Skip to content
Permalink
Browse files

Add onlyAllow() to CakeRequest, to check if the request method matche…

…s the allowed ones.

Throws exception if not matched, using the required Allow response header.
  • Loading branch information...
ceeram committed Aug 9, 2012
1 parent d4986b5 commit d730acba59156884f7a04428dbe3ce956ea7d337
Showing with 66 additions and 0 deletions.
  1. +32 −0 lib/Cake/Network/CakeRequest.php
  2. +34 −0 lib/Cake/Test/Case/Network/CakeRequestTest.php
@@ -803,6 +803,38 @@ public function input($callback = null) {
return $input;
}
/**
* Only allow certain HTTP request methods, if the request method does not match
* a 405 error will be shown and the required "Allow" response header will be set.
*
* Example:
*
* $this->request->onlyAllow('post', 'delete');
* or
* $this->request->onlyAllow(array('post', 'delete'));
*
* If the request would be GET, response header "Allow: POST, DELETE" will be set
* and a 405 error will be returned
*
* @param string|array $methods Allowed HTTP request methods
* @return boolean true
* @throws MethodNotAllowedException
*/
public function onlyAllow($methods) {
if (!is_array($methods)) {
$methods = func_get_args();
}
foreach ($methods as $method) {
if ($this->is($method)) {
return true;
}
}
$allowed = strtoupper(implode(', ', $methods));
$e = new MethodNotAllowedException();
$e->responseHeader('Allow', $allowed);
throw $e;
}
/**
* Read data from php://input, mocked in tests.
*
@@ -1857,6 +1857,40 @@ public function testIsRequested() {
$this->assertFalse($request->isRequested());
}
/**
* TestOnlyAllow
*
* @return void
*/
public function testOnlyAllow() {
$_SERVER['REQUEST_METHOD'] = 'PUT';
$request = new CakeRequest('/posts/edit/1');
$this->assertTrue($request->onlyAllow(array('put')));
$_SERVER['REQUEST_METHOD'] = 'DELETE';
$this->assertTrue($request->onlyAllow('post', 'delete'));
}
/**
* TestOnlyAllow throwing exception
*
*/
public function testOnlyAllowException() {
$_SERVER['REQUEST_METHOD'] = 'PUT';
$request = new CakeRequest('/posts/edit/1');
try {
$request->onlyAllow('POST', 'DELETE');
$this->fail('An expected exception has not been raised.');
} catch (MethodNotAllowedException $e) {
$this->assertEquals(array('Allow' => 'POST, DELETE'), $e->responseHeader());
}
$this->setExpectedException('MethodNotAllowedException');
$request->onlyAllow('POST');
}
/**
* loadEnvironment method
*

0 comments on commit d730acb

Please sign in to comment.
You can’t perform that action at this time.