From 7757bec29224b446ca88796d58165ec43960078b Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Thu, 17 Jun 2021 08:54:09 +0200
Subject: [PATCH] fix: [API] various fixes

---
 src/Application.php                        |  4 +++-
 src/Controller/AppController.php           |  3 +++
 src/Controller/Component/CRUDComponent.php | 26 ++++++++++++----------
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/src/Application.php b/src/Application.php
index 8eb1704..a3bb1a6 100644
--- a/src/Application.php
+++ b/src/Application.php
@@ -27,6 +27,7 @@ use Authentication\AuthenticationService;
 use Authentication\AuthenticationServiceInterface;
 use Authentication\AuthenticationServiceProviderInterface;
 use Authentication\Middleware\AuthenticationMiddleware;
+use Cake\Http\Middleware\BodyParserMiddleware;
 use Psr\Http\Message\ServerRequestInterface;
 
 /**
@@ -87,7 +88,8 @@ class Application extends BaseApplication implements AuthenticationServiceProvid
             // using it's second constructor argument:
             // `new RoutingMiddleware($this, '_cake_routes_')`
             ->add(new RoutingMiddleware($this))
-            ->add(new AuthenticationMiddleware($this));
+            ->add(new AuthenticationMiddleware($this))
+            ->add(new BodyParserMiddleware());
         return $middlewareQueue;
     }
 
diff --git a/src/Controller/AppController.php b/src/Controller/AppController.php
index 70116d9..66bae56 100644
--- a/src/Controller/AppController.php
+++ b/src/Controller/AppController.php
@@ -91,6 +91,9 @@ class AppController extends Controller
         $this->loadModel('Users');
         $this->Users->checkForNewInstance();
         $this->authApiUser();
+        if ($this->ParamHandler->isRest()) {
+            $this->Security->setConfig('unlockedActions', [$this->request->getParam('action')]);
+        }
         $this->ACL->setPublicInterfaces();
         if (!empty($this->request->getAttribute('identity'))) {
             $user = $this->Users->get($this->request->getAttribute('identity')->getIdentifier(), [
diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php
index 31de16c..09bbe0e 100644
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@@ -10,6 +10,7 @@ use Cake\View\ViewBuilder;
 
 class CRUDComponent extends Component
 {
+    protected $components = ['RestResponse'];
 
     public function initialize(array $config): void
     {
@@ -58,7 +59,7 @@ class CRUDComponent extends Component
                     $data = $this->Table->{$options['afterFind']}($data);
                 }
             }
-            $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData($data, 'json');
+            $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
         } else {
             $this->Controller->loadComponent('Paginator');
             $data = $this->Controller->Paginator->paginate($query);
@@ -147,9 +148,9 @@ class CRUDComponent extends Component
                 } else if ($this->Controller->ParamHandler->isAjax()) {
                     if (!empty($params['displayOnSuccess'])) {
                         $displayOnSuccess = $this->renderViewInVariable($params['displayOnSuccess'], ['entity' => $data]);
-                        $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'add', $savedData, $message, ['displayOnSuccess' => $displayOnSuccess]);
+                        $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'add', $savedData, $message, ['displayOnSuccess' => $displayOnSuccess]);
                     } else {
-                        $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'add', $savedData, $message);
+                        $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'add', $savedData, $message);
                     }
                 } else {
                     $this->Controller->Flash->success($message);
@@ -168,8 +169,9 @@ class CRUDComponent extends Component
                     empty($validationMessage) ? '' : PHP_EOL . __('Reason:{0}', $validationMessage)
                 );
                 if ($this->Controller->ParamHandler->isRest()) {
+                    $this->Controller->restResponsePayload = $this->RestResponse->viewData($message, 'json');
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxFailResponse($this->ObjectAlias, 'add', $data, $message, $validationMessage);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxFailResponse($this->ObjectAlias, 'add', $data, $message, $validationMessage);
                 } else {
                     $this->Controller->Flash->error($message);
                 }
@@ -246,7 +248,7 @@ class CRUDComponent extends Component
                 if ($this->Controller->ParamHandler->isRest()) {
                     $this->Controller->restResponsePayload = $this->RestResponse->viewData($savedData, 'json');
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'edit', $savedData, $message);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'edit', $savedData, $message);
                 } else {
                     $this->Controller->Flash->success($message);
                     if (empty($params['redirect'])) {
@@ -263,7 +265,7 @@ class CRUDComponent extends Component
                 );
                 if ($this->Controller->ParamHandler->isRest()) {
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxFailResponse($this->ObjectAlias, 'edit', $data, $message, $data->getErrors());
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxFailResponse($this->ObjectAlias, 'edit', $data, $message, $data->getErrors());
                 } else {
                     $this->Controller->Flash->error($message);
                 }
@@ -333,7 +335,7 @@ class CRUDComponent extends Component
             $data = $params['afterFind']($data);
         }
         if ($this->Controller->ParamHandler->isRest()) {
-            $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData($data, 'json');
+            $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
         }
         $this->Controller->set('entity', $data);
     }
@@ -350,7 +352,7 @@ class CRUDComponent extends Component
                 if ($this->Controller->ParamHandler->isRest()) {
                     $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'delete', $data, $message);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'delete', $data, $message);
                 } else {
                     $this->Controller->Flash->success($message);
                     $this->Controller->redirect($this->Controller->referer());
@@ -600,7 +602,7 @@ class CRUDComponent extends Component
                 if ($this->Controller->ParamHandler->isRest()) {
                     $this->Controller->restResponsePayload = $this->RestResponse->viewData($data, 'json');
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'toggle', $savedData, $message);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxSuccessResponse($this->ObjectAlias, 'toggle', $savedData, $message);
                 } else {
                     $this->Controller->Flash->success($message);
                     if (empty($params['redirect'])) {
@@ -618,7 +620,7 @@ class CRUDComponent extends Component
                 );
                 if ($this->Controller->ParamHandler->isRest()) {
                 } else if ($this->Controller->ParamHandler->isAjax()) {
-                    $this->Controller->ajaxResponsePayload = $this->Controller->RestResponse->ajaxFailResponse($this->ObjectAlias, 'toggle', $message, $validationMessage);
+                    $this->Controller->ajaxResponsePayload = $this->RestResponse->ajaxFailResponse($this->ObjectAlias, 'toggle', $message, $validationMessage);
                 } else {
                     $this->Controller->Flash->error($message);
                     if (empty($params['redirect'])) {
@@ -644,10 +646,10 @@ class CRUDComponent extends Component
         if ($this->request->is('post')) {
             $data[$fieldName] = $data[$fieldName] ? true : false;
             $this->Table->save($data);
-            $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData(['value' => $data[$fieldName]], 'json');
+            $this->Controller->restResponsePayload = $this->RestResponse->viewData(['value' => $data[$fieldName]], 'json');
         } else {
             if ($this->Controller->ParamHandler->isRest()) {
-                $this->Controller->restResponsePayload = $this->Controller->RestResponse->viewData(['value' => $data[$fieldName]], 'json');
+                $this->Controller->restResponsePayload = $this->RestResponse->viewData(['value' => $data[$fieldName]], 'json');
             } else {
                 $this->Controller->set('fieldName', $fieldName);
                 $this->Controller->set('currentValue', $data[$fieldName]);