ENHANCEMENT: Allow calling methods on DataObjects using RESTful API. Methods which can be called must be specified in the $allowed_actions array of the DataObject.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@73149 467b73ca-7a2a-4603-9d3b-597d59a354a9

api/RestfulServer.php

@@ -381,12 +381,29 @@ class RestfulServer extends Controller {
 	 * current resolves in creatig a new element,
 	 * rather than a "Conflict" message.
 	 */
-	protected function postHandler($className, $id) {
+	protected function postHandler($className, $id, $relation) {
 		if($id) {
+			if(!$relation) {
 				$this->response->setStatusCode(409);
 				return 'Conflict';
 			}
 			
+			$obj = DataObject::get_by_id($className, $id);
+			if(!$obj) return $this->notFound();
+			
+			if(!$obj->hasMethod($relation)) {
+				return $this->notFound();
+			}
+			
+			if(!$obj->stat('allowed_actions') || !in_array($relation, $obj->stat('allowed_actions'))) {
+				return $this->permissionFailure();
+			}
+			
+			$obj->$relation();
+			
+			$this->getResponse()->setStatusCode(204); // No Content
+			return true;
+		} else {
 			if(!singleton($className)->canCreate()) return $this->permissionFailure();
 			$obj = new $className();
 		
@@ -403,7 +420,7 @@ class RestfulServer extends Controller {
 			$this->getResponse()->addHeader('Location', $objHref);
 		
 			return $responseFormatter->convertDataObject($obj);
-		
+		}
 	}
 	
 	/**

core/model/DataObject.php

@@ -2976,6 +2976,11 @@ class DataObject extends ViewableData implements DataObjectInterface,i18nEntityP
 	 */
 	public static $summary_fields = null;
 	
+	/**
+	 * Provides a list of allowed methods that can be called via RESTful api.
+	 */
+	public static $allowed_actions = null;
+	
 	/**
 	 * Collect all static properties on the object
 	 * which contain natural language, and need to be translated.