\RestfulServer
Generic RESTful server, which handles webservice access to arbitrary DataObjects.
Relies on serialization/deserialization into different formats provided
by the DataFormatter APIs in core.
Synopsis
class RestfulServer
extends Controller
{
- // members
- public static array $url_handlers = ;
- protected static string $api_base = "api/r1/";
- protected static string $authenticator = 'BasicRestfulAuthenticator';
- public static string $default_extension = "xml";
- protected static string $default_mimetype = "text/xml";
- protected Member $member;
- public static array $allowed_actions = ;
- // methods
- public void init()
- public void index()
- protected String getHandler()
- protected SS_List getSearchQuery()
- protected DataFormatter getDataFormatter()
- protected DataFormatter getRequestDataFormatter()
- protected DataFormatter getResponseDataFormatter()
- protected void deleteHandler()
- protected void putHandler()
- protected void postHandler()
- protected DataObject|string updateDataObject()
- protected DataList getObjectQuery()
- protected SQLQuery getObjectsQuery()
- protected SQLQuery|boolean getObjectRelationQuery()
- protected void permissionFailure()
- protected void notFound()
- protected void methodNotAllowed()
- protected void unsupportedMediaType()
- protected Member|false authenticate()
- protected array getAllowedRelations()
- protected Member|null getMember()
Hierarchy
Extends
- Controller
Tasks
Line | Task |
---|---|
29+ | Finish RestfulServer_Item and RestfulServer_List implementation and re-enable $url_handlers |
29+ | Implement PUT/POST/DELETE for relations |
29+ | Access-Control for relations (you might be allowed to view Members and Groups, but not their relation with each other) |
29+ | Make SearchContext specification customizeable for each class |
29+ | Allow for range-searches (e.g. on Created column) |
29+ | Filter relation listings by $api_access and canView() permissions |
29+ | Exclude relations when "fields" are specified through URL (they should be explicitly requested in this case) |
29+ | Custom filters per DataObject subclass, e.g. to disallow showing unpublished pages in SiteTree/Versioned/Hierarchy |
29+ | URL parameter namespacing for search-fields, limit, fields, add_fields (might all be valid dataobject properties) e.g. you wouldn't be able to search for a "limit" property on your subclass as its overlayed with the search logic |
29+ | i18n integration (e.g. Page/1.xml?lang=de_DE) |
29+ | Access to extendable methods/relations like SiteTree/1/Versions or SiteTree/1/Version/22 |
29+ | Respect $api_access array notation in search contexts |
80 | In 3.2 we should make the default Live, then change to Stage in the admin area (with a nicer API) |
178+ | Access checking |
262+ | Allow specifying of different searchcontext getters on model-by-model basis |
440+ | Posting to an existing URL (without a relation) current resolves in creatig a new element, rather than a "Conflict" message. |
529 | Disallow editing of certain keys in database |
648+ | Respect field level permissions once they are available in core |
Members
protected
- $api_base
- $authenticator
- $default_mimetype
—
string
If no extension is given, resolve the request to this mimetype. - $member — Member
public
- $allowed_actions
- $default_extension
—
string
If no extension is given in the request, resolve to this extension (and subsequently the {@link self::$default_mimetype}. - $url_handlers
Methods
protected
- authenticate() — A function to authenticate a user
- deleteHandler() — Handler for object delete
- getAllowedRelations() — Return only relations which have $api_access enabled.
- getDataFormatter() — Returns a dataformatter instance based on the request extension or mimetype. Falls back to {@link self::$default_extension}.
- getHandler() — Handler for object read.
- getMember() — Get the current Member, if available
- getObjectQuery() — Gets a single DataObject by ID, through a request like /api/r1/<MyClass>/<MyID>
- getObjectRelationQuery()
- getObjectsQuery()
- getRequestDataFormatter()
- getResponseDataFormatter()
- getSearchQuery() — Uses the default {@link SearchContext} specified through {@link DataObject::getDefaultSearchContext()} to augument an existing query object (mostly a component query from {@link DataObject}) with search clauses.
- methodNotAllowed()
- notFound()
- permissionFailure()
- postHandler() — Handler for object append / method call.
- putHandler() — Handler for object write
- unsupportedMediaType()
- updateDataObject() — Converts either the given HTTP Body into an array (based on the DataFormatter instance), or returns the POST variables.