Fixed check on partial and search allowed fields.

cmoore4 · Jul 20, 2013 · 3663cad · 3663cad
1 parent 5c4e135
commit 3663cad
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/controllers/ExampleController.php b/controllers/ExampleController.php
@@ -4,6 +4,16 @@
 
 class ExampleController extends RESTController{
 
+ /**
+ * Sets which fields may be searched against, and which fields are allowed to be returned in
+ * partial responses. 
+ * @var array
+ */
+ protected $allowedFields = array(
+ 'search' => array('name', 'prince_name'),
+ 'partials' => array('name', 'location', 'prince_name', 'popular')
+ );
+
  private $exampleRecords = array(
  array('id' => 1, 'name' => 'Ariel', 'location' => 'Under The Sea', 'prince_name' => 'Eric', 'popular' => 'false'),
  array('id' => 2, 'name' => 'Snow White', 'location' => 'Forest', 'prince_name' => 'The Prince', 'popular' => 'true'),

diff --git a/controllers/RESTController.php b/controllers/RESTController.php
@@ -146,7 +146,7 @@ protected function parseRequest($allowedFields){
  $this->searchFields = $this->parseSearchParameters($searchParams);
 
  // This handly snippet determines if searchFields is a strict subset of allowedFields['search']
- if(!array_unique($allowedFields['search'] + $this->searchFields) === $allowedFields['search']){
+ if(array_diff(array_keys($this->searchFields), $this->allowedFields['search'])){
  throw new HTTPException(
  "The fields you specified cannot be searched.", 
  401,
@@ -165,7 +165,7 @@ protected function parseRequest($allowedFields){
  $this->partialFields = $this->parsePartialFields($fields);
 
  // Determines if fields is a strict subset of allowed fields
- if(!array_unique($allowedFields['partials'] + $this->partialFields) === $allowedFields['partials']){
+ if(array_diff($this->partialFields, $this->allowedFields['partials'])){
  throw new HTTPException(
  "The fields you asked for cannot be returned.", 
  401,