function session()
{
if ($this->request->isGET()) {
$session = $this->getSessionFromRequest();
$this->restfulSession = $session;
$this->setSessionByApiSession();
return $session ? $this->sendData(array("session" => $session)) : $this->sendNotFound();
} else {
if ($this->request->isPOST()) {
$data = $this->request->data;
$member = Member::get()->filter(array("Email" => $data->email))->First();
if ($member && $member->checkPassword($data->password)->valid()) {
// TODO: check for group / permission
if ($requiredGroup = Config::inst()->get('AuthSession', 'requiredGroup')) {
// check that user is in Group
if (!$member->inGroup($requiredGroup)) {
return $this->sendPermissionFailure("Member is not in the required group `{$requiredGroup}`");
}
}
if ($requiredPermission = Config::inst()->get('AuthSession', 'requiredPermission')) {
// check that member has required permission
if (!Permission::checkMember($member, $requiredPermission)) {
return $this->sendPermissionFailure("Member has no `{$requiredPermission}` permission");
}
}
$session = new AuthSession();
$session->Member = $member;
$session->MemberID = $member->ID;
$session->write();
return $this->sendSuccessfulPost(array("session" => $session));
}
return $this->sendError("Couldn't match password / email", 400);
} else {
if ($this->request->isDELETE()) {
if ($session = $this->restfulSession) {
$session->delete();
return $this->sendSuccessfulDelete();
} else {
return $this->sendNotFound('No session could be detected');
}
}
}
}
}
