Implemented #504

mevdschee · mevdschee · commit d35c5957679f · 2019-02-28T00:52:15.000+01:00
diff --git a/src/Tqdev/PhpCrudApi/Middleware/PageLimitsMiddleware.php b/src/Tqdev/PhpCrudApi/Middleware/PageLimitsMiddleware.php
@@ -5,6 +5,7 @@
 use Tqdev\PhpCrudApi\Controller\Responder;
 use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
 use Tqdev\PhpCrudApi\Middleware\Router\Router;
+use Tqdev\PhpCrudApi\Record\ErrorCode;
 use Tqdev\PhpCrudApi\Record\RequestUtils;
 use Tqdev\PhpCrudApi\Request;
 use Tqdev\PhpCrudApi\Response;
@@ -28,10 +29,12 @@ public function handle(Request $request): Response
             $maxPage = (int) $this->getProperty('pages', '100');
             if (isset($params['page']) && $params['page'] && $maxPage > 0) {
                 if (strpos($params['page'][0], ',') === false) {
-                    $params['page'] = array(min($params['page'][0], $maxPage));
+                    $page = $params['page'][0];
                 } else {
                     list($page, $size) = explode(',', $params['page'][0], 2);
-                    $params['page'] = array(min($page, $maxPage) . ',' . $size);
+                }
+                if ($page > $maxPage) {
+                    return $this->responder->error(ErrorCode::PAGINATION_FORBIDDEN, '');
                 }
             }
             $maxSize = (int) $this->getProperty('records', '1000');
diff --git a/src/Tqdev/PhpCrudApi/Record/ErrorCode.php b/src/Tqdev/PhpCrudApi/Record/ErrorCode.php
@@ -30,7 +30,7 @@ class ErrorCode
     const TEMPORARY_OR_PERMANENTLY_BLOCKED = 1016;
     const BAD_OR_MISSING_XSRF_TOKEN = 1017;
     const ONLY_AJAX_REQUESTS_ALLOWED = 1018;
-    const FILE_UPLOAD_FAILED = 1019;
+    const PAGINATION_FORBIDDEN = 1019;
 
     private $values = [
         9999 => ["%s", Response::INTERNAL_SERVER_ERROR],
@@ -53,7 +53,7 @@ class ErrorCode
         1016 => ["Temporary or permanently blocked", Response::FORBIDDEN],
         1017 => ["Bad or missing XSRF token", Response::FORBIDDEN],
         1018 => ["Only AJAX requests allowed for '%s'", Response::FORBIDDEN],
-        1019 => ["File upload failed for '%s'", Response::UNPROCESSABLE_ENTITY],
+        1019 => ["Pagination forbidden", Response::FORBIDDEN],
     ];
 
     public function __construct(int $code)
diff --git a/tests/functional/001_records/077_list_posts_with_page_limits.log b/tests/functional/001_records/077_list_posts_with_page_limits.log
@@ -24,8 +24,8 @@ Content-Length: 78
 ===
 GET /records/posts?page=6,1
 ===
-200
+403
 Content-Type: application/json
-Content-Length: 78
+Content-Length: 46
 
-{"records":[{"id":7,"user_id":1,"category_id":1,"content":"#3"}],"results":12}
+{"code":1019,"message":"Pagination forbidden"}
