Skip to content

Loading…

Updating entity doesn't filters data aginst whitelist #286

Closed
melkorm opened this Issue · 3 comments

4 participants

@melkorm

It looks like that locking the $_meta tag works for create, but not for save. All tests pass but the last one - so this may be a bug! (edited by daschl)

Here's a syntax highlighted version: http://pastium.org/view/7efba4e90f0ba228ccad377204ae93d6

Model file:

namespace app\models;

use lithium\data\Model;

class Questions extends Model

{

protected $_schema = array(

    'title' => array('type' => 'string', 'null' => false),

    'content' => array('type' => 'string', 'null' => false),

    'views' => array('type' => 'integer', 'null' => false),

    'score' => array('type' => 'integer', 'null' => false),

    'answers' => array('type' => 'integer', 'null' => false),

    'status' => array('type' => 'integer', 'null' => false),

    'edited' => array('type' => 'timestamp', 'null' => false),

);



protected $_meta = array(

    'locked' => true

);



}

test file:

namespace app\tests\cases\models;
use app\models\Questions;
use lithium\core\Environment;
class QuestionsTest extends \lithium\test\Unit {

private $_correctQuestionData = array(

    'title' => 'My titttle',

    'content' => 'some questions content ...',

    'views' => 12,

    'score' => 456,

    'answers' => 45,

    'status' => 1,

    'edited' => 1321920000,

);



/**

 * @var array

 */

private $_incorrectQuestionData = array(

    'someDataWhichSHouldntPass' => 'I shouldnt ever pass'

);



public function setUp() {

    Questions::remove();

}



public function tearDown() {

    Questions::remove();

}



public function test_Save_With_Cortrect_Data()

{

    $question = Questions::create($this->_correctQuestionData);

    $result = $question->save();

    $this->assertTrue($result);

}



public function test_Save_With_Incorrect_Data()

{

    $this->expectException(true);

    $question = Questions::create();

    $result = $question->save($this->_incorrectQuestionData);

}



/**

 * @param array $data

 * @return \lithium\data\entity\Document

 */

private function _createNewQuestion( Array $data )

{

    $question = Questions::create($data);

    $question->save();

    return $question;

}



public function test_Edit_With_Correct_Data()

{

    $questionDocument = $this->_createNewQuestion($this->_correctQuestionData);

    $expectedData = array(

        '_id' => $questionDocument->_id->__toString(),

        'title' => 'My edited  titttle',

        'content' => 'nah no content at all',

        'views' => 0,

        'score' => 1,

        'answers' => 4,

        'status' => 0,

        'edited' => strtotime('2012-11-22'),

    );

    $questionDocument->save($expectedData);

    $this->assertEqual($expectedData, $questionDocument->to('array'));

}



public function test_Edit_With_InCorrect_Data()

{

    $questionDocument = $this->_createNewQuestion($this->_correctQuestionData);

    $questionDocument->save($this->_incorrectQuestionData);

    $this->assertEqual($this->_correctQuestionData, $questionDocument->to('array'));

}
 }
@nateabele
Union of RAD member

@daschl If you can help here, this should probably be a test against the Query class, which does the actual whitelisting.

@daschl
Union of RAD member

Oh I thought this is a schema / model thing.. Alright, I'll look into it!

@daschl daschl was assigned
@davidpersson davidpersson added a commit that referenced this issue
@davidpersson davidpersson Adding test for whitelisting when locked in model/query.
Shows that #286 has been solved already.
067294b
@davidpersson
Union of RAD member

067294b shows that this issue has either been fixed in the meantime or disproves it. Please reopen the issue if the problem persists with the latest li3. Thanks for reporting and the patience, @devbrothers :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.