3 files changed, 31 insertions, 9 deletions

diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 49999520..bcb12d58 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -18,9 +18,12 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class rest_Core {
+  const API_VERSION = "3.0";
+
   static function reply($data=array()) {
     Session::instance()->abort_save();
 
+    header("X-Gallery-API-Version: " . rest::API_VERSION);
     if (Input::instance()->get("output") == "html") {
       header("Content-type: text/html");
       if ($data) {
@@ -39,7 +42,12 @@ class rest_Core {
 
   static function set_active_user($access_key) {
     if (empty($access_key)) {
-      throw new Rest_Exception("Forbidden", 403);
+      if (module::get_var("rest", "allow_guest_access")) {
+        identity::set_active_user(identity::guest());
+        return;
+      } else {
+        throw new Rest_Exception("Forbidden", 403);
+      }
     }
 
     $key = ORM::factory("user_access_key")
@@ -58,17 +66,18 @@ class rest_Core {
     identity::set_active_user($user);
   }
 
-  static function get_access_key($user_id) {
+  static function access_key() {
     $key = ORM::factory("user_access_key")
-      ->where("user_id", "=", $user_id)
+      ->where("user_id", "=", identity::active_user()->id)
       ->find();
 
     if (!$key->loaded()) {
-      $key->user_id = $user_id;
+      $key->user_id = identity::active_user()->id;
       $key->access_key = md5(md5(uniqid(mt_rand(), true) . access::private_key()));
       $key->save();
     }
-    return $key;
+
+    return $key->access_key;
   }
 
   /**
@@ -129,9 +138,9 @@ class rest_Core {
       foreach (glob(MODPATH . "{$module->name}/helpers/*_rest.php") as $filename) {
         $class = str_replace(".php", "", basename($filename));
         if (method_exists($class, "relationships")) {
-          $results = array_merge(
-            $results,
-            call_user_func(array($class, "relationships"), $resource_type, $resource));
+          if ($tmp = call_user_func(array($class, "relationships"), $resource_type, $resource)) {
+            $results = array_merge($results, $tmp);
+          }
         }
       }
     }
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index e4e53ef6..f23b9a58 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -29,6 +29,13 @@ class rest_event {
        ->execute();
   }
 
+
+  static function change_provider($new_provider) {
+    db::build()
+      ->delete("user_access_keys")
+      ->execute();
+  }
+
   /**
    * Called after a user has been added.  Just add a remote access key
    * on every add.
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index aeb9573e..c2694a29 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -28,7 +28,8 @@ class rest_installer {
                 UNIQUE KEY(`access_key`),
                 UNIQUE KEY(`user_id`))
               DEFAULT CHARSET=utf8;");
-    module::set_version("rest", 2);
+    module::set_var("rest", "allow_guest_access", false);
+    module::set_version("rest", 3);
   }
 
   static function upgrade($version) {
@@ -37,6 +38,11 @@ class rest_installer {
       $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
       module::set_version("rest", $version = 2);
     }
+
+    if ($version == 2) {
+      module::set_var("rest", "allow_guest_access", false);
+      module::set_version("rest", $version = 3);
+    }
   }
 
   static function uninstall() {