RestfulServerTest::testApiAccess() - Code Metrics - Inspection of "Merge pull request #26 from helpfulrobot/convert-t..." - silverstripe/silverstripe-restfulserver - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 78374e...90de9c )

by Daniel

created 2015-11-24 14:14 UTC

RestfulServerTest::testApiAccess() A

↳ Parent: RestfulServerTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	21
Code Lines	13

Duplication

Lines	20
Ratio	95.24 %

Metric	Value
dl	20
loc	21
rs	9.3143
cc	1
eloc	13
nc	1
nop	0

<?php
/**
 * 
 * @todo Test Relation getters
 * @todo Test filter and limit through GET params
 * @todo Test DELETE verb
 *
 */
class RestfulServerTest extends SapphireTest
namespace YourVendor;

class YourClass { }
{
    public static $fixture_file = 'RestfulServerTest.yml';

    protected $extraDataObjects = array(
        'RestfulServerTest_Comment',
        'RestfulServerTest_SecretThing',
        'RestfulServerTest_Page',
        'RestfulServerTest_Author',
        'RestfulServerTest_AuthorRating',
    );

    public function testApiAccess()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        $page1 = $this->objFromFixture('RestfulServerTest_Page', 'page1');
        
        // normal GET should succeed with $api_access enabled
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'user';
        
        // even with logged in user a GET with $api_access disabled should fail
        $url = "/api/v1/RestfulServerTest_Page/" . $page1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 401);

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testApiAccessBoolean()
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertContains('<ID>', $response->getBody());
        $this->assertContains('<Name>', $response->getBody());
        $this->assertContains('<Comment>', $response->getBody());
        $this->assertContains('<Page', $response->getBody());
        $this->assertContains('<Author', $response->getBody());
    }
    
    public function testAuthenticatedGET()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $thing1 = $this->objFromFixture('RestfulServerTest_SecretThing', 'thing1');
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');

        // @todo create additional mock object with authenticated VIEW permissions
        $url = "/api/v1/RestfulServerTest_SecretThing/" . $thing1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 401);

        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'user';
        
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testAuthenticatedPUT()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $data = array('Comment' => 'created');
        
        $response = Director::test($url, $data, null, 'PUT');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 401); // Permission failure


        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
        $response = Director::test($url, $data, null, 'PUT');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Success


        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testGETRelationshipsXML()
    {
        $author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
        $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
        $rating2 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating2');
        
        // @todo should be set up by fixtures, doesn't work for some reason...
        $author1->Ratings()->add($rating1);
        $author1->Ratings()->add($rating2);
        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

    
        $responseArr = Convert::xml2array($response->getBody());
        $ratingsArr = $responseArr['Ratings']['RestfulServerTest_AuthorRating'];
        $this->assertEquals(count($ratingsArr), 2);

        $ratingIDs = array(
            (int)$ratingsArr[0]['@attributes']['id'],
            (int)$ratingsArr[1]['@attributes']['id']
        );
        $this->assertContains($rating1->ID, $ratingIDs);
        $this->assertContains($rating2->ID, $ratingIDs);
    }
    
    public function testGETManyManyRelationshipsXML()
    {
        // author4 has related authors author2 and author3
        $author2 = $this->objFromFixture('RestfulServerTest_Author', 'author2');
        $author3 = $this->objFromFixture('RestfulServerTest_Author', 'author3');
        $author4 = $this->objFromFixture('RestfulServerTest_Author', 'author4');
        
        $url = "/api/v1/RestfulServerTest_Author/" . $author4->ID . '/RelatedAuthors';
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals(200, $response->getStatusCode());

        $arr = Convert::xml2array($response->getBody());
        $authorsArr = $arr['RestfulServerTest_Author'];
        
        $this->assertEquals(count($authorsArr), 2);

        $ratingIDs = array(
            (int)$authorsArr[0]['ID'],
            (int)$authorsArr[1]['ID']
        );
        $this->assertContains($author2->ID, $ratingIDs);
        $this->assertContains($author3->ID, $ratingIDs);
    }

    public function testPUTWithFormEncoded()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
    
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $body = 'Name=Updated Comment&Comment=updated';
        $headers = array(
            'Content-Type' => 'application/x-www-form-urlencoded'
        );
        $response = Director::test($url, null, null, 'PUT', $body, $headers);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Success

        // Assumption: XML is default output
        $responseArr = Convert::xml2array($response->getBody());
        $this->assertEquals($responseArr['ID'], $comment1->ID);

        $this->assertEquals($responseArr['Comment'], 'updated');

        $this->assertEquals($responseArr['Name'], 'Updated Comment');

    
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testPOSTWithFormEncoded()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
    
        $url = "/api/v1/RestfulServerTest_Comment";
        $body = 'Name=New Comment&Comment=created';
        $headers = array(
            'Content-Type' => 'application/x-www-form-urlencoded'
        );
        $response = Director::test($url, null, null, 'POST', $body, $headers);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 201); // Created

        // Assumption: XML is default output
        $responseArr = Convert::xml2array($response->getBody());
        $this->assertTrue($responseArr['ID'] > 0);

        $this->assertNotEquals($responseArr['ID'], $comment1->ID);

        $this->assertEquals($responseArr['Comment'], 'created');

        $this->assertEquals($responseArr['Name'], 'New Comment');

        $this->assertEquals(

            $response->getHeader('Location'),
            Controller::join_links(Director::absoluteBaseURL(), $url, $responseArr['ID'])
        );
    
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testPUTwithJSON()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
        
        // by mimetype
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $body = '{"Comment":"updated"}';
        $response = Director::test($url, null, null, 'PUT', $body, array('Content-Type'=>'application/json'));
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Updated

        $obj = Convert::json2obj($response->getBody());
        $this->assertEquals($obj->ID, $comment1->ID);

        $this->assertEquals($obj->Comment, 'updated');

    
        // by extension
        $url = sprintf("/api/v1/RestfulServerTest_Comment/%d.json", $comment1->ID);
        $body = '{"Comment":"updated"}';
        $response = Director::test($url, null, null, 'PUT', $body);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Updated

        $this->assertEquals(

            $response->getHeader('Location'),
            Controller::join_links(Director::absoluteBaseURL(), $url)
        );
        $obj = Convert::json2obj($response->getBody());
        $this->assertEquals($obj->ID, $comment1->ID);

        $this->assertEquals($obj->Comment, 'updated');

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testPUTwithXML()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
        
        // by mimetype
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $body = '<RestfulServerTest_Comment><Comment>updated</Comment></RestfulServerTest_Comment>';
        $response = Director::test($url, null, null, 'PUT', $body, array('Content-Type'=>'text/xml'));
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Updated

        $obj = Convert::xml2array($response->getBody());
        $this->assertEquals($obj['ID'], $comment1->ID);

        $this->assertEquals($obj['Comment'], 'updated');

    
        // by extension
        $url = sprintf("/api/v1/RestfulServerTest_Comment/%d.xml", $comment1->ID);
        $body = '<RestfulServerTest_Comment><Comment>updated</Comment></RestfulServerTest_Comment>';
        $response = Director::test($url, null, null, 'PUT', $body);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Updated

        $this->assertEquals(

            $response->getHeader('Location'),
            Controller::join_links(Director::absoluteBaseURL(), $url)
        );
        $obj = Convert::xml2array($response->getBody());
        $this->assertEquals($obj['ID'], $comment1->ID);

        $this->assertEquals($obj['Comment'], 'updated');

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
        
    public function testHTTPAcceptAndContentType()
    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        
        $headers = array('Accept' => 'application/json');
        $response = Director::test($url, null, null, 'GET', null, $headers);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200); // Success

        $obj = Convert::json2obj($response->getBody());
        $this->assertEquals($obj->ID, $comment1->ID);

        $this->assertEquals($response->getHeader('Content-Type'), 'application/json');

    }
    
    public function testNotFound()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'user';
        
        $url = "/api/v1/RestfulServerTest_Comment/99";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 404);

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testMethodNotAllowed()

    {
        $comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
        
        $url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
        $response = Director::test($url, null, null, 'UNKNOWNHTTPMETHOD');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 405);

    }
    
    public function testConflictOnExistingResourceWhenUsingPost()

    {
        $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
        $response = Director::test($url, null, null, 'POST');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 409);

    }
    
    public function testUnsupportedMediaType()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'user';
    
        $url = "/api/v1/RestfulServerTest_Comment";
        $data = "Comment||\/||updated"; // weird format
        $headers = array('Content-Type' => 'text/weirdformat');
        $response = Director::test($url, null, null, 'POST', $data, $headers);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 415);

        
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
    
    public function testXMLValueFormatting()
    {
        $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertContains('<ID>' . $rating1->ID . '</ID>', $response->getBody());
        $this->assertContains('<Rating>' . $rating1->Rating . '</Rating>', $response->getBody());
    }
    
    public function testApiAccessFieldRestrictions()
    {
        $author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
        $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertContains('<ID>', $response->getBody());
        $this->assertContains('<Rating>', $response->getBody());
        $this->assertContains('<Author', $response->getBody());
        $this->assertNotContains('<SecretField>', $response->getBody());
        $this->assertNotContains('<SecretRelation>', $response->getBody());
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID . '?add_fields=SecretField,SecretRelation';
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertNotContains('<SecretField>', $response->getBody(),
            '"add_fields" URL parameter filters out disallowed fields from $api_access'
        );
        $this->assertNotContains('<SecretRelation>', $response->getBody(),
            '"add_fields" URL parameter filters out disallowed relations from $api_access'
        );
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID . '?fields=SecretField,SecretRelation';
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertNotContains('<SecretField>', $response->getBody(),
            '"fields" URL parameter filters out disallowed fields from $api_access'
        );
        $this->assertNotContains('<SecretRelation>', $response->getBody(),
            '"fields" URL parameter filters out disallowed relations from $api_access'
        );
        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . '/Ratings';
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertContains('<Rating>', $response->getBody(),
            'Relation viewer shows fields allowed through $api_access'
        );
        $this->assertNotContains('<SecretField>', $response->getBody(),
            'Relation viewer on has-many filters out disallowed fields from $api_access'
        );
    }
    
    public function testApiAccessRelationRestrictionsInline()
    {
        $author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID;
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertNotContains('<RelatedPages', $response->getBody(), 'Restricts many-many with api_access=false');
        $this->assertNotContains('<PublishedPages', $response->getBody(), 'Restricts has-many with api_access=false');
    }
    
    public function testApiAccessRelationRestrictionsOnEndpoint()
    {
        $author1 = $this->objFromFixture('RestfulServerTest_Author', 'author1');
        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . "/ProfilePage";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals(404, $response->getStatusCode(), 'Restricts has-one with api_access=false');

        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . "/RelatedPages";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals(404, $response->getStatusCode(), 'Restricts many-many with api_access=false');

        
        $url = "/api/v1/RestfulServerTest_Author/" . $author1->ID . "/PublishedPages";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals(404, $response->getStatusCode(), 'Restricts has-many with api_access=false');

    }
    
    public function testApiAccessWithPUT()
    {
        $rating1 = $this->objFromFixture('RestfulServerTest_AuthorRating', 'rating1');
        
        $url = "/api/v1/RestfulServerTest_AuthorRating/" . $rating1->ID;
        $data = array(
            'Rating' => '42',
            'WriteProtectedField' => 'haxx0red'
        );
        $response = Director::test($url, $data, null, 'PUT');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        // Assumption: XML is default output
        $responseArr = Convert::xml2array($response->getBody());
        $this->assertEquals($responseArr['Rating'], 42);

        $this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');

    }

    public function testJSONDataFormatter()
    {
        $formatter = new JSONDataFormatter();
        $editor = $this->objFromFixture('Member', 'editor');
        $user = $this->objFromFixture('Member', 'user');

        $this->assertEquals(

            $formatter->convertDataObject($editor, array("FirstName", "Email")),
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
            '{"FirstName":"Editor","Email":"[email protected]"}',
            "Correct JSON formatting with field subset");

        $set = DataObject::get(
            "Member",
            sprintf('"Member"."ID" IN (%s)', implode(',', array($editor->ID, $user->ID))),
            '"Email" ASC' // for sorting for postgres
        );
        $this->assertEquals(

            $formatter->convertDataObjectSet($set, array("FirstName", "Email")),
            '{"totalSize":null,"items":[{"FirstName":"Editor","Email":"[email protected]"},' .
            '{"FirstName":"User","Email":"[email protected]"}]}',
            "Correct JSON formatting on a dataobjectset with field filter");
    }
    
    public function testApiAccessWithPOST()
    {
        $url = "/api/v1/RestfulServerTest_AuthorRating";
        $data = array(
            'Rating' => '42',
            'WriteProtectedField' => 'haxx0red'
        );
        $response = Director::test($url, $data, null, 'POST');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        // Assumption: XML is default output
        $responseArr = Convert::xml2array($response->getBody());
        $this->assertEquals($responseArr['Rating'], 42);

        $this->assertNotEquals($responseArr['WriteProtectedField'], 'haxx0red');

    }

    public function testCanViewRespectedInList()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        // Default content type
        $url = "/api/v1/RestfulServerTest_SecretThing/";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

        $this->assertNotContains('Unspeakable', $response->getBody());

        // JSON content type
        $url = "/api/v1/RestfulServerTest_SecretThing.json";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

        $this->assertNotContains('Unspeakable', $response->getBody());

        // With authentication
        $_SERVER['PHP_AUTH_USER'] = '[email protected]';
        $_SERVER['PHP_AUTH_PW'] = 'editor';
        $url = "/api/v1/RestfulServerTest_SecretThing/";
        $response = Director::test($url, null, null, 'GET');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        $this->assertEquals($response->getStatusCode(), 200);

        $this->assertContains('Unspeakable', $response->getBody());
        unset($_SERVER['PHP_AUTH_USER']);
        unset($_SERVER['PHP_AUTH_PW']);
    }
}

/**
 * Everybody can view comments, logged in members in the "users" group can create comments,
 * but only "editors" can edit or delete them.
 *
 */
class RestfulServerTest_Comment extends DataObject implements PermissionProvider,TestOnly
namespace YourVendor;

class YourClass { }
{
    public static $api_access = true;
    
    public static $db = array(
        "Name" => "Varchar(255)",
        "Comment" => "Text"
    );
    
    public static $has_one = array(
        'Page' => 'RestfulServerTest_Page',
        'Author' => 'RestfulServerTest_Author',
    );
    
    public function providePermissions()
    {
        return array(
            'EDIT_Comment' => 'Edit Comment Objects',
            'CREATE_Comment' => 'Create Comment Objects',
            'DELETE_Comment' => 'Delete Comment Objects',
        );
    }
    
    public function canView($member = null)
    {
        return true;
    }
    
    public function canEdit($member = null)
    {
        return Permission::checkMember($member, 'EDIT_Comment');
    }
    
    public function canDelete($member = null)
    {
        return Permission::checkMember($member, 'DELETE_Comment');
    }
    
    public function canCreate($member = null)
    {
        return Permission::checkMember($member, 'CREATE_Comment');
    }
}

class RestfulServerTest_SecretThing extends DataObject implements TestOnly,PermissionProvider
namespace YourVendor;

class YourClass { }
{
    public static $api_access = true;
    
    public static $db = array(
        "Name" => "Varchar(255)",
    );
    
    public function canView($member = null)
    {
        return Permission::checkMember($member, 'VIEW_SecretThing');
    }
    
    public function providePermissions()
    {
        return array(
            'VIEW_SecretThing' => 'View Secret Things',
        );
    }
}

class RestfulServerTest_Page extends DataObject implements TestOnly
namespace YourVendor;

class YourClass { }
{
    public static $api_access = false;
    
    public static $db = array(
        'Title' => 'Text',
        'Content' => 'HTMLText',
    );
    
    public static $has_one = array(
        'Author' => 'RestfulServerTest_Author',
    );
    
    public static $has_many = array(
        'TestComments' => 'RestfulServerTest_Comment'
    );
    
    public static $belongs_many_many = array(
        'RelatedAuthors' => 'RestfulServerTest_Author',
    );
}

class RestfulServerTest_Author extends DataObject implements TestOnly
namespace YourVendor;

class YourClass { }
{
    public static $api_access = true;
    
    public static $db = array(
        'Name' => 'Text',
    );
        
    public static $many_many = array(
        'RelatedPages' => 'RestfulServerTest_Page',
        'RelatedAuthors' => 'RestfulServerTest_Author',
    );
    
    public static $has_many = array(
        'PublishedPages' => 'RestfulServerTest_Page',
        'Ratings' => 'RestfulServerTest_AuthorRating',
    );
    
    public function canView($member = null)
    {
        return true;
    }
}

class RestfulServerTest_AuthorRating extends DataObject implements TestOnly
namespace YourVendor;

class YourClass { }
{
    public static $api_access = array(
        'view' => array(
            'Rating',
            'WriteProtectedField',
            'Author'
        ),
        'edit' => array(
            'Rating'
        )
    );
    
    public static $db = array(
        'Rating' => 'Int',
        'SecretField' => 'Text',
        'WriteProtectedField' => 'Text',
    );
    
    public static $has_one = array(
        'Author' => 'RestfulServerTest_Author',
        'SecretRelation' => 'RestfulServerTest_Author',
    );
    
    public function canView($member = null)
    {
        return true;
    }
    
    public function canEdit($member = null)
    {
        return true;
    }
    
    public function canCreate($member = null)
    {
        return true;
    }
}


1		<?php
2		/**
3		*
4		* @todo Test Relation getters
5		* @todo Test filter and limit through GET params
6		* @todo Test DELETE verb
7		*
8		*/
9		class RestfulServerTest extends SapphireTest
		0 ignored issues – show Coding Style Compatibility introduced 2015-11-21 06:34 UTC by Report Bug Copy Issue Report PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
10		{
11		public static $fixture_file = 'RestfulServerTest.yml';
12
13		protected $extraDataObjects = array(
14		'RestfulServerTest_Comment',
15		'RestfulServerTest_SecretThing',
16		'RestfulServerTest_Page',
17		'RestfulServerTest_Author',
18		'RestfulServerTest_AuthorRating',
19		);
20
21	View Code Duplication	public function testApiAccess()
		0 ignored issues – show Duplication introduced 2015-11-21 06:34 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history... Coding Style introduced 2015-11-21 06:34 UTC by Report Bug Copy Issue Report `testApiAccess` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
22		{
23		$comment1 = $this->objFromFixture('RestfulServerTest_Comment', 'comment1');
24		$page1 = $this->objFromFixture('RestfulServerTest_Page', 'page1');
25
26		// normal GET should succeed with $api_access enabled
27		$url = "/api/v1/RestfulServerTest_Comment/" . $comment1->ID;
28		$response = Director::test($url, null, null, 'GET');
		0 ignored issues – show Documentation introduced 2015-11-24 14:18 UTC by Report Bug Copy Issue Report `null` is of type `null`, but the function expects a `object<Session>\|array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
29		$this->assertEquals($response->getStatusCode(), 200);
		0 ignored issues – show Bug introduced 2015-11-24 14:18 UTC by Report Bug Copy Issue Report The method `assertEquals()` does not seem to exist on `object<RestfulServerTest>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
30
31		$_SERVER['PHP_AUTH_USER'] = '[email protected]';
32		$_SERVER['PHP_AUTH_PW'] = 'user';
33
34		// even with logged in user a GET with $api_access disabled should fail
35		$url = "/api/v1/RestfulServerTest_Page/" . $page1->ID;
36		$response = Director::test($url, null, null, 'GET');

silverstripe / silverstripe-restfulserver

Push — master ( 78374e...90de9c )

RestfulServerTest::testApiAccess() A

Complexity

Size

Duplication

Duplication Side-by-Side

Filter issues like