ansaurus

Question

Answer 1

A:

I think you're getting mixed up in buzzwords here. :-)

All actions are by definition RESTful, it's a concept built into the HTTP protocol. "Making an application RESTful" usually means, among other things, to actually use the concept of reacting differently to GET, POST, PUT or DELETE requests on the same URL. E.g.

GET    http://example.com/users      -> Receive a list of all users
POST   http://example.com/users      -> Creates (a) new user(s)
GET    http://example.com/user/42    -> Receives info about user #42
PUT    http://example.com/user/42    -> Edit/replace the information of user #42
DELETE http://example.com/user/42    -> Delete user #42

Therefore, even if you do nothing, every request is always RESTful, because every request is using one of these HTTP methods (usually GET).

I think what you're looking for is plain old user privileges handling using something like the AuthComponent.

deceze 2010-02-18 04:58:44

Not all Http requests are by definition RESTful. One REST constraint is that the message be self-descriptive. i.e. All of the information needed to produce the result is included in the request. One example of a not-restful request is doing an authenticated GET /twitter.com returns the tweets of the people I am following. If someone else does GET /twitter.com they will get their list. This is inconsistent with the notion that a URI should identify a resource.

Darrel Miller 2010-02-18 13:25:29

@Darrel Generally agreed, but this comes down to semantics I'm afraid. :) I'd say in this case the *application* is not RESTful. The request, as it pertains to the OPs question, cannot be unRESTful. The OP can't filter out "non-RESTful" requests, since it's the application's answer that ultimately decides if it's RESTful or not.

deceze 2010-02-18 14:19:01

@Darrel Upon further thought… The content you receive still only depends on the request, more specifically on the Cookie information that is send with the request. If you send the exact same request you get the exact same answer. The URI still represents the resource "twitter posts". RESTfulness does not dictate that this resource be the same for everyone every time. That would make every site with updating content unRESTful. Contrast RESTfulness with a protocol like FTP, where both server and client need to go through a session, which might differ every time, to get a specific resource.

deceze 2010-02-18 14:40:23

Let's say twitter decided that for perf reasons it would be a good idea to allow that page to be cached for 30 seconds. If my page is called twitter.com and your page is called twitter.com, how can an intermediary cache it. However, if the page is called twitter.com/darrelmiller/friendtweets then it becomes trivial to allow caching.

Darrel Miller 2010-02-18 15:54:07

The other problem with twitter is that they don't send who you are in a cookie, they send a session id, which requires doing a lookup somewhere else to find out who I am. This is the classic example of a message being not self-descriptive.

Darrel Miller 2010-02-18 15:59:33

A resource can definitely vary over time but a request should deliver the same content to whoever requests it, assuming all the other Http headers are the same. Security permissions being the only exception that I know of.

Darrel Miller 2010-02-18 16:03:15

@Darrel `A resource can definitely vary over time but a request should deliver the same content to whoever requests it, assuming all the other Http headers are the same.` I think Twitter fits this description. :) But putting that aside, the ultimate point is, you *can* build an unRESTful application on top of the RESTful protocol that is HTTP, but the *HTTP requests* themselves are always RESTful.

deceze 2010-02-18 22:22:32

Answer 2

A:

I figured out what I need to do. I have to do some custom rest routing to enable the methods I want versus enabling them all.

SonnyBurnette 2010-02-20 00:35:45

ansaurus

tags:

views:

answers:

CakePHP RESTful actions

related questions