[Jifty-commit] r6562 - in jifty/trunk: . lib/Jifty/Plugin/REST t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST

Jifty commits jifty-commit at lists.jifty.org
Fri Mar 6 16:54:34 EST 2009


Author: alexmv
Date: Fri Mar  6 16:54:33 2009
New Revision: 6562

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
   jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm
   jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t

Log:
 r43041 at kohr-ah:  chmrr | 2009-03-06 16:53:50 -0500
  * POST'ing to a model with a denied CreateModel should 403


Modified: jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	Fri Mar  6 16:54:33 2009
@@ -376,26 +376,25 @@
      return  dl( map {dt($_), dd($hash{$_}) } keys %hash )
 }
 
-=head2 action ACTION
+=head2 action ACTION, [CODE]
 
-Canonicalizes ACTION into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns 404 if it can't work its magic
+Canonicalizes ACTION into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns CODE (defaulting to 404) if it can't work its magic
 
 =cut
 
 
-sub action {  _resolve($_[0], 'Jifty::Action', Jifty->api->visible_actions) }
+sub action {  _resolve($_[0], 'Jifty::Action', [Jifty->api->visible_actions], $_[1]) }
 
 =head2 model MODEL
 
-Canonicalizes MODEL into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns 404 if it can't work its magic
+Canonicalizes MODEL into the form preferred by the code. (Cleans up casing, canonicalizing, etc. Returns CODE (defaulting to 404) if it can't work its magic
 
 =cut
 
-sub model  { _resolve($_[0], 'Jifty::Record', grep {not $_->is_private} Jifty->class_loader->models) }
+sub model  { _resolve($_[0], 'Jifty::Record', [grep {not $_->is_private} Jifty->class_loader->models], $_[1]) }
 
 sub _resolve {
-    my $name = shift;
-    my $base = shift;
+    my($name, $base, $classes, $code) = @_;
 
     # we display actions as "AppName.Action.Foo", so we want to convert those
     # heathen names to be Perl-style
@@ -403,11 +402,11 @@
 
     my $re = qr/(?:^|::)\Q$name\E$/i;
 
-    foreach my $cls (@_) {
+    foreach my $cls (@{$classes || []}) {
         return $cls if $cls =~ $re && $cls->isa($base);
     }
 
-    abort(404);
+    abort($code || 404);
 }
 
 
@@ -735,6 +734,9 @@
 
     $class =~ s/^[\w\.]+\.//;
 
+    # 403 unless the action exists
+    my $action = action( $prefix . $class, 403 );
+
     if ( defined $column and defined $key ) {
         Jifty->web->request->argument( $column => $key );
         Jifty->web->request->argument( 'id' => $rec->id )
@@ -766,7 +768,7 @@
     }
 
     Jifty->web->request->request_method('POST');
-    dispatch '/=/action/' . action( $prefix . $class );
+    dispatch "/=/action/$action";
 }
 
 =head2 list_actions
@@ -800,7 +802,7 @@
 );
 
 sub list_action_params {
-    my ($class) = action($1) or abort(404);
+    my ($class) = action($1);
     Jifty::Util->require($class) or abort(404);
     my $action = $class->new or abort(404);
 
@@ -827,7 +829,7 @@
 =cut
 
 sub show_action_form {
-    my ($action) = action(shift) or abort(404);
+    my ($action) = action(shift);
     Jifty::Util->require($action) or abort(404);
     $action = $action->new or abort(404);
 
@@ -868,7 +870,7 @@
 =cut
 
 sub run_action {
-    my ($action_name) = action($1) or abort(404);
+    my ($action_name) = action($1);
     Jifty::Util->require($action_name) or abort(404);
     
     my $args = Jifty->web->request->arguments;

Modified: jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm	(original)
+++ jifty/trunk/t/TestApp-Plugin-REST/lib/TestApp/Plugin/REST/Dispatcher.pm	Fri Mar  6 16:54:33 2009
@@ -2,6 +2,7 @@
 use Jifty::Dispatcher -base;
 
 before '*' => run {
+    Jifty->api->hide('CreateGroup');
     Jifty->api->allow('DoSomething');
 };
 

Modified: jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t
==============================================================================
--- jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t	(original)
+++ jifty/trunk/t/TestApp-Plugin-REST/t/02-basic-use.t	Fri Mar  6 16:54:33 2009
@@ -77,6 +77,13 @@
 # on PUT    '/=/model/*/*/*' => \&replace_item;
 # on DELETE '/=/model/*/*/*' => \&delete_item;
 
+# on POST   '/=/model/*'     => \&create_item;
+$mech->post( $URL . '/=/model/User', { name => "moose", email => 'moose at example.com' } );
+is($mech->status, 200, "create via POST to model worked");
+
+$mech->post( $URL . '/=/model/Group', { } );
+is($mech->status, 403, "create via POST to model with disallowed create action failed with 403");
+
 # on GET    '/=/search/*/**' => \&search_items;
 $mech->get_ok('/=/search/user/id/1.yml');
 my $content = get_content();
@@ -101,7 +108,6 @@
 # on GET    '/=/action'      => \&list_actions;
 
 my @actions = qw(
-                 TestApp.Plugin.REST.Action.CreateGroup
                  TestApp.Plugin.REST.Action.UpdateGroup
                  TestApp.Plugin.REST.Action.DeleteGroup
                  TestApp.Plugin.REST.Action.SearchGroup


More information about the Jifty-commit mailing list