Merge pull request #302 from trecouvr/remove-get-access

More flexible control access for methods

src/Payutc/Dispatcher/Json.php

@@ -34,6 +34,17 @@
 
 class Json
 {
+    public function checkMethodAllowed($service, $method)
+    {
+        $app = \Slim\Slim::getInstance();
+        if ($app->request->isPost()) {
+            return;
+        }
+        else if ($app->request->isGet()) {
+            \Payutc\Mapping\Services::checkGetAuthorized($service, $method);
+        }
+    }
+
     public function handleService($service, $method) {
         $app = \Slim\Slim::getInstance();
 
@@ -44,7 +55,8 @@ public function handleService($service, $method) {
         if (!array_key_exists($service, $_SESSION['services']))
                 $_SESSION['services'][$service] = \Payutc\Mapping\Services::get($service);
         $obj = $_SESSION['services'][$service];
-        $a = \Payutc\Utils::call_user_func_named(array($obj, $method), $_REQUEST);
+        $this->checkMethodAllowed($service, $method);
+        $a = \Payutc\Utils::call_user_func_named(array($obj, $method), $app->request->params());
         echo json_encode($a);
     }
 

src/Payutc/Mapping/Services.php

@@ -15,7 +15,13 @@ class Services {
         'MYACCOUNT',
         'TRANSFER',
         'WEBSALE',
-        'WEBSALECONFIRM'
+        'WEBSALECONFIRM',
+    );
+
+    protected static $servicesGET = array(
+        'PAYLINE' => array(
+            'notification',
+        ),
     );
 
     public static function get($name) {
@@ -30,6 +36,14 @@ public static function checkExist($name) {
         }
     }
 
+    public static function checkGetAuthorized($service, $method)
+    {
+        static::checkExist($service);
+        if (!isset(static::$servicesGET[$service]) || !in_array($method, static::$servicesGET[$service])) {
+            throw new \Payutc\Exception\ServiceMethodForbidden("Can't access $service::$method with GET");
+        }
+    }
+
     public static function getServices() {
         return static::$services;
     }

src/Payutc/WebApp.php

@@ -6,14 +6,15 @@
 use \Payutc\Log;
 
 class WebApp {
+
     public static function createApplication($config)
     {
         Config::initFromArray($config);
         Log::init(Config::get('log_mode'), Config::get('log_filename'));
 
         $app = new \Slim\Slim(\Payutc\Config::get('slim_config'));
         // JSON route
-        $app->post('/:service/:method', function($service, $method) use ($app) {
+        $app->map('/:service/:method', function($service, $method) use ($app) {
             $dispatcher = new \Payutc\Dispatcher\Json();
 
             // JSON Error handler

tests/utils.php

@@ -18,13 +18,15 @@ function filepathSeed($fixture)
 
 function httpSend($service, $meth, &$cookies='', $params=array())
 {
-	$url = "http://localhost:" . PAYUTC_TEST_SERVER_PORT . "/$service/$meth?";
+	$url = "http://localhost:" . PAYUTC_TEST_SERVER_PORT . "/$service/$meth";
+    $payload = "";
     foreach ($params as $k=>$v) {
-        $url .= $k."=".urlencode($v)."&";
+        $payload .= $k."=".urlencode($v)."&";
     }
-    $r = Request::get($url)
+    $payload = rtrim($payload, "&");
+    $r = Request::post($url)
       ->addHeader('Cookie', $cookies)
-      ->sendsJson()
+      ->body($payload)
       ->parseWith(function($body) { return json_decode($body, true); })
       ->send();