-
Notifications
You must be signed in to change notification settings - Fork 173
Obtaining the current user
It might sometimes be necessary to retrieve information about the currently authenticated user. This is not provided by RESTful out-of-the-box, but can be achieved by extending the users
resource to respond to the special ID me
. This will allow requests to api/v1.1/users/me
(or api/users/me
if you have no later API version of the users
resource.)
Note that since RESTful does not actually log a user in but rather authenticates each individual request, there's no "state of being logged in".
To do this, we will create version 1.1 of the user resource.
- copy
restful/plugins/restful/user/user/1.0/*
tomymodule/plugins/restful/user/user/1.1
- rename the two files to
RestfulEntityUser__1_1.class.php
andusers__1_1.inc
- edit
users__1_1.inc
and modify theclass
and add major and minor version keys as follows:
<?php
// By checking the variable, we allow implementing modules to easily implement
// their own "users" resource.
if (variable_get('restful_enable_users_resource', TRUE)) {
$plugin = array(
'label' => t('User'),
'description' => t('Export the "User" entity.'),
'resource' => 'users',
'class' => 'RestfulEntityUser__1_1',
'entity_type' => 'user',
'bundle' => 'user',
// Try to authenticate users with all available authentication types.
'authentication_types' => TRUE,
// Allow anonymous users to access the resource, given they have the right
// permissions.
'authentication_optional' => TRUE,
'major_version' => 1,
'minor_version' => 1,
);
}
- edit the
RestfulEntityUser__1_1.class.php
as follows:
<?php
/**
* @file
* Contains RestfulEntityUser__1_1.
*/
class RestfulEntityUser__1_1 extends RestfulEntityBaseUser {
public function viewEntities($ids_string) {
if ($ids_string === 'me') {
$account = $this->getAccount();
$ids_string = $account->uid;
}
return parent::viewEntities($ids_string);
}
}
Note that we cannot use global $user;
since this user is authenticated only by RESTful. The getAccount()
method is provided by RESTful so we can obtain the user object which was authenticated from the REST request.
If the user hasn't authenticated, an empty data array will be returned.
http://drupalsite.local/api/users/me
If the request also contains basic auth containing Drupal username and password, or an auth cookie, then RESTful will attempt to authenticate this user, but will otherwise return an empty data array.
Non-authenticated user:
{
"data": [],
"self": {
"title": "Self",
"href": "http://drupalsite.local/api/v1.1/users/me"
}
}
Sample authenticated user:
{
"data": [
{
"id": "1",
"label": "admin",
"self": "http://drupalsite.local/api/v1.1/users/1",
"mail": "admin.drupalsite@gmail.com"
}
],
"self": {
"title": "Self",
"href": "http://drupalsite.local/api/v1.1/users/me"
}
}