REST API module supports authorising restricted reports

For a specific client project, resource options can contain a list of authorised reports that are normally restricted.
Indicia-Team · Feb 5, 2019 · d494144 · d494144
1 parent 6f5fddf
commit d494144
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/modules/rest_api/config/rest.example.php b/modules/rest_api/config/rest.example.php
@@ -150,7 +150,14 @@
         // Optional, which resources are available? Default is all.
         'resources' => ['taxon-observations', 'annotations', 'reports'],
         'resource_options' => [
-          'reports' => ['raw_data', 'featured'],
+          'reports' => [
+            'raw_data',
+            'featured',
+            'authorise' => [
+              // Authorise a normally restricted report for this project.
+              'library/occurrences/list_for_elastic_all.xml',
+            ],
+          ],
         ],
         // Set the following to TRUE for Indicia to automatically feed through
         // pages of data. Useful when the client is a dumb poller for the data.

diff --git a/modules/rest_api/controllers/services/rest.php b/modules/rest_api/controllers/services/rest.php
@@ -1591,6 +1591,11 @@ private function loadReportEngine() {
     // array.
     if (!isset($this->reportEngine)) {
       $this->reportEngine = new ReportEngine(array($this->clientWebsiteId));
+      // Resource configuration can provide a list of restricted reports that
+      // are allowed for this client.
+      if (isset($this->resourceOptions['authorise'])) {
+        $this->reportEngine->setAuthorisedReports($this->resourceOptions['authorise']);
+      }
     }
   }