Development:Web services: Difference between revisions
Line 23: | Line 23: | ||
[[Image:Web_service_graph.jpg]] | [[Image:Web_service_graph.jpg]] | ||
== | == Web Services description == | ||
=List of functions= | =List of functions= |
Revision as of 05:41, 24 February 2009
Note: This article is a work in progress. Please use the page comments or an appropriate moodle.org forum for any recommendations/suggestions for improvement.
Introduction
This page described the Web Services module implemented for Moodle 2.0
The tracker issue is here: MDL-12886
This module is been implemented by the DFWS Team and Moodle.
Implementation
Web Services module has been conceived in a purpose to be ported on different Moodle version, and also on different project. It has also for purpose to support multiple web service protocols (REST, SOAP, AMF, ...). Adding a new protocol support should be relatively easy.
How it works
- The client sends a username and password to the web service protocol server script.
- The protocol server returns a session token for that user account (how this is sent depends on the protocol).
- The client calls a particular web service function (module name, function name, and function parameters), including the session token.
- The protocol server uses the token to check that the session is still active.
- The protocol server call the matching external function, located in a external.php file inside the relevant module.
- The external function checks that the current user has_capability to do this operation.
- The external function calls the matching Moodle core function (in lib.php usually).
- The core function can return a result to the external function.
- The external function will return a result to the protocol server.
- The protocol server returns the result to the client.
Web Services description
List of functions
All callable functions are declared into each external.php. A "description" array contains all function names, parameter names and types, and return type.
Authentication
Clients needing to use a web service will need a Moodle user account with the 'moodle/site:usewebservices' capability enabled. After the first login with username and password the session is retained with a token that gets passed with every web service request (until the session expires).
The Moodle administrator can control access to the site using the 'Security -> Web services' page, which contains settings for:
- enabling/disabling particular protocols (SOAP, REST, AMF, XMLRPC, ...)
- configure protocol-specific settings (though we can't think of any such settings)
- configure system-wide default settings (stored in config table):
- IP whitelist
- Anything else?
- configure per-user settings (stored in user_preferences):
- IP whitelist
- Anything else?
Each protocol will call a webservice authentication function before allowing access, which will:
- Check that particular protocol is enabled for the system
- Authenticate the user using username/password and normal auth plugins (internal, LDAP etc)
- Check that the user has 'moodle/site:usewebservices' at SYSTEM level.
- Check the per-user restrictions, if there are any, else check the system settings
- Create a session and return a token for the web service protocol to use.
This is probably enough (an auth/webservice is not necessary).