Hi Jen,
Your first messages to the group get moderated. That's why your post didn't show up immediately, but now all your posts will go through right away because I've moderated your user to "always allow".
I'm glad you both brought up "gallery" because I've been cranking away at the REST 'galleries feature. I'd like to make it as automatic as REST tables. There will be a new url path parameter called 'format' which you can use like .../format/gallery on your URLs. When you choose a gallery format, the fields of each row are grouped together in a div. Gallery formatting is useful when your row represents a blog post, a file, a product, etc. You can still use the ../style/xxx path parameter to apply some built-in CSS styles so that you get a decent looking gallery.
I've added 'form' as a format, so for any data you can say .../format/form and the data will populate a form, using YUI Editor for text fields, and YUI Calendar for date fields. This allows you to edit any of the data.
The next thing I need to do is build out an "internal users" permission system. This request came through from Jen because she wants to allow her customer to edit content of a gallery, without letting the general public have write access. To do this, I'm going to introduce the notion of "system tables". You'll create a table called SYS_USERS and a table called SYS_ACCESS_CONTROL. In the SYS_USERS table must have 'username', 'password',and 'role' columns. The SYS_ACCESS_CONTROL table has columns 'role', 'url_regex', and 'permission'. Together, these two tables let you define 'system users', then give those users read or read/write access to certain REST URLs.
Example:
SYS_USERS:
username password role
=============================
jill letmein site_admin
bob hotrod marketing
SYS_ACCESS_CONTROL
role url_regex action
======================================
site_admin /PRODUCTS GET,POST
marketing /PRODUCTS GET
site_admin /PRODUCTS/rowid POST
Well, all this will become clearer after I finish it, and put a good description on the wiki page, but the long and short of it is that the goal is to allow the owners of the site you create to easily be able to edit the site content without having to know anything about nextdb. This is enabled by a new access control system that is administered simply be creating some special tables in nextdb. Through this new access control system, site admins can be given access to XSLT-enabled forms for editing data.
-geoff
--
http://nextdb.net - RESTful Relational Database
http://www.nextdb.net/wiki/en/REST