How to process the rest requests and verify if user has permissions to access it
Midrub has an original idea to process the rest requests in dynamic way. What i mean with dynamic way? In the previous article i've explained how to add a new permissions from the apps or components which you're developing for Midrub. You don't need to ask to me add a permission for you, or to use an existing permission. You can use your app/component to create Api's permissions, then you can add any endpoint you want in your app or component and write the code. You are independent and you decide how things will work in Midrub without affecting the Midrub's core.
For apps the endpoint is:
http://www.yourwebsite.com/rest-app/posts/get_user_posts
For components endpoint is:
http://www.yourwebsite.com/rest-user-component/posts/get_user_posts
For admin's components Midrub don't has yet Api support.
- rest-app - means is an app.
- posts - means posts app.
- get_user_posts - means endpoint to call.
- rest-user-component - means is a user's component.
- posts - means posts component.
- get_user_posts - means endpoint to call.
When you're accessing an endpoint above will be called in the posts app/component the method rest. Rest method will have as parameter get_user_posts.
Now you are free to add any code you want to process the requested data.
// Verify if access token is valid $user_id = rest_verify_token(array('user_posts'));
Lets see how works the code above:
- rest_verify_token - verifies if the user's token is valid.
- array('user_posts') - are the permissions required to provide access to data below.
- $user_id - is the user's id returned if the token is correct.
You can see in the video below how the code works: