159 | | Note that "read" permission for the requested record (pr_group 5) is already checked ''before'' the method handler is called, so it does not need to be checked again. |
160 | | |
161 | | But for any other record we intend to return to the user, we must check permissions explicitly in the method handler. |
162 | | |
163 | | Note that you must request permission for ''every'' table that you intend to return information about. |
164 | | |
165 | | === S3Method Subclasses as Method Handlers === |
166 | | |
167 | | Method handlers can also be defined as subclass of S3Method: |
168 | | |
169 | | {{{ |
170 | | class AvailableShelters(S3Method): |
171 | | """ |
172 | | Method handler for the "available_shelters" method |
173 | | """ |
174 | | |
175 | | def apply_method(self, r, **attr): |
176 | | """ |
177 | | Entry point for the RESTful API |
178 | | |
179 | | @param r: the S3Request |
180 | | @param attr: additional keyword parameters passed from the controller |
181 | | """ |
182 | | |
183 | | # do something to produce output |
184 | | |
185 | | return output |
186 | | |
187 | | }}} |
| 159 | Note that "read" permission for the ''requested'' record (pr_group 5) is already checked ''before'' the method handler is called, so it does not need to be checked again. But for any other record from which we return information to the user, or any other method we intend to perform, we must first check permissions in the method handler. |
230 | | {{{ |
231 | | def group(): |
232 | | """ RESTful Controller for pr/group """ |
233 | | |
234 | | # Configure the handler for pr/group/N/available_shelters |
235 | | s3db.set_method("pr", "group", method="available_shelters", action=available_shelters_handler) |
236 | | |
237 | | return s3_rest_controller() |
238 | | |
239 | | def available_shelters_handler(r, **attr): |
240 | | """ |
241 | | Method handler for the "available_shelters" method |
242 | | |
243 | | @param r: the S3Request |
244 | | @param attr: additional keyword parameters passed from the controller |
245 | | """ |
246 | | |
247 | | # do something to produce output |
248 | | |
249 | | return output |
250 | | |
251 | | }}} |
| 185 | Note that if the method handler is implemented as S3Method subclass, we do ''not'' need to instantiate it. It will be instantiated only when it is needed to process the request. |