[FEATURE] (MVC): Whitelist-based Property Mapping Configuration
authorSebastian Kurfürst <sebastian@typo3.org>
Sat, 9 Feb 2013 21:04:35 +0000 (22:04 +0100)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 9 Feb 2013 21:14:02 +0000 (22:14 +0100)
commitf74ff51d3a2967639ef9dc469b290ecaa9b197de
treec43767c79cf904be2a292b366ac76fd713c318b8
parent479efe76cff82b81a8df40a089743e9a4b6325b9
[FEATURE] (MVC): Whitelist-based Property Mapping Configuration

Up to now, property mapping in the rewritten property mapper always
allowed to modify all properties of a given object. Especially in the
MVC stack, this functionality was relied upon for all update and create
actions. However, for nested objects, the user needed to configure
whether updates and creations should be allowed.
This was an inconsistent behavior, especially because for read-only
actions the object could be also modified.
The behavior is now changed to be more predictive:
- the default PropertyMappingConfiguration used in the MVC stack is
  changed to be very restrictive: we do neither allow creation of any
  new objects nor modification of existing ones; and all properties
  which should be modified must be explicitly configured.
- For each form, Fluid now generates a list of trusted properties,
  based upon which the PropertyMappingConfiguration is set correctly.
  This means only properties which have been rendered by fluid are
  allowed to be modified, and creation / insertion is only permitted
  if needed.

(Excerpt from commit message of the original change in Flow)
https://review.typo3.org/#/c/10926/

This Patch is a 100% backport from this change with some needed
adjustments for the unit tests.

Change-Id: I6e59183a6ddfe83c65f975a2e2211e9ac33c5ccc
Resolves: #43057
Releases: 6.1
Reviewed-on: https://review.typo3.org/17092
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
typo3/sysext/extbase/Classes/Mvc/Controller/ActionController.php
typo3/sysext/extbase/Classes/Mvc/Controller/Argument.php
typo3/sysext/extbase/Classes/Mvc/Controller/MvcPropertyMappingConfigurationService.php [new file with mode: 0644]
typo3/sysext/extbase/Classes/Property/PropertyMapper.php
typo3/sysext/extbase/Classes/Property/PropertyMappingConfiguration.php
typo3/sysext/extbase/Classes/Property/PropertyMappingConfigurationBuilder.php
typo3/sysext/extbase/Tests/Unit/Mvc/Controller/ActionControllerTest.php
typo3/sysext/extbase/Tests/Unit/Mvc/Controller/ArgumentTest.php
typo3/sysext/extbase/Tests/Unit/Mvc/Controller/MvcPropertyMappingConfigurationServiceTest.php [new file with mode: 0644]
typo3/sysext/extbase/Tests/Unit/Property/PropertyMappingConfigurationTest.php