-
Notifications
You must be signed in to change notification settings - Fork 173
Obtaining the current user
It might sometimes be necessary to retrieve information about the currently authenticated user. This is not provided by RESTful out-of-the-box, but can be achieved by extending the users resource to respond to the special ID me. This will allow requests to the following example endpoints:
api/v1.1/users/me-
api/users/me(if you have no later API version of theusersresource.) api/users/27,me,5
Note that RESTful will see the me user as the user which is authenticated via any of the restful authentication methods. The users resource by default allows any of the authentication methods (cookie, token etc).
To implement the /me special case, we will create version 1.1 of the users resource.
- copy
restful/src/Plugin/resource/Users__1_0.phptomymodule/src/Plugin/resource/entity/user/user/Users__1_1.php - make sure your module's
.infofile containsregistry_autoload[] = PSR-4 - edit
Users__1_1.phpand modify as follows (replacing all instances ofmy modulewith the name of your module):
<?php
/**
* @file
* Contains \Drupal\mymodule\Plugin\resource\entity\user\user\Users__1_1.
*/
namespace Drupal\mymodule\Plugin\resource\entity\user\user;
use Drupal\restful\Plugin\resource\ResourceInterface;
/**
* Class Users
* @package Drupal\mymodule\Plugin\resource\entity\user\user
*
* @Resource(
* name = "users:1.1",
* resource = "users",
* label = "Users",
* description = "Export the user entity.",
* authenticationTypes = TRUE,
* authenticationOptional = TRUE,
* dataProvider = {
* "entityType": "user",
* "bundles": {
* "user"
* },
* },
* majorVersion = 1,
* minorVersion = 1
* )
*/
class Users__1_1 extends Users__1_0 implements ResourceInterface {
/**
* {@inheritdoc}
*/
public function process() {
$this->convertMeInPath();
return parent::process();
}
/**
* Replace any instances of 'me' in the $path with the authenticated user's
* UID.
*
* See Drupal\restful\Plugin\resource\Resource::view()
*/
public function convertMeInPath() {
$path = $this->getPath();
$ids = explode(static::IDS_SEPARATOR, $path);
if (in_array('me', $ids)) {
$account = $this->getAccount();
foreach ($ids as &$id) {
if ($id === 'me') {
$id = $account->uid;
}
}
$this->setPath(implode(static::IDS_SEPARATOR, $ids));
}
}
}In essence, it's a straight "photocopy" of the Users__1_0 resource provided by RESTful, except that we override the process() function where we replace any instances of me with the appropriate user UID.
Note that we cannot use global $user; since this user may not have authenticated using cookie-based authentication, but rather one of the other auth methods provided by RESTful. The getAccount() method is provided by RESTful so we can obtain the user object which was authenticated from the REST request no matter which of the available authentication methods was used.
If the user hasn't authenticated, user 0 (i.e. anon) will be returned.
http://drupalsite.local/api/users/me
If the request also contains basic auth (containing a valid Drupal username and password), or an auth cookie or token, then RESTful will attempt to authenticate this user, but will otherwise return results for anon.
Non-authenticated user:
{
"data": {
"type": "users",
"attributes": {
"label": null,
"self": "http://drupalsite.local/api/v1.1/users/0"
},
"links": {
"self": "http://drupalsite.local/api/v1.1/users"
}
},
"links": {
"self": "http://drupalsite.local/api/v1.1/users/me"
}
}Sample authenticated user:
{
"data": {
"type": "users",
"id": "1",
"attributes": {
"id": "1",
"label": "Barry",
"self": "http://drupalsite.local/api/v1.1/users/1",
"mail": "[email protected]"
},
"links": {
"self": "http://drupalsite.local/api/v1.1/users/1"
}
},
"links": {
"self": "http://drupalsite.local/api/v1.1/users/me"
}
}```