You are here

Home » API reference » RESTful 7 » RestfulAuthenticationManager.php » RestfulAuthenticationManager

public function RestfulAuthenticationManager::getAccount in RESTful 7

Get the user account for the request.

Parameters

array $request: The request.

string $method: The HTTP method.

boolean $cache: Boolean indicating if the resolved user should be cached for next calls.

Return value

\stdClass The user object.

Throws

RestfulUnauthorizedException

1 call to RestfulAuthenticationManager::getAccount()
RestfulAuthenticationManager::switchUser in plugins/authentication/RestfulAuthenticationManager.php
Switch the user to the user authenticated by RESTful.

File

plugins/authentication/RestfulAuthenticationManager.php, line 79
Contains RestfulAuthenticationManager.

Class

RestfulAuthenticationManager
@file Contains RestfulAuthenticationManager.

Code

public function getAccount(array $request = array(), $method = \RestfulInterface::GET, $cache = TRUE) {
  global $user;

  // Return the previously resolved user, if any.
  if (!empty($this->account)) {
    return $this->account;
  }

  // Resolve the user based on the providers in the manager.
  $account = NULL;
  foreach ($this as $provider) {
    if ($provider
      ->applies($request, $method) && ($account = $provider
      ->authenticate($request, $method)) && $account->uid && $account->status) {

      // The account has been loaded, we can stop looking.
      break;
    }
  }
  if (empty($account->uid) || !$account->status) {
    if ($this
      ->count() && !$this
      ->getIsOptional()) {

      // Allow caching pages for anonymous users.
      drupal_page_is_cacheable(variable_get('restful_page_cache', FALSE));

      // User didn't authenticate against any provider, so we throw an error.
      throw new \RestfulUnauthorizedException('Bad credentials');
    }

    // If the account could not be authenticated default to the global user.
    // Most of the cases the cookie provider will do this for us.
    $account = drupal_anonymous_user();
    if (empty($request['__application']['rest_call'])) {

      // If we are using the API from within Drupal and we have not tried to
      // authenticate using the 'cookie' provider, then we expect to be logged
      // in using the cookie authentication as a last resort.
      $account = $user->uid ? user_load($user->uid) : $account;
    }
  }
  if ($cache) {
    $this
      ->setAccount($account);
  }

  // Disable page caching for security reasons so that an authenticated user
  // response never gets into the page cache for anonymous users.
  // This is necessary because the page cache system only looks at session
  // cookies, but not at HTTP Basic Auth headers.
  drupal_page_is_cacheable(!$account->uid && variable_get('restful_page_cache', FALSE));

  // Record the access time of this request.
  $this
    ->setAccessTime($account);
  return $account;
}