public function acl(SS_HTTPRequest $request)
{
$action = $request->param('Action');
if ($this->authority) {
$className = get_class($this->authority);
$allowedActions = Config::inst()->get($className, 'allowed_actions');
if (!$allowedActions) {
$allowedActions = array();
}
if (in_array($action, $allowedActions)) {
if (method_exists($this->authority, $action)) {
$response = $this->authority->{$action}($request);
$response = $this->serializer->serialize($response);
return $this->answer($response);
} else {
//let's be shady here instead
return $this->error(new RESTfulAPI_Error(403, "Action '{$action}' not allowed."));
}
} else {
return $this->error(new RESTfulAPI_Error(403, "Action '{$action}' not allowed."));
}
}
}