Skip to content

Obtaining the current user

jeff-h edited this page Oct 6, 2015 · 11 revisions

It might sometimes be necessary to retrieve information about the currently authenticated user. This is not provided by RESTful out-of-the-box, but can be achieved by extending the users resource to respond to the special ID me. This will allow requests to api/v1.1/users/me (or api/users/me if you have no later API version of the users resource.)

Note that since RESTful does not actually log a user in but rather authenticates each individual request, there's no "state of being logged in".

To do this, we will create version 1.1 of the user resource.

  • copy restful/plugins/restful/user/user/1.0/* to mymodule/plugins/restful/user/user/1.1
  • rename the two files to RestfulEntityUser__1_1.class.php and users__1_1.inc
  • edit users__1_1.inc and modify the class and add major and minor version keys as follows:
<?php

// By checking the variable, we allow implementing modules to easily implement
// their own "users" resource.
if (variable_get('restful_enable_users_resource', TRUE)) {

  $plugin = array(
    'label' => t('User'),
    'description' => t('Export the "User" entity.'),
    'resource' => 'users',
    'class' => 'RestfulEntityUser__1_1',
    'entity_type' => 'user',
    'bundle' => 'user',
    // Try to authenticate users with all available authentication types.
    'authentication_types' => TRUE,
    // Allow anonymous users to access the resource, given they have the right
    // permissions.
    'authentication_optional' => TRUE,
    'major_version' => 1,
    'minor_version' => 1,
  );
}
  • edit the RestfulEntityUser__1_1.class.php as follows:
<?php

/**
 * @file
 * Contains RestfulEntityUser__1_1.
 */

class RestfulEntityUser__1_1 extends RestfulEntityBaseUser {
  public function viewEntities($ids_string) {    
    if ($ids_string === 'me') {
      $account = $this->getAccount();
      $ids_string = $account->uid;
    }
    
    return parent::viewEntities($ids_string);
  }
}

Note that we cannot use global $user; since this user is authenticated only by RESTful. The getAccount() method is provided by RESTful so we can obtain the user object which was authenticated from the REST request.

If the user hasn't authenticated, an empty data array will be returned.

REQUEST

http://drupalsite.local/api/users/me

If the request also contains basic auth containing Drupal username and password, or an auth cookie, then RESTful will attempt to authenticate this user, but will otherwise return an empty data array.

RESPONSE

Non-authenticated user:

{
  "data": [],
  "self": {
    "title": "Self",
    "href": "http://drupalsite.local/api/v1.1/users/me"
  }
}

Sample authenticated user:

{
  "data": [
    {
      "id": "1",
      "label": "admin",
      "self": "http://drupalsite.local/api/v1.1/users/1",
      "mail": "admin.drupalsite@gmail.com"
    }
  ],
  "self": {
    "title": "Self",
    "href": "http://drupalsite.local/api/v1.1/users/me"
  }
}
Clone this wiki locally