Received: by 10.236.173.233 with SMTP id v69mr9266030yhl.47.1349559316391; Sat, 06 Oct 2012 14:35:16 -0700 (PDT) X-BeenThere: zotonic-developers@googlegroups.com Received: by 10.236.154.232 with SMTP id h68ls7494650yhk.2.gmail; Sat, 06 Oct 2012 14:35:16 -0700 (PDT) Received: by 10.236.79.7 with SMTP id h7mr854739yhe.2.1349559316017; Sat, 06 Oct 2012 14:35:16 -0700 (PDT) Date: Sat, 6 Oct 2012 14:35:15 -0700 (PDT) From: Amiramix To: zotonic-developers@googlegroups.com Message-Id: <4bf01781-a531-4845-af40-afb025ae926b@googlegroups.com> In-Reply-To: <47993610-1BC3-470B-BA1C-1822B5C6E0FE@me.com> References: <47993610-1BC3-470B-BA1C-1822B5C6E0FE@me.com> Subject: Re: [Zotonic-Dev] a REST API question MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_1380_27304198.1349559315407" ------=_Part_1380_27304198.1349559315407 Content-Type: multipart/alternative; boundary="----=_Part_1381_11244755.1349559315407" ------=_Part_1381_11244755.1349559315407 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit No, I implemented my own controller with custom is_authorized method. Then I store the userId in a custom field in the context. But I think implementing my custom ACL module may be a good idea as long as I don't have to store the user in the rsc table and still have the rest of Zotonic working correctly. Currently some of the modules assume that the user is stored in the rsc table and I am afraid that even if I implement my own ACL module I still won't be able to use those modules. Thanks for the explanation. I think I need to use controller_api because the data I need to return as JSON come from an external database and not from the rsc table. So I have the problem that the controller_api checks if the user is logged in by checking if user_id in the context is not undefined. In my case is undefined because I am using a custom field. I think there are three ways of dealing with this problem: 1. In other modules don't assume that the user is stored in the rsc table 2. Have a separate module that would store and manage users in the system (not necessarily in the rsc table) and use that module in other modules 3. Don't assume that the user is stored in user_id field in the context On Saturday, October 6, 2012 9:04:43 PM UTC+1, Marc Worrell wrote: > > Hi, > > controller_api is for access to the services in the modules. > > controller_rest_rsc (in mod_rest) is an experimental controller for REST > like access to resources. > > Did you implement your own ACL module? > > - Marc > > > On 6 okt. 2012, at 20:25, Amiramix wrote: > > > What's the difference between controller_api, which is in the mod_base, > and mod_rest? > > > > I'd like to use controller_api to provide some JSON files but I can't > use the default is_authorized that is defined in that module because I am > using an external authorization (my users are not stored in Zotonic > database). Copying the other methods and creating my own controller would > rather prove that Zotonic isn't flexible enough so I am trying to avoid > that. Can anybody please suggest a simple and effective solution? I don't > mind adding some code to Zotonic if needed. > > > > ------=_Part_1381_11244755.1349559315407 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable No, I implemented my own controller with custom is_authorized method. Then = I store the userId in a custom field in the context. But I think implementi= ng my custom ACL module may be a good idea as long as I don't have to store= the user in the rsc table and still have the rest of Zotonic working corre= ctly. Currently some of the modules assume that the user is stored in the r= sc table and I am afraid that even if I implement my own ACL module I still= won't be able to use those modules.

Thanks for the explanation. I t= hink I need to use controller_api because the data I need to return as JSON= come from an external database and not from the rsc table. So I have the p= roblem that the controller_api checks if the user is logged in by checking = if user_id in the context is not undefined. In my case is undefined because= I am using a custom field.

I think there are three ways of dealing = with this problem:

1. In other modules don't assume that the user is= stored in the rsc table
2. Have a separate module that would store and = manage users in the system (not necessarily in the rsc table) and use that = module in other modules
3. Don't assume that the user is stored in user_= id field in the context


On Saturday, October 6, 2012 9:04:43 PM = UTC+1, Marc Worrell wrote:
Hi,

controller_api is for access to the services in the modules.

controller_rest_rsc (in mod_rest) is an experimental controller for RES= T like access to resources.

Did you implement your own ACL module?

- Marc


On 6 okt. 2012, at 20:25, Amiramix wrote:

> What's the difference between controller_api, which is in the mod_= base, and mod_rest?
>=20
> I'd like to use controller_api to provide some JSON files but I ca= n't use the default is_authorized that is defined in that module because I = am using an external authorization (my users are not stored in Zotonic data= base). Copying the other methods and creating my own controller would rathe= r prove that Zotonic isn't flexible enough so I am trying to avoid that. Ca= n anybody please suggest a simple and effective solution? I don't mind addi= ng some code to Zotonic if needed.
>=20

------=_Part_1381_11244755.1349559315407-- ------=_Part_1380_27304198.1349559315407--