API for Recipe Website, user validation.

RecipeApi.php

<?php

class RecipeApi extends \Restful {
    // /**
    //  * Don't wrap output in `{"success":bool,"data":"..."}`.
    //  */
    var $wrap = false;

    // /**
    //  * Create a new recipe or ingredient.
    //  */
    public function post_recipes ($recipe_id = false, $resource = false, $resource_id = false) {

        $obj = $this->get_raw_post_data (true);
        
        if(!User::is_valid())
        {
          return $this->error("You must be logged in to add recipes.");
        }

        // Add recipe if posted new one
        if($recipe_id == false){
            $recipe = new recipes\Recipe($obj);
            $recipe->added = time();
            $recipe->user_id = User::val('id');
            $recipe->user_name = User::val('name');

            if(!$recipe->put()){
                return $this->error("Failed to save recipe. ".$recipe->error);
            }

            $out = $recipe->orig();
            return $out;

        }

        // Add ingredients to recipe

        // First get recipe
        $recipe = new recipes\Recipe($recipe_id);
        if ($recipe->error) {
            return $this->error ("No recipe by that id exist.");
        }

        //Should add access control (Admin, owner, access or public)
        if(!($recipe->public == 1) && !($recipe->user_id === User::val('id')) && !User::require_admin()) {
            // Redirect with Notification
            return $this->error ("Access denied.");
        }

        // Then add ingredients
        if($resource == 'ingredients')
        {
            $ingredient = new recipes\Ingredient($obj);
            $ingredient->added = time();
            $ingredient->recipe_id = $recipe_id;

            //$ingredient->added = time();
            
            if (! $ingredient->put ()) {
                return $this->error ($ingredient->error);
            }
            $out = $ingredient->orig ();
        }

        return $out;
    }
}

?>