/**
* Checks that api access config check works
*/
public function testDataObjectAPIEnaled()
{
Config::inst()->update('RESTfulAPI', 'access_control_policy', 'ACL_CHECK_CONFIG_ONLY');
// ----------------
// Method Calls
// Disabled by default
$enabled = RESTfulAPI::api_access_control('ApiTest_Author');
$this->assertFalse($enabled, 'Access control should return FALSE by default');
// Enabled
Config::inst()->update('ApiTest_Author', 'api_access', true);
$enabled = RESTfulAPI::api_access_control('ApiTest_Author');
$this->assertTrue($enabled, 'Access control should return TRUE when api_access is enbaled');
// Method specific
Config::inst()->update('ApiTest_Author', 'api_access', 'GET,POST');
$enabled = RESTfulAPI::api_access_control('ApiTest_Author');
$this->assertTrue($enabled, 'Access control should return TRUE when api_access is enbaled with default GET method');
$enabled = RESTfulAPI::api_access_control('ApiTest_Author', 'POST');
$this->assertTrue($enabled, 'Access control should return TRUE when api_access match HTTP method');
$enabled = RESTfulAPI::api_access_control('ApiTest_Author', 'PUT');
$this->assertFalse($enabled, 'Access control should return FALSE when api_access does not match method');
// ----------------
// API Calls
/*
// Access authorised
$response = Director::test('api/ApiTest_Author/1', null, null, 'GET');
$this->assertEquals(
$response->getStatusCode(),
200
);
// Access denied
Config::inst()->update('ApiTest_Author', 'api_access', false);
$response = Director::test('api/ApiTest_Author/1', null, null, 'GET');
$this->assertEquals(
$response->getStatusCode(),
403
);
// Access denied
Config::inst()->update('ApiTest_Author', 'api_access', 'POST');
$response = Director::test('api/ApiTest_Author/1', null, null, 'GET');
$this->assertEquals(
$response->getStatusCode(),
403
);
*/
}