Change REST API to use non-routable functions: _get(), _post(),

_put(), _delete().

This should make it more obvious that these are not your typical
routes, simplifies overall routing by removing a rule and removes the
possibility of accidentally leaking information if we route to one of
them by accident.

1 files changed, 4 insertions, 4 deletions

diff --git a/core/controllers/item.php b/core/controllers/item.php
index 9408af1a..9eb06ad1 100644
--- a/core/controllers/item.php
+++ b/core/controllers/item.php
@@ -20,14 +20,14 @@
 class Item_Controller extends REST_Controller {
   protected $resource_type = "item";
 
-  public function get($item) {
+  public function _get($item) {
     // Redirect to the more specific resource type, since it will render
     // differently.  We could also just delegate here, but it feels more appropriate
     // to have a single canonical resource mapping.
     return url::redirect("{$item->type}/$item->id");
   }
 
-  public function put($item) {
+  public function _put($item) {
     // @todo Productionize this code
     // 1) Add security checks
     // 2) Support owner_ids properly
@@ -70,7 +70,7 @@ class Item_Controller extends REST_Controller {
     }
   }
 
-  public function delete($item) {
+  public function _delete($item) {
     // @todo Production this code
     // 1) Add security checks
     $parent = $item->parent();
@@ -80,7 +80,7 @@ class Item_Controller extends REST_Controller {
     url::redirect("{$parent->type}/{$parent->id}");
   }
 
-  public function post($item) {
+  public function _post($item) {
     // @todo Productionize this
     // 1) Figure out how to do the right validation here.  Validate the form input and apply it to
     //    the model as appropriate.