From bbb7822f95cc8b047d8b823bf7f965445e110147 Mon Sep 17 00:00:00 2001
From: Luke Gibson <ljgibson88@googlemail.com>
Date: Tue, 19 Feb 2019 16:50:12 +0000
Subject: [PATCH] Throw a method not supported on POST singular relation update

---
 src/actions/UpdateRelationshipAction.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/actions/UpdateRelationshipAction.php b/src/actions/UpdateRelationshipAction.php
index 54deb24..d2b479e 100644
--- a/src/actions/UpdateRelationshipAction.php
+++ b/src/actions/UpdateRelationshipAction.php
@@ -9,6 +9,7 @@
 use yii\db\BaseActiveRecord;
 use yii\web\BadRequestHttpException;
 use yii\web\NotFoundHttpException;
+use yii\web\MethodNotAllowedHttpException;
 use Yii;
 
 /**
@@ -34,6 +35,10 @@ public function run($id, $name)
             throw new NotFoundHttpException('Relationship does not exist');
         }
 
+        if (!$related->multiple && Yii::$app->request->isPost) {
+            throw new MethodNotAllowedHttpException();
+        }
+
         if ($this->checkAccess) {
             call_user_func($this->checkAccess, $this->id, $model, $name);
         }