Updating entity doesn't filters data aginst whitelist #286

Closed
melkorm opened this Issue Jan 20, 2012 · 3 comments

Comments

Projects
None yet
4 participants
@melkorm

melkorm commented Jan 20, 2012

It looks like that locking the $_meta tag works for create, but not for save. All tests pass but the last one - so this may be a bug! (edited by daschl)

Here's a syntax highlighted version: http://pastium.org/view/7efba4e90f0ba228ccad377204ae93d6

Model file:

namespace app\models;

use lithium\data\Model;

class Questions extends Model

{

protected $_schema = array(

    'title' => array('type' => 'string', 'null' => false),

    'content' => array('type' => 'string', 'null' => false),

    'views' => array('type' => 'integer', 'null' => false),

    'score' => array('type' => 'integer', 'null' => false),

    'answers' => array('type' => 'integer', 'null' => false),

    'status' => array('type' => 'integer', 'null' => false),

    'edited' => array('type' => 'timestamp', 'null' => false),

);



protected $_meta = array(

    'locked' => true

);



}

test file:

namespace app\tests\cases\models;
use app\models\Questions;
use lithium\core\Environment;
class QuestionsTest extends \lithium\test\Unit {

private $_correctQuestionData = array(

    'title' => 'My titttle',

    'content' => 'some questions content ...',

    'views' => 12,

    'score' => 456,

    'answers' => 45,

    'status' => 1,

    'edited' => 1321920000,

);



/**

 * @var array

 */

private $_incorrectQuestionData = array(

    'someDataWhichSHouldntPass' => 'I shouldnt ever pass'

);



public function setUp() {

    Questions::remove();

}



public function tearDown() {

    Questions::remove();

}



public function test_Save_With_Cortrect_Data()

{

    $question = Questions::create($this->_correctQuestionData);

    $result = $question->save();

    $this->assertTrue($result);

}



public function test_Save_With_Incorrect_Data()

{

    $this->expectException(true);

    $question = Questions::create();

    $result = $question->save($this->_incorrectQuestionData);

}



/**

 * @param array $data

 * @return \lithium\data\entity\Document

 */

private function _createNewQuestion( Array $data )

{

    $question = Questions::create($data);

    $question->save();

    return $question;

}



public function test_Edit_With_Correct_Data()

{

    $questionDocument = $this->_createNewQuestion($this->_correctQuestionData);

    $expectedData = array(

        '_id' => $questionDocument->_id->__toString(),

        'title' => 'My edited  titttle',

        'content' => 'nah no content at all',

        'views' => 0,

        'score' => 1,

        'answers' => 4,

        'status' => 0,

        'edited' => strtotime('2012-11-22'),

    );

    $questionDocument->save($expectedData);

    $this->assertEqual($expectedData, $questionDocument->to('array'));

}



public function test_Edit_With_InCorrect_Data()

{

    $questionDocument = $this->_createNewQuestion($this->_correctQuestionData);

    $questionDocument->save($this->_incorrectQuestionData);

    $this->assertEqual($this->_correctQuestionData, $questionDocument->to('array'));

}
 }
@nateabele

This comment has been minimized.

Show comment
Hide comment
@nateabele

nateabele Jan 20, 2012

Member

@daschl If you can help here, this should probably be a test against the Query class, which does the actual whitelisting.

Member

nateabele commented Jan 20, 2012

@daschl If you can help here, this should probably be a test against the Query class, which does the actual whitelisting.

@daschl

This comment has been minimized.

Show comment
Hide comment
@daschl

daschl Jan 20, 2012

Contributor

Oh I thought this is a schema / model thing.. Alright, I'll look into it!

Contributor

daschl commented Jan 20, 2012

Oh I thought this is a schema / model thing.. Alright, I'll look into it!

@ghost ghost assigned daschl Jan 20, 2012

mariuswilms added a commit that referenced this issue Jan 10, 2014

@mariuswilms

This comment has been minimized.

Show comment
Hide comment
@mariuswilms

mariuswilms Jan 10, 2014

Member

067294b shows that this issue has either been fixed in the meantime or disproves it. Please reopen the issue if the problem persists with the latest li3. Thanks for reporting and the patience, @devbrothers :)

Member

mariuswilms commented Jan 10, 2014

067294b shows that this issue has either been fixed in the meantime or disproves it. Please reopen the issue if the problem persists with the latest li3. Thanks for reporting and the patience, @devbrothers :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment