Skip to content

Obtaining the current user [RESTful v1]

Jump to bottom Edit New page
jeff-h edited this page Nov 27, 2015 · 1 revision

It might sometimes be necessary to retrieve information about the currently authenticated user. This is not provided by RESTful out-of-the-box, but can be achieved by extending the users resource to respond to the special ID me. This will allow requests to api/v1.1/users/me (or api/users/me if you have no later API version of the users resource.)

Note that since RESTful does not actually log a user in but rather authenticates each individual request, there's no "state of being logged in".

To implement the /me special case, we will create version 1.1 of the user resource.

  • copy restful/plugins/restful/user/user/1.0/* to mymodule/plugins/restful/user/user/1.1/*
  • rename the two files to RestfulEntityUser__1_1.class.php and users__1_1.inc
  • edit users__1_1.inc and modify the class and add major and minor version keys as follows:
<?php

// By checking the variable, we allow implementing modules to easily implement
// their own "users" resource.
if (variable_get('restful_enable_users_resource', TRUE)) {

  $plugin = array(
    'label' => t('User'),
    'description' => t('Export the "User" entity.'),
    'resource' => 'users',
    'class' => 'RestfulEntityUser__1_1',
    'entity_type' => 'user',
    'bundle' => 'user',
    // Try to authenticate users with all available authentication types.
    'authentication_types' => TRUE,
    // Allow anonymous users to access the resource, given they have the right
    // permissions.
    'authentication_optional' => TRUE,
    'major_version' => 1,
    'minor_version' => 1,
  );
}
  • edit the RestfulEntityUser__1_1.class.php as follows:
<?php

/**
 * @file
 * Contains RestfulEntityUser__1_1.
 */

class RestfulEntityUser__1_1 extends RestfulEntityBaseUser {
  public function viewEntities($ids_string) {    
    if ($ids_string === 'me') {
      $account = $this->getAccount();
      $ids_string = $account->uid;
    }
    
    return parent::viewEntities($ids_string);
  }
}

Note that we cannot use global $user; since this user may not have authenticated using cookie-based authentication, but rather one of the other auth methods provided by RESTful. The getAccount() method is provided by RESTful so we can obtain the user object which was authenticated from the REST request no matter which of the available authentication methods was used.

If the user hasn't authenticated, an empty data array will be returned.

REQUEST

http://drupalsite.local/api/users/me

If the request also contains basic auth containing Drupal username and password, or an auth cookie, then RESTful will attempt to authenticate this user, but will otherwise return an empty data array.

RESPONSE

Non-authenticated user:

{
  "data": [],
  "self": {
    "title": "Self",
    "href": "http://drupalsite.local/api/v1.1/users/me"
  }
}

Sample authenticated user:

{
  "data": [
    {
      "id": "1",
      "label": "admin",
      "self": "http://drupalsite.local/api/v1.1/users/1",
      "mail": "[email protected]"
    }
  ],
  "self": {
    "title": "Self",
    "href": "http://drupalsite.local/api/v1.1/users/me"
  }
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally