1 files changed, 41 insertions, 35 deletions

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index dab54976..f8a46515 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -34,53 +34,59 @@ class Rest_Controller extends Controller {
 
     auth::login($user);
 
-    $key = rest::get_access_key($user->id);
-    rest::reply($key->access_key);
+    rest::reply(rest::access_key());
   }
 
   public function __call($function, $args) {
-    $input = Input::instance();
-    $request = new stdClass();
-    switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
-    case "get":
-      $request->params = (object) $input->get();
-      break;
+    try {
+      $input = Input::instance();
+      $request = new stdClass();
+
+      switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
+      case "get":
+        $request->params = (object) $input->get();
+        break;
 
-    case "post":
-      $request->params = (object) $input->post();
-      if (isset($_FILES["file"])) {
-        $request->file = upload::save("file");
+      default:
+        $request->params = (object) $input->post();
+        if (isset($_FILES["file"])) {
+          $request->file = upload::save("file");
+        }
+        break;
       }
-      break;
-    }
 
-    if (isset($request->params->entity)) {
-      $request->params->entity = json_decode($request->params->entity);
-    }
-    if (isset($request->params->members)) {
-      $request->params->members = json_decode($request->params->members);
-    }
+      if (isset($request->params->entity)) {
+        $request->params->entity = json_decode($request->params->entity);
+      }
+      if (isset($request->params->members)) {
+        $request->params->members = json_decode($request->params->members);
+      }
 
-    $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
-    $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
-    $request->url = url::abs_current(true);
+      $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
+      $request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
 
-    rest::set_active_user($request->access_key);
+      if (empty($request->access_key) && !empty($request->params->access_key)) {
+        $request->access_key = $request->params->access_key;
+      }
 
-    $handler_class = "{$function}_rest";
-    $handler_method = $request->method;
+      $request->url = url::abs_current(true);
 
-    if (!method_exists($handler_class, $handler_method)) {
-      throw new Rest_Exception("Bad Request", 400);
-    }
+      rest::set_active_user($request->access_key);
 
-    try {
-      rest::reply(call_user_func(array($handler_class, $handler_method), $request));
-    } catch (ORM_Validation_Exception $e) {
-      foreach ($e->validation->errors() as $key => $value) {
-        $msgs[] = "$key: $value";
+      $handler_class = "{$function}_rest";
+      $handler_method = $request->method;
+
+      if (!method_exists($handler_class, $handler_method)) {
+        throw new Rest_Exception("Bad Request", 400);
       }
-      throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400);
+
+      $response = call_user_func(array($handler_class, $handler_method), $request);
+      rest::reply($response);
+    } catch (ORM_Validation_Exception $e) {
+      // Note: this is totally insufficient because it doesn't take into account localization.  We
+      // either need to map the result values to localized strings in the application code, or every
+      // client needs its own l10n string set.
+      throw new Rest_Exception("Bad Request", 400, $e->validation->errors());
     }
   }
 }
\ No newline at end of file