function session() { if ($this->request->isGET()) { $session = $this->getSessionFromRequest(); $this->restfulSession = $session; $this->setSessionByApiSession(); return $session ? $this->sendData(array("session" => $session)) : $this->sendNotFound(); } else { if ($this->request->isPOST()) { $data = $this->request->data; $member = Member::get()->filter(array("Email" => $data->email))->First(); if ($member && $member->checkPassword($data->password)->valid()) { // TODO: check for group / permission if ($requiredGroup = Config::inst()->get('AuthSession', 'requiredGroup')) { // check that user is in Group if (!$member->inGroup($requiredGroup)) { return $this->sendPermissionFailure("Member is not in the required group `{$requiredGroup}`"); } } if ($requiredPermission = Config::inst()->get('AuthSession', 'requiredPermission')) { // check that member has required permission if (!Permission::checkMember($member, $requiredPermission)) { return $this->sendPermissionFailure("Member has no `{$requiredPermission}` permission"); } } $session = new AuthSession(); $session->Member = $member; $session->MemberID = $member->ID; $session->write(); return $this->sendSuccessfulPost(array("session" => $session)); } return $this->sendError("Couldn't match password / email", 400); } else { if ($this->request->isDELETE()) { if ($session = $this->restfulSession) { $session->delete(); return $this->sendSuccessfulDelete(); } else { return $this->sendNotFound('No session could be detected'); } } } } }