From cd85d4fdf90114e5fca23a6bfe974f1f2d6731a3 Mon Sep 17 00:00:00 2001
From: Nicolas Le Goff <legoff.n@gmail.com>
Date: Mon, 12 Jan 2015 16:00:01 +0100
Subject: [PATCH] PHRAS-315 Do not expose not downloadable subdef

---
 lib/Alchemy/Phrasea/Controller/Api/V1Controller.php   | 11 +++++++++++
 .../Tests/Phrasea/Controller/Api/ApiTestCase.php      |  1 -
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php b/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
index 63c9da34e2..3e73c33322 100644
--- a/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
+++ b/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
@@ -1019,6 +1019,17 @@ class V1Controller extends Controller
             }
         }
 
+        $databox = $record->getDatabox();
+        try {
+            $subDefDefinition = $databox->get_subdef_structure()->get_subdef($record->getType(), $media->get_name());
+        } catch (\Exception_Databox_SubdefNotFound $e) {
+            return null;
+        }
+
+        if (false === $subDefDefinition->is_downloadable()) {
+            return null;
+        }
+
         if ($media->get_permalink() instanceof \media_Permalink_Adapter) {
             $permalink = $this->listPermalink($media->get_permalink());
         } else {
diff --git a/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiTestCase.php b/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiTestCase.php
index cfecfd4e49..e7093ba2f3 100644
--- a/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiTestCase.php
+++ b/tests/Alchemy/Tests/Phrasea/Controller/Api/ApiTestCase.php
@@ -1052,7 +1052,6 @@ abstract class ApiTestCase extends \PhraseanetWebTestCase
         $embedTypes = array_flip(array_map(function($subdef) {return $subdef['name'];}, $content['response']['embed']));
 
         //access to all subdefs
-        $this->assertArrayHasKey('document', $embedTypes);
         $this->assertArrayHasKey('preview', $embedTypes);
         $this->assertArrayHasKey('thumbnail', $embedTypes);