diff options
| -rw-r--r-- | core/controllers/item.php | 4 | ||||
| -rw-r--r-- | core/controllers/rest.php | 18 |
2 files changed, 17 insertions, 5 deletions
diff --git a/core/controllers/item.php b/core/controllers/item.php index 78ee7b0b..286eb66f 100644 --- a/core/controllers/item.php +++ b/core/controllers/item.php @@ -21,6 +21,10 @@ class Item_Controller extends REST_Controller { protected $resource_type = "item"; public function _get($item) { + if (empty($item)) { + // A null item is not allowed for albums or photos. + return Kohana::show_404(); + } // Redirect to the more specific resource type, since it will render // differently. We could also just delegate here, but it feels more appropriate // to have a single canonical resource mapping. diff --git a/core/controllers/rest.php b/core/controllers/rest.php index ff4d5120..6e0acbcb 100644 --- a/core/controllers/rest.php +++ b/core/controllers/rest.php @@ -49,17 +49,25 @@ abstract class REST_Controller extends Controller { protected $resource_type = null; - public function dispatch($id) { + public function dispatch($id=null) { if ($this->resource_type == null) { throw new Exception("@todo ERROR_MISSING_RESOURCE_TYPE"); } - // @todo this needs security checks - $resource = ORM::factory($this->resource_type, $id); - if (!$resource->loaded) { + if ($id != null) { + // @todo this needs security checks + $resource = ORM::factory($this->resource_type, $id); + if (!$resource->loaded) { + return Kohana::show_404(); + } + } else if (request::method() == "get") { + // A null id and a request method of "get" just returns an empty form + // @todo figure out how to handle the input without and id + // @todo do we use put for create and post for update? + $resource = null; + } else { return Kohana::show_404(); } - /** * We're expecting to run in an environment that only supports GET/POST, so expect to tunnel * PUT/DELETE through POST. |