search

colymba / silverstripe-restfulapi

SilverStripe RESTful API with a default JSON serializer.
BSD 3-Clause "New" or "Revised" License
64 stars 33 forks source link

Expose Custom Methods #68

Open zegerman opened 8 years ago

zegerman commented 8 years ago

Hi,

thank you for the module. Its working great so far.

However I would like to make custom methods (e.g. of Controllers) accessible via REST.

Can this be done as well?

I see that something can be done with api/acl/ but not sure how this can be configured.

Thx Andy

TihoBeretovac commented 7 years ago

I would also like to get a handle on the custom method execution. From the code - it defers the method to the allowed_actions within the $authority (which by default is the RESTful_API_DefaultPermissionManager. Is that by design? The permission manager is responsible for delegating out the actions/methods to their final destination?

sanderha commented 7 years ago

I'd like some help with this aswell

colymba commented 7 years ago

@zegerman @TihoBeretovac @sanderha sorry for not replying earlier...

it all depends what you are trying to achieve... if you have methods on some Controller you had like to access, this is already built in SS, you should be able to access it through the route ControllerName/method or setup a custom route to use something else than the controller name in the route.

If you want the result of your custom method to be serialized, you can always instantiate the Serializer in your custom method.

if you want your Controller methods to be accessed through the api/... route. This will need more work. You would have to extend the main API class with your own and edit the config of the new RESTfulAPI class, adding your own entry in $dependencies and the public property that match so the controller is instantiated. Then also add your own entry in allowed_actions and url_handlers. Then create the method that match your definition on url_handlers to access your controller and pass on the request to your own controller where the method is.... so overall, more complicated.

@TihoBeretovac the permission manager is used to check is the user accessing the api has the right to read, edit etc the model being accessed. Through the canView etc methods. Nothing more at the moment. The acl method on RestfulAPI is there just in case, for example if someone create a custom permission manager and needs to access some methods on it via the api. But at the minute or with the default, it's not in use.