Create REST_Controller abstract base class for all REST based resource

controllers.  Any controller that wants to act RESTful can extend this
class and implement get/post/put/delete.

Tweak default routes to disallow direct access to the REST controller
and direct access to any REST methods.

5 files changed, 99 insertions, 36 deletions

diff --git a/core/config/routes.php b/core/config/routes.php
index 5c34acb7..9b958df1 100644
--- a/core/config/routes.php
+++ b/core/config/routes.php
@@ -17,5 +17,15 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
+
+// REST configuration
+// Any resource requests (eg: album/1 or comment/3) get dispatched to the REST
+// dispatcher.  Any direct calls to REST methods are also forced into the dispatcher
+// since the REST methods are internally expecting an ORM, not an id.
+$config['^rest'] = null;
+$config['^rest/.*'] = null;
 $config['^(\w+)/(\d+)$'] = '$1/dispatch/$2';
+$config['^(\w+)/(?:get|post|put|delete)/(\d+)$'] = '$1/dispatch/$2';
+
+// For now our default page is the scaffolding.
 $config['_default'] = 'welcome';
diff --git a/core/controllers/album.php b/core/controllers/album.php
index c94bcbef..cafd6bde 100644
--- a/core/controllers/album.php
+++ b/core/controllers/album.php
@@ -18,8 +18,9 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Album_Controller extends Item_Controller {
+
   public function get($item) {
-    /** @todo: these need to be pulled from the database */
+    // @todo: these need to be pulled from the database
     $theme_name = "default";
     $page_size = 9;
 
diff --git a/core/controllers/item.php b/core/controllers/item.php
index d2986cc7..9408af1a 100644
--- a/core/controllers/item.php
+++ b/core/controllers/item.php
@@ -17,40 +17,8 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
-class Item_Controller extends Controller {
-
-  public function dispatch($id) {
-    // @todo this needs security checks
-    $item = ORM::factory("item")->where("id", $id)->find();
-    if (empty($item->id)) {
-      return Kohana::show_404();
-    }
-
-    /**
-     * We're expecting to run in an environment that only supports GET/POST, so expect to tunnel
-     * PUT/DELETE through POST.
-     */
-    if (request::method() == "get") {
-      $this->get($item);
-
-      if (Session::instance()->get("use_profiler", false)) {
-        $profiler = new Profiler();
-        print $profiler->render();
-      }
-      return;
-    }
-
-    switch ($this->input->post("__action")) {
-    case "put":
-      return $this->put($item);
-
-    case "delete":
-      return $this->delete($item);
-
-    default:
-      return $this->post($item);
-    }
-  }
+class Item_Controller extends REST_Controller {
+  protected $resource_type = "item";
 
   public function get($item) {
     // Redirect to the more specific resource type, since it will render
diff --git a/core/controllers/photo.php b/core/controllers/photo.php
index 55ab6247..12d86cc4 100644
--- a/core/controllers/photo.php
+++ b/core/controllers/photo.php
@@ -18,10 +18,11 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Photo_Controller extends Item_Controller {
+
   public function get($item) {
     $template = new View("page.html");
 
-    /** @todo: this needs to be data-driven */
+    // @todo: this needs to be data-driven
     $theme = new Theme("default", $template);
 
     $template->set_global('item', $item);
diff --git a/core/controllers/rest.php b/core/controllers/rest.php
new file mode 100644
index 00000000..50e4e113
--- /dev/null
+++ b/core/controllers/rest.php
@@ -0,0 +1,83 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+abstract class REST_Controller extends Controller {
+  protected $resource_type = null;
+
+  public function dispatch($id) {
+    if ($this->resource_type == null) {
+      throw new Exception("@todo ERROR_MISSING_RESOURCE_TYPE");
+    }
+
+    // @todo this needs security checks
+    $resource = ORM::factory($this->resource_type)->where("id", $id)->find();
+    if (!$resource->loaded) {
+      return Kohana::show_404();
+    }
+
+    /**
+     * We're expecting to run in an environment that only supports GET/POST, so expect to tunnel
+     * PUT/DELETE through POST.
+     */
+    if (request::method() == "get") {
+      $this->get($resource);
+
+      if (Session::instance()->get("use_profiler", false)) {
+        $profiler = new Profiler();
+        print $profiler->render();
+      }
+      return;
+    }
+
+    switch ($this->input->post("__action")) {
+    case "put":
+      return $this->put($resource);
+
+    case "delete":
+      return $this->delete($resource);
+
+    default:
+      return $this->post($resource);
+    }
+  }
+
+  /**
+   * Perform a GET request on this resource
+   * @param ORM $resource the instance of this resource type
+   */
+  abstract public function get($resource);
+
+  /**
+   * Perform a PUT request on this resource
+   * @param ORM $resource the instance of this resource type
+   */
+  abstract public function put($resource);
+
+  /**
+   * Perform a POST request on this resource
+   * @param ORM $resource the instance of this resource type
+   */
+  abstract public function post($resource);
+
+  /**
+   * Perform a DELETE request on this resource
+   * @param ORM $resource the instance of this resource type
+   */
+  abstract public function delete($resource);
+}