { _resolve($_[0], 'Jifty::Record', grep {not $_->is_private} Jifty->class_loader->models) }
+sub model { _resolve($_[0], 'Jifty::Record', [grep {not $_->is_private} Jifty->class_loader->models], $_[1]) }
sub _resolve {
- my $name = shift;
- my $base = shift;
+ my($name, $base, $classes, $code) = @_;
# we display actions as "AppName.Action.Foo", so we want to convert those
# heathen names to be Perl-style
@@ -403,11 +402,11 @@
my $re = qr/(?:^|::)\Q$name\E$/i;
- foreach my $cls (@_) {
+ foreach my $cls (@{$classes || []}) {
return $cls if $cls =~ $re && $cls->isa($base);
}
- abort(404);
+ abort($code || 404);
}
@@ -735,6 +734,9 @@
$class =~ s/^[\w\.]+\.//;
+ # 403 unless the action exists
+ my $action = action( $prefix . $class, 403 );
+
if ( defined $column and defined $key ) {
Jifty->web->request->argument( $column => $key );
Jifty->web->request->argument( 'id' => $rec->id )
@@ -766,7 +768,7 @@
}
Jifty->web->request->request_method('POST');
- dispatch '/=/action/' . action( $prefix . $class );
+ dispatch "/=/action/$action";
}
=head2 list_actions
@@ -800,7 +802,7 @@
);
sub list_action_params {
- my ($class) = action($1) or abort(404);
+ my ($class) = action($1);
Jifty::Util->require($class) or abort(404);
my $action = $class->new or abort(404);
@@ -827,7 +829,7 @@
=cut
sub show_action_form {
- my ($action) = action(shift) or abort(404);
+ my ($action) = action(shift);
Jifty::Util->require($action) or abort(404);
$action = $action->new or abort(404);
@@ -868,7 +870,7 @@
=cut
sub run_action {
- my ($action_name) = action($1) or abort(404);
+ my ($action_name) = action($1);
Jifty::Util->require($action_name) or abort(404);
my $args = Jifty->web->request->arguments;
Modified: jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm (original)
+++ jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm Fri Mar 6 16:54:33 2009
@@ -2,6 +2,7 @@
use Jifty::Dispatcher -base;
before '*' => run {
+ Jifty->api->hide('CreateGroup');
Jifty->api->allow('DoSomething');
};
Modified: jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t (original)
+++ jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t Fri Mar 6 16:54:33 2009
@@ -77,6 +77,13 @@
# on PUT '/=/model/*/*/*' => \&replace_item;
# on DELETE '/=/model/*/*/*' => \&delete_item;
+# on POST '/=/model/*' => \&create_item;
+$mech->post( $URL . '/=/model/User', { name => "moose", email => 'moose at example.com' } );
+is($mech->status, 200, "create via POST to model worked");
+
+$mech->post( $URL . '/=/model/Group', { } );
+is($mech->status, 403, "create via POST to model with disallowed create action failed with 403");
+
# on GET '/=/search/*/**' => \&search_items;
$mech->get_ok('/=/search/user/id/1.yml');
my $content = get_content();
@@ -101,7 +108,6 @@
# on GET '/=/action' => \&list_actions;
my @actions = qw(
- TestApp.Plugin.REST.Action.CreateGroup
TestApp.Plugin.REST.Action.UpdateGroup
TestApp.Plugin.REST.Action.DeleteGroup
TestApp.Plugin.REST.Action.SearchGroup
More information about the Jifty-commit
mailing list