url); $tag_items = array(); foreach ($tag->items() as $item) { if (access::can("view", $item)) { $tag_items[] = rest::url("tag_item", $tag, $item); } } return array( "url" => $request->url, "entity" => $tag->as_array(), "relationships" => array( "items" => array( "url" => rest::url("tag_items", $tag), "members" => $tag_items))); } static function put($request) { // Who can we allow to edit a tag name? If we allow anybody to do it then any logged in // user can rename all your tags to something offensive. Right now limit renaming to admins. if (!identity::active_user()->admin) { access::forbidden(); } $tag = rest::resolve($request->url); if (isset($request->params->entity->name)) { $tag->name = $request->params->entity->name; $tag->save(); } } static function delete($request) { // Restrict deleting tags to admins. Otherwise, a logged in user can do great harm to an // install. if (!identity::active_user()->admin) { access::forbidden(); } $tag = rest::resolve($request->url); $tag->delete(); } static function relationships($resource_type, $resource) { switch ($resource_type) { case "item": $tags = array(); foreach (tag::item_tags($resource) as $tag) { $tags[] = rest::url("tag_item", $tag, $resource); } return array( "tags" => array( "url" => rest::url("item_tags", $resource), "members" => $tags)); } } static function resolve($id) { $tag = ORM::factory("tag", $id); if (!$tag->loaded()) { throw new Kohana_404_Exception(); } return $tag; } static function url($tag) { return url::abs_site("rest/tag/{$tag->id}"); } }