Adding Entity::accessible to be used to mass assignment control

cakephp · Dec 19, 2013 · 995a6b4 · 995a6b4
1 parent 411093e
commit 995a6b4
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 0 deletions.
diff --git a/Cake/ORM/Entity.php b/Cake/ORM/Entity.php
@@ -87,6 +87,14 @@ class Entity implements \ArrayAccess, \JsonSerializable {
  */
 	protected $_errors = [];
 
+/**
+ * List of properties in this entity that can be set safely
+ * an empty array means "all"
+ *
+ * @var array
+ */
+	protected $_accessible = [];
+
 /**
  * Initializes the internal properties of this entity out of the
  * keys in an array
@@ -230,6 +238,7 @@ public function set($property, $value = true, $useSetters = true) {
 			}
 			$this->_properties[$p] = $value;
 		}
+
 		return $this;
 	}
 
@@ -584,4 +593,25 @@ public function errors($field = null, $errors = null) {
 		return $this;
 	}
 
+	public function accessible($property, $set = null) {
+		if ($set === null && empty($this->_accessible)) {
+			return true;
+		}
+
+		if ($set === null) {
+			return !isset($this->_accessible[$property]) || $this->_accessible[$property];
+		}
+
+		if ($property === '*') {
+			$this->_accessible = [];
+			return $this;
+		}
+
+		foreach ((array)$property as $prop) {
+			$this->_accessible[$prop] = (bool)$set;
+		}
+
+		return $this;
+	}
+
 }
diff --git a/Cake/Test/TestCase/ORM/EntityTest.php b/Cake/Test/TestCase/ORM/EntityTest.php
@@ -787,4 +787,54 @@ public function testCleanRemovesErrors() {
 		$this->assertEmpty($entity->errors());
 	}
 
+/**
+ * Tests accessible() method as a getter and setter
+ *
+ * @return void
+ */
+	public function testAccessible() {
+		$entity = new Entity;
+		$this->assertTrue($entity->accessible('foo'));
+		$this->assertTrue($entity->accessible('bar'));
+
+		$this->assertSame($entity, $entity->accessible('foo', false));
+		$this->assertFalse($entity->accessible('foo'));
+		$this->assertTrue($entity->accessible('bar'));
+
+		$this->assertSame($entity, $entity->accessible('bar', false));
+		$this->assertFalse($entity->accessible('foo'));
+		$this->assertFalse($entity->accessible('bar'));
+
+		$this->assertSame($entity, $entity->accessible('foo', true));
+		$this->assertTrue($entity->accessible('foo'));
+		$this->assertFalse($entity->accessible('bar'));
+
+		$this->assertSame($entity, $entity->accessible('bar', true));
+		$this->assertTrue($entity->accessible('foo'));
+		$this->assertTrue($entity->accessible('bar'));
+	}
+
+/**
+ * Tests that an array can be used to set
+ *
+ * @return void
+ */
+	public function testAccessibleAsArray() {
+		$entity = new Entity;
+		$entity->accessible(['foo', 'bar', 'baz'], false);
+		$this->assertFalse($entity->accessible('foo'));
+		$this->assertFalse($entity->accessible('bar'));
+		$this->assertFalse($entity->accessible('baz'));
+
+		$entity->accessible('foo', true);
+		$this->assertTrue($entity->accessible('foo'));
+		$this->assertFalse($entity->accessible('bar'));
+		$this->assertFalse($entity->accessible('baz'));
+
+		$entity->accessible(['foo', 'bar', 'baz'], true);
+		$this->assertTrue($entity->accessible('foo'));
+		$this->assertTrue($entity->accessible('bar'));
+		$this->assertTrue($entity->accessible('baz'));
+	}
+
 }