I believe there might be a bug in the DataObject class:
public static $allowed_actions = null;
Shouldn't this be:
private static $allowed_actions = null;
As per the documentation:
Even if the documentation was referring to the subclass, the subclass can't have a private static $allowed_access because the DataObject class defines the property as public.
Also, I'd like to question whether $allowed_actions should even be in this class or not. Could some clarification be provided. I also think making this property private will have a knock on effect downstream so that will need to be looked into also.
It probably should not be, given the reference is to the restful API (which is a separate module https://github.com/silverstripe/silverstripe-restfulserver).
I would opt to remove it from DataObject completely.
The $allowed_actions is also used in controllers.
Would this have any impact on restfulserver if removed from framework?
There's not really any difference between a null config and not having a value at all, is there?
So the resolve would be to remove this, maybe run the restfulserver module tests to be sure and then do a pull request? @MatthewBonner perhaps you might like to claim this one? ;)
I've had a chance to look and agree removing it would be the best option. Can someone point me in the right direction for how to commit a change against this issue as I use Bitbucket not Github so not sure if there are any differences.
@MatthewBonner There’s some documentation on it here :)
Removed DataObject::$allowed_actions as per "DataObject $allowed_acti…
…ons property is public not private in version 3+ - Issue #3200"
Closed via 1868307