modules/restapi/restapi_user.module

<?php
// $Id$

/**
 * @file
 * Provides a module for giving REST API access to list, create, view, update,
 * and delete users.
 */

/**
 * Implements hook_restapi_menu(). Adds the user callbacks.
 */
function restapi_user_restapi_menu($may_cache) {
  if ($may_cache) {
    $items[] = array(
      'method' => 'GET',
      'path' => '=/user',
      'callback' => 'restapi_user_columns',
    );

    $items[] = array(
      'method' => 'POST',
      'path' => '=/user',
      'callback' => 'restapi_user_create',
    );
  }

  elseif (arg(0) == '=' && arg(1) == 'user') {
    $columns = _restapi_user_columns();

    if (in_array(arg(2), $columns)) {
      $items[] = array(
        'method' => 'GET',
        'path' => '=/user/'.arg(2),
        'callback' => 'restapi_user_list_column',
        'callback arguments' => array(arg(2)),
      );

      if (arg(3)) {
        $rud_path = '=/user/'.arg(2).'/'.arg(3);
        $rud_args = array(arg(2), arg(3));

        $items[] = array(
          'method' => 'GET',
          'path' => $rud_path,
          'callback' => 'restapi_user_read',
          'callback arguments' => $rud_args,
        );

        $items[] = array(
          'method' => 'PUT',
          'path' => $rud_path,
          'callback' => 'restapi_user_update',
          'callback arguments' => $rud_args,
        );

        $items[] = array(
          'method' => 'DELETE',
          'path' => $rud_path,
          'callback' => 'restapi_user_delete',
          'callback arguments' => $rud_args,
        );

        if (in_array(arg(4), $columns)) {
          $items[] = array(
            'method' => 'GET',
            'path' => $rud_path.'/'.arg(4),
            'callback' => 'restapi_user_read_column',
            'callback arguments' => array(arg(2), arg(3), arg(4)),
          );
        }
      }
    }
  }

  return $items;
}

function restapi_user_restapi_help() {
  $help['prototypes'][] = array(
    'method' => 'GET',
    'path' => '/=/user',
    'description' => 'list all columns',
  );
  $help['prototypes'][] = array(
    'method' => 'GET',
    'path' => '/=/user/<column>',
    'description' => 'list distinct values for that column',
  );
  $help['prototypes'][] = array(
    'method' => 'GET',
    'path' => '/=/user/<column>/<key>',
    'description' => 'display the first user where <column> = <key>',
  );
  $help['prototypes'][] = array(
    'method' => 'GET',
    'path' => '/=/user/<column>/<key>/<field>',
    'description' => 'show the field for the first user where <column> = <key>',
  );
  $help['prototypes'][] = array(
    'method' => 'POST',
    'path' => '/=/user',
    'description' => 'create a user',
  );
  $help['prototypes'][] = array(
    'method' => 'PUT',
    'path' => '/=/user/<column>/<key>',
    'description' => 'update the first user where <column> = <key>',
  );
  $help['prototypes'][] = array(
    'method' => 'DELETE',
    'path' => '/=/user/<column>/<key>',
    'description' => 'delete the first user where <column> = <key>',
  );

  return $help;
}

function _restapi_user_columns() {
  // Columns built into the {users} table
  // TODO In Drupal 6, take from the schema?
  $columns = array(
    'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme', 
    'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 
    'picture', 'init', 'data'
  );

  // If the profile module is turned on...
  if (module_exists('profile')) {

    // Load the columns from the profile module
    $result = db_query("SELECT name FROM {profile_fields}");
    while ($profile_field = db_fetch_array($result)) {
      $columns[] = $profile_field['name'];
    }
  }

  return $columns;
}

/**
 * Handles GET /=/user
 *
 * Lists all the columns the REST API can select on.
 */
function restapi_user_columns() {
  // Columns built into the {users} table
  // TODO In Drupal 6, take from the schema?
  $columns = _restapi_user_columns();
  print restapi_serialize($columns);
}

/**
 * Handles POST /=/user
 *
 * Creates a new user.
 */
function restapi_user_create($data) {
  $new_user = user_save(new stdClass(), $data);
  if ($new_user) {
    // TODO FIXME XXX This is a hack to make sure the {profile_values} table is
    // completely filled, even for hidden profile fields. I believe this code
    // will not be necessary in Drupal 6 since I've read that {users}.data is 
    // going away.
    if (module_exists('profile')) {
      $categories = profile_categories();
      foreach ($categories as $category) {
        profile_save_profile($data, $new_user, $category['name']);
      }
    }

    print restapi_serialize($new_user);
  }
  else {
    header('HTTP/1.0 500 Server Error');
    print restapi_serialize(FALSE);
  }
}

/**
 * Handles GET /=/user/*
 *
 * List all the possible values for this column. For the most part, this will
 * simply attempt to list the distinct values of that given column. In the
 * special case of "roles", it will return the available user_roles. Other
 * special handling of profile columns or other columns may be developed in the
 * future.
 */
function restapi_user_list_column($data, $column) {
  // Built-in user columns
  $user_columns = array(
    'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme', 
    'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 
    'picture', 'init', 'data'
  );

  // Special roles column, list possible roles
  if ($column == 'roles') {
    print restapi_serialize(user_roles());
  }

  // Handle users columns
  elseif (in_array($column, $user_columns)) {
    $result = db_query("SELECT DISTINCT $column AS value FROM {users}");
    while ($row = db_fetch_object($result)) {
      $values[] = $row->value;
    }

    print restapi_serialize($values);
  }

  // Check for profile columns?
  elseif (module_exists('profile')) {

    // See if a profile column with this name exists
    $result = db_query("SELECT fid FROM {profile_fields} WHERE name = '%s'", $column);
    if ($fid = db_result($result)) {

      // List all the values in that column
      $result = db_query("SELECT DISTINCT value FROM {profile_values} WHERE fid = %d", $fid);
      while ($row = db_fetch_object($result)) {
        $values[] = $row->value;
      }

      print restapi_serialize($values);
    }

    // No such column
    else {
      return drupal_not_found();
    }
  }

  // Nothing else to check
  else {
    return drupal_not_found();
  }
}

/**
 * Returns the first user matching the given column and value.
 * 
 * @param $column the column to test
 * @param $value the value to test for
 */
function restapi_user_fetch_user($column, $value) {
  $user_columns = array(
    'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme', 
    'signature', 'created', 'access', 'login', 'status', 'timezone', 'language', 
    'picture', 'init', 'data'
  );

  if (in_array($column, $user_columns)) {
    $result = db_query("SELECT uid FROM {users} WHERE $column = '%s'", $value);
  }

  elseif (module_exists('profile')) {
    $result = db_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON v.uid = u.uid INNER JOIN {profile_fields} f ON v.fid = f.fid WHERE f.name = '%s' AND v.value = '%s'", $column, $value);
  }

  else {
    return FALSE;
  }

  if ($uid = db_result($result)) {
    return user_load(array( 'uid' => $uid ));
  }
  else {
    return FALSE;
  }
}

/**
 * Handles GET /=/user/<column>/<value>
 * 
 * Returns all the information for the accounts where <column> = <value>
 *
 * @param $column the column to check
 * @param $value the value to check that column for
 */
function restapi_user_read($data, $column, $value) {
  if (!user_access('access user profiles')) { 
    return drupal_access_denied(); 
  }

  $account = restapi_user_fetch_user($column, $value);
  if ($account) {
    print restapi_serialize($account);
  }
  else {
    return drupal_not_found();
  }
}

/**
 * Handles PUT /=/user/<column>/<value>
 *
 * Updates the record according to the POST parameters.
 *
 * @param $column the column to test
 * @param $value the value to test it for
 */
function restapi_user_update($data, $column, $value) {
  if (!user_access('administer users')) { 
    return drupal_access_denied(); 
  }

  $account = restapi_user_fetch_user($column, $value);
  if ($account) {
    $saved_user = user_save($account, $data);

    // TODO FIXME XXX This is a hack to make sure the {profile_values} table is
    // completely filled, even for hidden profile fields. I believe this code
    // will not be necessary in Drupal 6 since I've ready that {users}.data is 
    // going away.
    if (module_exists('profile')) {
      $categories = profile_categories();
      foreach ($categories as $category) {
        profile_save_profile($data, $saved_user, $category['name']);
      }
    }

    unset($saved_user->user); // recursion bad!
    print restapi_serialize($saved_user);
  }
  else {
    return drupal_not_found();
  }
}

/**
 * Handles DELETE /=/user/<column>/<value>
 *
 * Deletes the first matching user for the given column/value pairs.
 *
 * @param $column the column to test
 * @param $value the value to test it against
 */
function restapi_user_delete($data, $column, $value) {
  if (!user_access('administer users')) { 
    return drupal_access_denied(); 
  }

  $account = restapi_user_fetch_user($column, $value);
  if ($account) {
    $result = user_delete($data, $account->uid);
    print restapi_serialize($saved_user);
  }
  else {
    return drupal_not_found();
  }
}

/**
 * Handles GET /=/user/<column>/<value>/<field>
 * 
 * Returns the information in <field> for the first account where 
 * <column> = <value>
 *
 * @param $column the column to check
 * @param $value the value to check that column for
 * @param $field the value of the field to show
 */
function restapi_user_read_column($data, $column, $value, $field) {
  if (!user_access('access user profiles')) { 
    return drupal_access_denied(); 
  }

  $account = restapi_user_fetch_user($column, $value);
  if ($account) {
    print restapi_serialize($account->{$field});
  }
  else {
    return drupal_not_found();
  }
}

1	<?php
2	// $Id$
3
4	/**
5	* @file
6	* Provides a module for giving REST API access to list, create, view, update,
7	* and delete users.
8	*/
9
10	/**
11	* Implements hook_restapi_menu(). Adds the user callbacks.
12	*/
13	function restapi_user_restapi_menu($may_cache) {
14	if ($may_cache) {
15	$items[] = array(
16	'method' => 'GET',
17	'path' => '=/user',
18	'callback' => 'restapi_user_columns',
19	);
20
21	$items[] = array(
22	'method' => 'POST',
23	'path' => '=/user',
24	'callback' => 'restapi_user_create',
25	);
26	}
27
28	elseif (arg(0) == '=' && arg(1) == 'user') {
29	$columns = _restapi_user_columns();
30
31	if (in_array(arg(2), $columns)) {
32	$items[] = array(
33	'method' => 'GET',
34	'path' => '=/user/'.arg(2),
35	'callback' => 'restapi_user_list_column',
36	'callback arguments' => array(arg(2)),
37	);
38
39	if (arg(3)) {
40	$rud_path = '=/user/'.arg(2).'/'.arg(3);
41	$rud_args = array(arg(2), arg(3));
42
43	$items[] = array(
44	'method' => 'GET',
45	'path' => $rud_path,
46	'callback' => 'restapi_user_read',
47	'callback arguments' => $rud_args,
48	);
49
50	$items[] = array(
51	'method' => 'PUT',
52	'path' => $rud_path,
53	'callback' => 'restapi_user_update',
54	'callback arguments' => $rud_args,
55	);
56
57	$items[] = array(
58	'method' => 'DELETE',
59	'path' => $rud_path,
60	'callback' => 'restapi_user_delete',
61	'callback arguments' => $rud_args,
62	);
63
64	if (in_array(arg(4), $columns)) {
65	$items[] = array(
66	'method' => 'GET',
67	'path' => $rud_path.'/'.arg(4),
68	'callback' => 'restapi_user_read_column',
69	'callback arguments' => array(arg(2), arg(3), arg(4)),
70	);
71	}
72	}
73	}
74	}
75
76	return $items;
77	}
78
79	function restapi_user_restapi_help() {
80	$help['prototypes'][] = array(
81	'method' => 'GET',
82	'path' => '/=/user',
83	'description' => 'list all columns',
84	);
85	$help['prototypes'][] = array(
86	'method' => 'GET',
87	'path' => '/=/user/<column>',
88	'description' => 'list distinct values for that column',
89	);
90	$help['prototypes'][] = array(
91	'method' => 'GET',
92	'path' => '/=/user/<column>/<key>',
93	'description' => 'display the first user where <column> = <key>',
94	);
95	$help['prototypes'][] = array(
96	'method' => 'GET',
97	'path' => '/=/user/<column>/<key>/<field>',
98	'description' => 'show the field for the first user where <column> = <key>',
99	);
100	$help['prototypes'][] = array(
101	'method' => 'POST',
102	'path' => '/=/user',
103	'description' => 'create a user',
104	);
105	$help['prototypes'][] = array(
106	'method' => 'PUT',
107	'path' => '/=/user/<column>/<key>',
108	'description' => 'update the first user where <column> = <key>',
109	);
110	$help['prototypes'][] = array(
111	'method' => 'DELETE',
112	'path' => '/=/user/<column>/<key>',
113	'description' => 'delete the first user where <column> = <key>',
114	);
115
116	return $help;
117	}
118
119	function _restapi_user_columns() {
120	// Columns built into the {users} table
121	// TODO In Drupal 6, take from the schema?
122	$columns = array(
123	'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme',
124	'signature', 'created', 'access', 'login', 'status', 'timezone', 'language',
125	'picture', 'init', 'data'
126	);
127
128	// If the profile module is turned on...
129	if (module_exists('profile')) {
130
131	// Load the columns from the profile module
132	$result = db_query("SELECT name FROM {profile_fields}");
133	while ($profile_field = db_fetch_array($result)) {
134	$columns[] = $profile_field['name'];
135	}
136	}
137
138	return $columns;
139	}
140
141	/**
142	* Handles GET /=/user
143	*
144	* Lists all the columns the REST API can select on.
145	*/
146	function restapi_user_columns() {
147	// Columns built into the {users} table
148	// TODO In Drupal 6, take from the schema?
149	$columns = _restapi_user_columns();
150	print restapi_serialize($columns);
151	}
152
153	/**
154	* Handles POST /=/user
155	*
156	* Creates a new user.
157	*/
158	function restapi_user_create($data) {
159	$new_user = user_save(new stdClass(), $data);
160	if ($new_user) {
161	// TODO FIXME XXX This is a hack to make sure the {profile_values} table is
162	// completely filled, even for hidden profile fields. I believe this code
163	// will not be necessary in Drupal 6 since I've read that {users}.data is
164	// going away.
165	if (module_exists('profile')) {
166	$categories = profile_categories();
167	foreach ($categories as $category) {
168	profile_save_profile($data, $new_user, $category['name']);
169	}
170	}
171
172	print restapi_serialize($new_user);
173	}
174	else {
175	header('HTTP/1.0 500 Server Error');
176	print restapi_serialize(FALSE);
177	}
178	}
179
180	/**
181	* Handles GET /=/user/*
182	*
183	* List all the possible values for this column. For the most part, this will
184	* simply attempt to list the distinct values of that given column. In the
185	* special case of "roles", it will return the available user_roles. Other
186	* special handling of profile columns or other columns may be developed in the
187	* future.
188	*/
189	function restapi_user_list_column($data, $column) {
190	// Built-in user columns
191	$user_columns = array(
192	'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme',
193	'signature', 'created', 'access', 'login', 'status', 'timezone', 'language',
194	'picture', 'init', 'data'
195	);
196
197	// Special roles column, list possible roles
198	if ($column == 'roles') {
199	print restapi_serialize(user_roles());
200	}
201
202	// Handle users columns
203	elseif (in_array($column, $user_columns)) {
204	$result = db_query("SELECT DISTINCT $column AS value FROM {users}");
205	while ($row = db_fetch_object($result)) {
206	$values[] = $row->value;
207	}
208
209	print restapi_serialize($values);
210	}
211
212	// Check for profile columns?
213	elseif (module_exists('profile')) {
214
215	// See if a profile column with this name exists
216	$result = db_query("SELECT fid FROM {profile_fields} WHERE name = '%s'", $column);
217	if ($fid = db_result($result)) {
218
219	// List all the values in that column
220	$result = db_query("SELECT DISTINCT value FROM {profile_values} WHERE fid = %d", $fid);
221	while ($row = db_fetch_object($result)) {
222	$values[] = $row->value;
223	}
224
225	print restapi_serialize($values);
226	}
227
228	// No such column
229	else {
230	return drupal_not_found();
231	}
232	}
233
234	// Nothing else to check
235	else {
236	return drupal_not_found();
237	}
238	}
239
240	/**
241	* Returns the first user matching the given column and value.
242	*
243	* @param $column the column to test
244	* @param $value the value to test for
245	*/
246	function restapi_user_fetch_user($column, $value) {
247	$user_columns = array(
248	'uid', 'name', 'pass', 'mail', 'mode', 'sort', 'threshold', 'theme',
249	'signature', 'created', 'access', 'login', 'status', 'timezone', 'language',
250	'picture', 'init', 'data'
251	);
252
253	if (in_array($column, $user_columns)) {
254	$result = db_query("SELECT uid FROM {users} WHERE $column = '%s'", $value);
255	}
256
257	elseif (module_exists('profile')) {
258	$result = db_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON v.uid = u.uid INNER JOIN {profile_fields} f ON v.fid = f.fid WHERE f.name = '%s' AND v.value = '%s'", $column, $value);
259	}
260
261	else {
262	return FALSE;
263	}
264
265	if ($uid = db_result($result)) {
266	return user_load(array( 'uid' => $uid ));
267	}
268	else {
269	return FALSE;
270	}
271	}
272
273	/**
274	* Handles GET /=/user/<column>/<value>
275	*
276	* Returns all the information for the accounts where <column> = <value>
277	*
278	* @param $column the column to check
279	* @param $value the value to check that column for
280	*/
281	function restapi_user_read($data, $column, $value) {
282	if (!user_access('access user profiles')) {
283	return drupal_access_denied();
284	}
285
286	$account = restapi_user_fetch_user($column, $value);
287	if ($account) {
288	print restapi_serialize($account);
289	}
290	else {
291	return drupal_not_found();
292	}
293	}
294
295	/**
296	* Handles PUT /=/user/<column>/<value>
297	*
298	* Updates the record according to the POST parameters.
299	*
300	* @param $column the column to test
301	* @param $value the value to test it for
302	*/
303	function restapi_user_update($data, $column, $value) {
304	if (!user_access('administer users')) {
305	return drupal_access_denied();
306	}
307
308	$account = restapi_user_fetch_user($column, $value);
309	if ($account) {
310	$saved_user = user_save($account, $data);
311
312	// TODO FIXME XXX This is a hack to make sure the {profile_values} table is
313	// completely filled, even for hidden profile fields. I believe this code
314	// will not be necessary in Drupal 6 since I've ready that {users}.data is
315	// going away.
316	if (module_exists('profile')) {
317	$categories = profile_categories();
318	foreach ($categories as $category) {
319	profile_save_profile($data, $saved_user, $category['name']);
320	}
321	}
322
323	unset($saved_user->user); // recursion bad!
324	print restapi_serialize($saved_user);
325	}
326	else {
327	return drupal_not_found();
328	}
329	}
330
331	/**
332	* Handles DELETE /=/user/<column>/<value>
333	*
334	* Deletes the first matching user for the given column/value pairs.
335	*
336	* @param $column the column to test
337	* @param $value the value to test it against
338	*/
339	function restapi_user_delete($data, $column, $value) {
340	if (!user_access('administer users')) {
341	return drupal_access_denied();
342	}
343
344	$account = restapi_user_fetch_user($column, $value);
345	if ($account) {
346	$result = user_delete($data, $account->uid);
347	print restapi_serialize($saved_user);
348	}
349	else {
350	return drupal_not_found();
351	}
352	}
353
354	/**
355	* Handles GET /=/user/<column>/<value>/<field>
356	*
357	* Returns the information in <field> for the first account where
358	* <column> = <value>
359	*
360	* @param $column the column to check
361	* @param $value the value to check that column for
362	* @param $field the value of the field to show
363	*/
364	function restapi_user_read_column($data, $column, $value, $field) {
365	if (!user_access('access user profiles')) {
366	return drupal_access_denied();
367	}
368
369	$account = restapi_user_fetch_user($column, $value);
370	if ($account) {
371	print restapi_serialize($account->{$field});
372	}
373	else {
374	return drupal_not_found();
375	}
376	}
377