mrpastewart/platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Bump to 2.0.0-rc.8 (patch remove all)

Browse source
This commit is contained in:
Tobe O 2019-04-20 15:04:59 -04:00
parent 5e1004f7a8
commit 3202329490
4 changed files with 20 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -1,3 +1,6 @@
# 2.0.0-rc.8
* Fix `MapService` flaw where clients could remove all records, even if `allowRemoveAll` were `false`.
# 2.0.0-rc.7 # 2.0.0-rc.7
* `AnonymousService` can override `readData`. * `AnonymousService` can override `readData`.
* `Service.map` now overrides `readData`. * `Service.map` now overrides `readData`.

16
lib/src/core/map_service.dart
View file

@ -145,12 +145,16 @@ class MapService extends Service<String, Map<String, dynamic>> {
@override @override
Future<Map<String, dynamic>> remove(String id, Future<Map<String, dynamic>> remove(String id,
[Map<String, dynamic> params]) { [Map<String, dynamic> params]) {
if (id == null || if (id == null || id == 'null') {
id == 'null' && // Remove everything...
(allowRemoveAll == true || if (!(allowRemoveAll == true ||
params?.containsKey('provider') != true)) { params?.containsKey('provider') != true)) {
items.clear(); throw AngelHttpException.forbidden(
return new Future.value({}); message: 'Clients are not allowed to delete all items.');
} else {
items.clear();
return new Future.value({});
}
} }
return read(id, params).then((result) { return read(id, params).then((result) {

2
pubspec.yaml
View file

@ -1,5 +1,5 @@
name: angel_framework name: angel_framework
version: 2.0.0-rc.7 version: 2.0.0-rc.8
description: A high-powered HTTP server with dependency injection, routing and much more. description: A high-powered HTTP server with dependency injection, routing and much more.
author: Tobe O <thosakwe@gmail.com> author: Tobe O <thosakwe@gmail.com>
homepage: https://github.com/angel-dart/angel_framework homepage: https://github.com/angel-dart/angel_framework

7
test/services_test.dart
View file

@ -25,7 +25,7 @@ main() {
app = new Angel(reflector: MirrorsReflector()) app = new Angel(reflector: MirrorsReflector())
..use('/todos', service = new MapService()) ..use('/todos', service = new MapService())
..errorHandler = (e, req, res) { ..errorHandler = (e, req, res) {
print('Whoops: ${e.error}'); if (e.error != null) print('Whoops: ${e.error}');
if (e.stackTrace != null) print(new Chain.forTrace(e.stackTrace).terse); if (e.stackTrace != null) print(new Chain.forTrace(e.stackTrace).terse);
}; };
@ -124,5 +124,10 @@ main() {
print(json_); print(json_);
expect(json_['text'], equals('Hello, world!')); expect(json_['text'], equals('Hello, world!'));
}); });
test('cannot remove all unless explicitly set', () async {
var response = await client.delete('$url/todos/null');
expect(response.statusCode, 403);
});
}); });
} }