\RESTfulAPI
SilverStripe 3 RESTful API
This module implements a RESTful API
with flexible configuration for model querying and response serialization
through independent components.
- Author: Thierry Francois @colymba thierry@colymba.com
- Copyright: Copyright (c) 2013, Thierry Francois
- License: http://opensource.org/licenses/BSD-3-Clause BSD Simplified
Synopsis
class RESTfulAPI
extends ContentController
{
- // constants
- const ACL_CHECK_CONFIG_ONLY = 'config';
- const ACL_CHECK_MODEL_ONLY = 'model';
- const ACL_CHECK_CONFIG_AND_MODEL = 'both';
- // members
- private static boolean|array $authentication_policy;
- private static boolean|string $access_control_policy = 'ACL_CHECK_CONFIG_ONLY';
- public RESTfulAPI_Authenticator $authenticator;
- public RESTfulAPI_PermissionManager $authority;
- public RESTfulAPI_QueryHandler $queryHandler;
- public RESTfulAPI_Serializer $serializer;
- private static array $dependencies = ;
- private static $embedded_records;
- private static array $cors = ;
- private static array $allowed_actions = ;
- private static array $url_handlers = ;
- protected static RESTfulAPI $instance;
- // methods
- public RESTfulAPI_QueryHandler getqueryHandler()
- public RESTfulAPI_Serializer getserializer()
- public void __construct()
- public void init()
- public void auth()
- public void acl()
- public string index()
- public void answer()
- public void error()
- private void setAnswerCORS()
- public static boolean api_access_control()
- private static boolean api_access_config_check()
- private static boolean model_permission_check()
Hierarchy
Extends
- SilverStripe\CMS\Controllers\ContentController
Tasks
Line | Task |
---|---|
330+ | move authentication check to another methode |
Constants
Name | Value |
---|---|
ACL_CHECK_CONFIG_ONLY | 'config' |
ACL_CHECK_MODEL_ONLY | 'model' |
ACL_CHECK_CONFIG_AND_MODEL | 'both' |
Members
private
- $access_control_policy
—
boolean|string
Lets you select if the API will perform access control checks. - $allowed_actions
—
array
URL handler allowed actions - $authentication_policy
—
boolean|array
Lets you select if the API requires authentication for access null|false = no authentication required true = authentication required for all HTTP methods array = authentication required for selected HTTP methods e.g. array('POST', 'PUT', 'DELETE') - $cors
—
array
Cross-Origin Resource Sharing (CORS) API settings for cross domain XMLHTTPRequest - $dependencies
—
array
Injector dependencies Override in configuration to use your custom classes - $embedded_records
—
array
Embedded records setting Specify which relation ($has_one, $has_many, $many_many) model data should be embedded into the response - $url_handlers
—
array
URL handler definition
protected
- $instance
—
RESTfulAPI
Current RESTfulAPI instance
public
- $authenticator
—
RESTfulAPI_Authenticator
Current Authenticator instance - $queryHandler
—
RESTfulAPI_QueryHandler
Current QueryHandler instance - $serializer
—
RESTfulAPI_Serializer
Current serializer instance
Methods
private
- api_access_config_check() — Checks a model's api_access config.
- model_permission_check() — Checks a Model's permission for the currently authenticated user via the Permission Manager dependency.
- setAnswerCORS() — Apply the proper CORS response heardes to an HTTPResponse
public
- __construct() — Constructor....
- acl() — Handles Access Control methods get response from API PermissionManager then passes it on to $answer()
- answer() — Output the API response to client then exit.
- api_access_control() — Checks a class or model api access depending on access_control_policy and the provided model.
- auth() — Handles authentications methods get response from API Authenticator then passes it on to $answer()
- error() — Handles formatting and output error message then exit.
- getqueryHandler() — Returns current query handler instance
- getserializer() — Returns current serializer instance
- index() — Main API hub switch All requests pass through here and are redirected depending on HTTP verb and params
- init() — Controller inititalisation Catches CORS preflight request marked with HTTPMethod 'OPTIONS'