README

Token based authentification for SilverStripe's RestfulServer module.

Configuration

There is no special configuration needed. When the module is installed, it'll automatically take over authentification for RestfulServer.

Enabling REST calls for DataObjects

You need to set the DataObject to "IsActive". This enables globally the REST calls for the specific class.

Updating User Permissions

The module offers a fine-grained permission model for each DataObject. The permissions are stored in the SecurityAdmin for each user.

A user needs general "Enable REST calls" checked and additionally the permissions for each class:

• IsActive: if the user is allowed to use the REST API for that DataObject
• CanView: if the user is allowed to view the DataObject
• CanEdit: if the user is allowed to edit the DataObject
• CanCreate: if the user is allowed to create the DataObject
• CanDelete: if the user is allowed to delete the DataObject

If a ClassName is missing in permissions GridField, run dev/build?flush=all to update the class relations.

Requirements

This module requires a specific branch of silverstripe/restfulserver (version 3.1) which includes necessary hooks and cleanup. See silverstripe/restfulserver issue #144 for details.

To use this in your project, add the following to your composer.json:

{
    "repositories": [
        {
            "type": "git",
            "url": "https://github.com/wernerkrauss/silverstripe-restfulserver.git"
        }
    ],
    "require": {
        "silverstripe/restfulserver": "dev-144-cleanup-hooks as 3.1"
    }
}

Troubleshooting

If you have problems with the module, please check the following:

• run dev/build?flush=all
• Are REST calls enabled in for that user?
• Does the user have the correct permissions for the DataObject class? IsActive is always needed.