diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 67fa7d4..3fc33cd 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -92,6 +92,7 @@ Yii Framework 2 Change Log - Bug #4920: `yii\filters\auth\CompositeAuth` should not trigger error as long as one of the methods succeeds (qiangxue) - Bug #4954: MSSQL column comments are not retrieved correctly (SerjRamone) - Bug #4970: `joinWith()` called by a relation was ignored by `yii\db\ActiveQuery` (stepanselyuk) +- Bug #5001: `yii\rest\CreateAction`, `yii\rest\UpdateAction` and `yii\rest\DeleteAction` should throw 500 error if the model operation returns false without validation errors (qiangxue) - Bug: Fixed inconsistent return of `\yii\console\Application::runAction()` (samdark) - Bug: URL encoding for the route parameter added to `\yii\web\UrlManager` (klimov-paul) - Bug: Fixed the bug that requesting protected or private action methods would cause 500 error instead of 404 (qiangxue) diff --git a/framework/rest/CreateAction.php b/framework/rest/CreateAction.php index 73a06ca..63a761e 100644 --- a/framework/rest/CreateAction.php +++ b/framework/rest/CreateAction.php @@ -10,6 +10,7 @@ namespace yii\rest; use Yii; use yii\base\Model; use yii\helpers\Url; +use yii\web\ServerErrorHttpException; /** * CreateAction implements the API endpoint for creating a new model from the given data. @@ -51,6 +52,8 @@ class CreateAction extends Action $response->setStatusCode(201); $id = implode(',', array_values($model->getPrimaryKey(true))); $response->getHeaders()->set('Location', Url::toRoute([$this->viewAction, 'id' => $id], true)); + } elseif (!$model->hasErrors()) { + throw new ServerErrorHttpException('Failed to create the object for unknown reason.'); } return $model; diff --git a/framework/rest/DeleteAction.php b/framework/rest/DeleteAction.php index 7b70eb0..4012e6d 100644 --- a/framework/rest/DeleteAction.php +++ b/framework/rest/DeleteAction.php @@ -8,6 +8,7 @@ namespace yii\rest; use Yii; +use yii\web\ServerErrorHttpException; /** * DeleteAction implements the API endpoint for deleting a model. @@ -29,7 +30,9 @@ class DeleteAction extends Action call_user_func($this->checkAccess, $this->id, $model); } - $model->delete(); + if ($model->delete() === false) { + throw new ServerErrorHttpException('Failed to delete the object for unknown reason.'); + } Yii::$app->getResponse()->setStatusCode(204); } diff --git a/framework/rest/UpdateAction.php b/framework/rest/UpdateAction.php index 2de06e2..689872f 100644 --- a/framework/rest/UpdateAction.php +++ b/framework/rest/UpdateAction.php @@ -10,6 +10,7 @@ namespace yii\rest; use Yii; use yii\base\Model; use yii\db\ActiveRecord; +use yii\web\ServerErrorHttpException; /** * UpdateAction implements the API endpoint for updating a model. @@ -42,7 +43,9 @@ class UpdateAction extends Action $model->scenario = $this->scenario; $model->load(Yii::$app->getRequest()->getBodyParams(), ''); - $model->save(); + if ($model->save() === false && !$model->hasErrors()) { + throw new ServerErrorHttpException('Failed to update the object for unknown reason.'); + } return $model; } diff --git a/framework/web/ServerErrorHttpException.php b/framework/web/ServerErrorHttpException.php new file mode 100644 index 0000000..a7bb276 --- /dev/null +++ b/framework/web/ServerErrorHttpException.php @@ -0,0 +1,28 @@ +<?php +/** + * @link http://www.yiiframework.com/ + * @copyright Copyright (c) 2008 Yii Software LLC + * @license http://www.yiiframework.com/license/ + */ + +namespace yii\web; + +/** + * ServerErrorHttpException represents an "Internal Server Error" HTTP exception with status code 500. + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @since 2.0 + */ +class ServerErrorHttpException extends HttpException +{ + /** + * Constructor. + * @param string $message error message + * @param integer $code error code + * @param \Exception $previous The previous exception used for the exception chaining. + */ + public function __construct($message = null, $code = 0, \Exception $previous = null) + { + parent::__construct(500, $message, $code, $previous); + } +}