Merge remote-tracking branch 'origin/readOnly' into readOnly

CHANGELOG.md

@@ -9,7 +9,7 @@
 ..
 .. --------------------------------------------------
 .. Best Practice T3 reST  https://docs.typo3.org/typo3cms/drafts/github/xperseguers/RstPrimer/
-.. External Links: `Bootstrap <http://getbootstrap.com/>`_:
+.. External Links: `Bootstrap <http://getbootstrap.com/>`_
 .. Add Images: https://wiki.typo3.org/ReST_Syntax#Images
 ..
 .. -*- coding: utf-8 -*- with BOM.
@@ -36,11 +36,63 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
-Version 19.2.1
+
+Version 19.2.3
 --------------
 
+Date: 22.02.2019
+
+Notes
+^^^^^
+
+New: `QFQ REST <https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest>`_
+interface implemented.
+
+Features
+^^^^^^^^
+
+* Rest Implementation with GET,PUT,POST,DELETE and authorization token
+* REST.md: add
+* Manual.rst: reformat all sql code to use tyoposcript - it seems mysql does not work
+* Manual.rst: Add some admonitions
+
+Bug Fixes
+^^^^^^^^^
+
+* #7925 / fixed:
+
+  1. change CWD during split reduced to splitting only.
+  1. fixed problem in mkDirParent() with absolute paths.
+  1. make logger independent of CWD.
+  1. fixed problem with `mktemp --tmpdir`(difference Ubuntu 16 / 18) by using PHP function again.
+  1. fixed some 'undefined index' problems.
+
+Version 19.2.2
+--------------
+
+Date: 19.02.2019
+
+Notes
+^^^^^
+
+* QFQ now offers a basic REST API. Check https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest
+
+Features
+^^^^^^^^
+
+* 7910 / Check for double form names
+* 7904 / REST api export. Manual.rst: describe QFQ REST API
+* Latest phpStorm IDE complains about missing ext-json in composer.json. Added.
+* Manual.rst: Example how to use 'password' escape class.
+
+Bug Fixes
+^^^^^^^^^
+
+
+Version 19.2.1
+--------------
 
-Date: 16.2.19
+Date: 18.02.2019
 
 Notes
 ^^^^^

doc/NewVersion.md

@@ -53,12 +53,12 @@ Neue Versionsnummer
    * Update the version number in this document (topic 6)
    * Commit & Push new version changes to master branch: 
    
-      New version 19.2.1
+      New version 19.2.3
 
 6) **New Tag**: 
 
-   git tag v19.2.1
-   git push -u origin v19.2.1
+   git tag v19.2.3
+   git push -u origin v19.2.3
 
 7) Tickets: 
    * Schliessen und der QFQ Version zuweisen.

doc/REST.md

+====
+REST
+====
+
+* https://en.wikipedia.org/wiki/Representational_state_transfer
+* https://restfulapi.net
+* https://poe-php.de/tutorial/rest-einfuehrung-in-die-api-erstellung
+* https://blog.restcase.com/top-5-rest-api-security-guidelines/
+
+General Concept
+===============
+
+* There is one PHP file to handle all REST calls:
+
+    typo3conf/ext/qfq/Source/api/rest.php
+
+* All further endpoints are appended after rest.php, seperated by '/'. Example:
+
+    http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson/1/restAddress/123?myEmail=jonni@miller.com
+
+    The argument 'myEmail' is just to show how  GET variables will be submitted.
+    
+* Each `level` is a QFQ form. In the above example: `restPerson` and `restAddress`     
+* A QFQ form will be enabled for REST calls via field 'Permit REST'. Possible options: get, insert (post), update (put), delete
+* An optional HTML header token based 'authorization' is supported.
+* At least one `level` (= form name) has to be given. 
+* Multiple `level/id` tuple are possible.
+* Only the last level will be used. The last `level` becomes automatically `form` in STORE_TYPO3.
+* The last `id` becomes automatically `r` in STORE_TYPO3.
+* Previous `level` and `id` are accessible via `{{_id1:C}}`, `{{_form1:C:alnumx}}`,`{{_id2:C}}`, `{{_form2:C:alnumx}}`, ...
+* Import/Export data has to be/is JSON encoded.
+* The following settings has no impact to QFQ forms called via REST: `form.Permit New`, `form.Permit Edit`  
+
+HTML Requests
+=============
+
+GET - export
+------------
+ 
+Example:
+
+   curl -X GET "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson" 
+
+Details:
+
+* no `id` or `id=0` (example: 1, 123): The result of `Form.parameter.restSqlList` will be generated.
+* `id>0` (example: 1, 123): the result of `Form.parameter.restSqlData` will be generated.
+* The whole resultset will be JSON encoded.
+* It's not possible to render subrecords. This has to be done via a sub level (next form). 
+* Future: If this is not sufficient, a possible solution might be a `report`-notation (special FormElement), which do 
+  not implode all output, but leave the rows/cells intact as an array - the json_encode will then to the rest. 
+
+POST - insert
+-------------
+
+Example:
+
+   curl -X POST "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson" -d '{"name":"Miller","firstname":"Jonni"}'
+
+Details:
+
+* The data has to be JSON encoded transferred to the REST API. 
+* The JSON stream will be decoded to an array and copied to $_POST.
+* The further process is identically to a standard 'form submit'.
+* There should be no `id` given or `id=0`.
+
+PUT - update
+------------
+
+Example:
+
+   curl -X PUT "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson/1" -d '{"name":"Miller","firstname":"Jonni"}'
+
+Details:
+
+* The data has to be JSON encoded transferred to the REST API. 
+* The JSON stream will be decoded to an array and copied to $_POST.
+* The further process is identically to a standard 'form submit'.
+* There have to be an `id>0`.
+
+Delete
+------
+
+Example:
+
+   curl -X DELETE "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson/1" 
+
+Details:
+
+* The data has to be JSON encoded transferred to the REST API. 
+* The JSON stream will be decoded to an array and copied to $_POST.
+* The further process is identically to a standard 'form submit'.
+* There have to be an `id>0`.
+
+Header Token Authorization 
+==========================
+
+Example:
+
+    curl -X GET -H 'Authorization: Token token="mySuperSecretToken"' "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson/"
+
+Static token
+------------
+    
+Per form configure `form.parameter.restToken=mySuperSecretToken`.
+
+Dynamic token
+-------------
+
+The client supplied authorization token is available via the client store: `{{Authorization:C:alnumx}}`.
+
+Take the Client token and check if it saved in a table with all user token:   
+ 
+    form.parameter.restToken={{SELECT a.token FROM Auth AS a WHERE a.token='{{Authorization:C:alnumx}}' }}
+
+DEBUG
+=====
+
+Append the GET variable `?XDEBUG_SESSION_START=1`
+
+Example: 
+
+    curl -X POST "http://localhost/qfq/typo3conf/ext/qfq/Source/api/rest.php/restPerson?XDEBUG_SESSION_START=1" -d '{"name":"Miller","firstname":"Jonni"}'
+
+PhpStorm with activated debugger will stop at any breakpoint and 'stepping' through the code is possible.

doc/T3_DOC.md

-# T3 Documentation
+T3 Documentation
+================
 
 * QFQ Documentation: https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Index.html
 * Github Extension Repo to build project documentation: https://github.com/T3DocumentationStarter/Public-Info-053
@@ -6,16 +7,21 @@
 
   * https://github.com/T3DocumentationStarter/Public-Info-001/issues/4
   
-# Manual trigger of documentation rebuild:
+Manual trigger of documentation rebuild
+---------------------------------------
 
 * Open: https://docs.typo3.org/~mbless/github.com/T3DocumentationStarter/Public-Info-053.git.make/request_rebuild.php
 * For a few seconds a file 'REBUILD_REQUESTED' appears.
 * After the file disappeared, the documentation should be updated.
 
-# Log errors
+Log errors
+----------
+
 Check:  
 * https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/stable/_buildinfo/  
 * https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/latest/_buildinfo//PDFPROJECT.log.txt
 
-Rebuild: 
-https://docs.typo3.org/~mbless/github.com/T3DocumentationStarter/Public-Info-039.git.make/request_rebuild.php
+Best Practice T3 reST
+---------------------
+
+* https://docs.typo3.org/typo3cms/drafts/github/xperseguers/RstPrimer/
\ No newline at end of file

extension/Documentation/Release.rst

@@ -9,7 +9,7 @@
 ..
 .. --------------------------------------------------
 .. Best Practice T3 reST  https://docs.typo3.org/typo3cms/drafts/github/xperseguers/RstPrimer/
-.. External Links: `Bootstrap <http://getbootstrap.com/>`_:
+.. External Links: `Bootstrap <http://getbootstrap.com/>`_
 .. Add Images: https://wiki.typo3.org/ReST_Syntax#Images
 ..
 .. -*- coding: utf-8 -*- with BOM.
@@ -36,11 +36,61 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
-Version 19.2.1
+
+Version 19.2.3
+--------------
+
+Date: 22.02.2019
+
+Notes
+^^^^^
+
+New: `QFQ REST <https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest>`_
+interface implemented.
+
+Features
+^^^^^^^^
+
+* Rest Implementation with GET,PUT,POST,DELETE and authorization token
+* REST.md: add
+* Manual.rst: reformat all sql code to use tyoposcript - it seems mysql does not work
+* Manual.rst: Add some admonitions
+
+Bug Fixes
+^^^^^^^^^
+
+* #7925 / Change CWD during split reduced to splitting only.
+* #7925 / Fixed problem in mkDirParent() with absolute paths.
+* #7925 / Make logger independent of CWD.
+* #7925 / Fixed problem with `mktemp --tmpdir`(difference Ubuntu 16 / 18) by using PHP function again.
+* #7925 / Fixed some 'undefined index' problems.
+
+Version 19.2.2
 --------------
 
+Date: 19.02.2019
+
+Notes
+^^^^^
+
+* QFQ now offers a basic REST API. Check https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest
+
+Features
+^^^^^^^^
+
+* 7910 / Check for double form names
+* 7904 / REST api export. Manual.rst: describe QFQ REST API
+* Latest phpStorm IDE complains about missing ext-json in composer.json. Added.
+* Manual.rst: Example how to use 'password' escape class.
+
+Bug Fixes
+^^^^^^^^^
+
+
+Version 19.2.1
+--------------
 
-Date: 16.2.19
+Date: 18.02.2019
 
 Notes
 ^^^^^

extension/Documentation/Settings.cfg

@@ -3,7 +3,7 @@
 
 project     = QFQ - Quick Form Query
 version     = 19.2
-release     = 19.2.1
+release     = 19.2.3
 t3author    = Carsten Rose
 copyright   = since 2017 by the author
 

extension/Documentation/_make/conf.py

@@ -59,7 +59,7 @@ copyright = u'2017, Carsten Rose'
 # The short X.Y version.
 version = '19.2'
 # The full version, including alpha/beta/rc tags.
-release = '19.2.1'
+release = '19.2.3'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

extension/RELEASE.txt

@@ -9,7 +9,7 @@
 ..
 .. --------------------------------------------------
 .. Best Practice T3 reST  https://docs.typo3.org/typo3cms/drafts/github/xperseguers/RstPrimer/
-.. External Links: `Bootstrap <http://getbootstrap.com/>`_:
+.. External Links: `Bootstrap <http://getbootstrap.com/>`_
 .. Add Images: https://wiki.typo3.org/ReST_Syntax#Images
 ..
 .. -*- coding: utf-8 -*- with BOM.
@@ -36,11 +36,63 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
-Version 19.2.1
+
+Version 19.2.3
 --------------
 
+Date: 22.02.2019
+
+Notes
+^^^^^
+
+New: `QFQ REST <https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest>`_
+interface implemented.
+
+Features
+^^^^^^^^
+
+* Rest Implementation with GET,PUT,POST,DELETE and authorization token
+* REST.md: add
+* Manual.rst: reformat all sql code to use tyoposcript - it seems mysql does not work
+* Manual.rst: Add some admonitions
+
+Bug Fixes
+^^^^^^^^^
+
+* #7925 / fixed:
+
+  1. change CWD during split reduced to splitting only.
+  1. fixed problem in mkDirParent() with absolute paths.
+  1. make logger independent of CWD.
+  1. fixed problem with `mktemp --tmpdir`(difference Ubuntu 16 / 18) by using PHP function again.
+  1. fixed some 'undefined index' problems.
+
+Version 19.2.2
+--------------
+
+Date: 19.02.2019
+
+Notes
+^^^^^
+
+* QFQ now offers a basic REST API. Check https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#rest
+
+Features
+^^^^^^^^
+
+* 7910 / Check for double form names
+* 7904 / REST api export. Manual.rst: describe QFQ REST API
+* Latest phpStorm IDE complains about missing ext-json in composer.json. Added.
+* Manual.rst: Example how to use 'password' escape class.
+
+Bug Fixes
+^^^^^^^^^
+
+
+Version 19.2.1
+--------------
 
-Date: 16.2.19
+Date: 18.02.2019
 
 Notes
 ^^^^^

extension/Source/api/rest.php

+<?php
+/**
+ * Created by PhpStorm.
+ * User: crose
+ * Date: 17.02.19
+ * Time: 15:40
+ */
+
+namespace qfq;
+
+use qfq;
+
+require_once(__DIR__ . '/../core/QuickFormQuery.php');
+require_once(__DIR__ . '/../core/exceptions/UserFormException.php');
+require_once(__DIR__ . '/../core/exceptions/CodeException.php');
+require_once(__DIR__ . '/../core/exceptions/DbException.php');
+
+$restId = array();
+$restForm = array();
+
+$status = HTTP_400_BAD_REQUEST;
+$data = array();
+
+try {
+    try {
+        $form = OnString::splitPathInfoToIdForm($_SERVER['PATH_INFO'], $restId, $restForm);
+
+        // get latest `ìd`
+        $id = end($restId);
+
+        // Fake Bodytext setup
+        $bodytext = TYPO3_RECORD_ID . '=' . $id . PHP_EOL;
+        $bodytext .= TYPO3_FORM . '=' . $form . PHP_EOL;
+
+        $method = $_SERVER['REQUEST_METHOD'];
+        switch ($method) {
+            case REQUEST_METHOD_GET:
+                $status = HTTP_200_OK;
+                break;
+
+            case REQUEST_METHOD_POST:
+                if ($id != 0) {
+                    throw new UserFormException(json_encode([ERROR_MESSAGE_TO_USER => "Forbidden: id>0 with HTTP method $method",
+                        ERROR_MESSAGE_SUPPORT => '',
+                        ERROR_MESSAGE_HTTP_STATUS => HTTP_400_BAD_REQUEST
+                    ]), ERROR_REST_INVALID_ID);
+                }
+
+                $data = json_decode(file_get_contents('php://input'), true);
+                $status = HTTP_201_CREATED;
+                break;
+
+            case REQUEST_METHOD_PUT:
+                if ($id == 0) {
+                    throw new UserFormException(json_encode([ERROR_MESSAGE_TO_USER => "Forbidden: id==0 with HTTP method $method",
+                        ERROR_MESSAGE_SUPPORT => '',
+                        ERROR_MESSAGE_HTTP_STATUS => HTTP_400_BAD_REQUEST
+                    ]), ERROR_REST_INVALID_ID);
+                }
+                $data = json_decode(file_get_contents('php://input'), true);
+                $status = HTTP_200_OK;
+                break;
+
+            case REQUEST_METHOD_DELETE:
+                if ($id == 0) {
+                    throw new UserFormException(json_encode([ERROR_MESSAGE_TO_USER => "Forbidden: id==0 with HTTP method $method",
+                        ERROR_MESSAGE_SUPPORT => '',
+                        ERROR_MESSAGE_HTTP_STATUS => HTTP_400_BAD_REQUEST
+                    ]), ERROR_REST_INVALID_ID);
+                }
+                $status = HTTP_200_OK;
+                break;
+
+            default:
+                throw new UserFormException(json_encode([ERROR_MESSAGE_TO_USER => 'Unsupported/unknown HTTP request method',
+                    ERROR_MESSAGE_SUPPORT => 'HTTP Code: ' . $method,
+                    ERROR_MESSAGE_HTTP_STATUS => HTTP_403_METHOD_NOT_ALLOWED
+                ]), ERROR_UNKNOWN_MODE);
+                break;
+        }
+
+        if ($data === null) {
+            throw new UserFormException(json_encode([ERROR_MESSAGE_TO_USER => "Missing or broken JSON",
+                ERROR_MESSAGE_SUPPORT => json_last_error_msg(),
+                ERROR_MESSAGE_HTTP_STATUS => HTTP_400_BAD_REQUEST
+            ]), ERROR_BROKEN_PARAMETER);
+        }
+
+        if (!empty($data)) {
+            $_POST = $data;
+        }
+
+        $qfq = new QuickFormQuery(['bodytext' => $bodytext]);
+        $answer = $qfq->rest($restId, $restForm);
+
+    } catch (qfq\CodeException $e) {
+        $answer[API_MESSAGE] = $e->formatMessage();
+        $status = $e->getHttpStatus();
+
+    } catch (qfq\UserFormException $e) {
+        $answer[API_MESSAGE] = $e->formatMessage();
+        $status = $e->getHttpStatus();
+
+    } catch (qfq\DbException $e) {
+        $answer[API_MESSAGE] = $e->formatMessage();
+        $status = $e->getHttpStatus();
+    }
+
+} catch (\Exception $e) {
+    $answer[API_MESSAGE] = "Generic Exception: " . $e->getMessage();
+}
+
+header('HTTP/1.0 ' . $status);
+header("Content-Type: application/json");
+echo json_encode($answer);

extension/Source/core/AbstractBuildForm.php

@@ -2448,9 +2448,17 @@ abstract class AbstractBuildForm {
 
         $formElement = HelperFormElement::prepareExtraButton($formElement, false);
         $attribute .= $this->getAttributeFeMode($formElement[FE_MODE]);
-        $html = '<select ' . $attribute . '>' . $option . '</select>';
+        if (isset($formElement["datalist"])) {
+            if ($formElement[FE_DYNAMIC_UPDATE] === 'yes') {
+                throw new UserFormException("Datalist funktionert nicht mit dynamic update", ERROR_NOT_IMPLEMENTED);
+            }
+            $datalistId = $formElement[FE_HTML_ID] . '-datalist';
+            $html = '<input ' . Support::doAttribute('list', $datalistId) . $attribute . '><datalist '
+                . Support::doAttribute('id', $datalistId) . '>' . $option . '</datalist>';
+        } else {
+            $html = '<select ' . $attribute . '>' . $option . '</select>';
+        }
         $html = $html . $this->getHelpBlock() . $formElement[FE_TMP_EXTRA_BUTTON_HTML];
-
         return $html . $formElement[FE_INPUT_EXTRA_BUTTON_INFO];
     }
 
@@ -3182,7 +3190,7 @@ abstract class AbstractBuildForm {
 
         Support::setIfNotSet($formElement, FE_ANNOTATE_USER_UID);
         Support::setIfNotSet($formElement, FE_ANNOTATE_USER_NAME);
-        Support::setIfNotSet($formElement, FE_ANNOTATE_USER_NAME);
+        Support::setIfNotSet($formElement, FE_ANNOTATE_USER_AVATAR);
 
         $dataHighlight=HelperFile::getFileTypeHighlight($formElement[FE_HIGHLIGHT]??'',$formElement[FE_TEXT_SOURCE] );
 
@@ -3201,6 +3209,9 @@ abstract class AbstractBuildForm {
         $attributeDiv .= Support::doAttribute('data-file', $this->fileToSipUrl($formElement[FE_TEXT_SOURCE]));
         $attributeDiv .= Support::doAttribute('data-target', $formElement[FE_HTML_ID]);
         $attributeDiv .= Support::doAttribute('data-highlight', $dataHighlight);
+
+        $attributeDiv .= Support::doAttribute('data-view-only', 'true');
+
         $attributeDiv .= $this->getAttributeFeMode($formElement[FE_MODE]);
         $htmlAnnotate = Support::wrapTag('<div ' . $attributeDiv . ' data-uid=\''. $jsonDataUid . '\' >', '', false);
 //        $htmlAnnotate = Support::wrapTag('<div ' . $attributeDiv .'>', '', false);

extension/Source/core/Constants.php

@@ -32,16 +32,20 @@ const TABLE_NAME_FORM = 'Form';
 const TABLE_NAME_FORM_ELEMENT = 'FormElement';
 const TABLE_NAME_SPLIT = 'Split';
 
+// Form Mode
 const FORM_LOAD = 'form_load';
 const FORM_SAVE = 'form_save';
 const FORM_UPDATE = 'form_update';
 const FORM_DELETE = 'form_delete';
 const FORM_DRAG_AND_DROP = 'form_drag_and_drop';
+const FORM_REST = 'form_rest';
+
 const FORM_PERMISSION_SIP = 'sip';
 const FORM_PERMISSION_LOGGED_IN = 'logged_id';
 const FORM_PERMISSION_LOGGED_OUT = 'logged_out';
 const FORM_PERMISSION_ALWAYS = 'always';
 const FORM_PERMISSION_NEVER = 'never';
+const FORM_PERMISSION_REST = 'rest';
 const FORM_BUTTON_NEW = 'new';
 const FORM_BUTTON_DELETE = 'delete';
 const FORM_BUTTON_CLOSE = 'close';
@@ -63,7 +67,7 @@ const SQL_FORM_ELEMENT_BY_ID = "SELECT * FROM FormElement AS fe WHERE fe.id = ?"
 const SQL_FORM_ELEMENT_RAW = "SELECT * FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
 const SQL_FORM_ELEMENT_SPECIFIC_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.feIdContainer = ? AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
 const SQL_FORM_ELEMENT_ALL_CONTAINER = "SELECT *, ? AS 'nestedInFieldSet' FROM FormElement AS fe WHERE fe.formId = ? AND fe.deleted = 'no' AND FIND_IN_SET(fe.class, ? ) AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
-const SQL_FORM_ELEMENT_SIMPLE_ALL_CONTAINER = "SELECT fe.id, fe.feIdContainer, fe.name, fe.label, fe.type, fe.encode, fe.checkType, fe.checkPattern, fe.mode, fe.modeSql, fe.parameter, fe.dynamicUpdate FROM FormElement AS fe, Form AS f WHERE f.name = ? AND f.id = fe.formId AND fe.deleted = 'no' AND fe.class = 'native' AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
+const SQL_FORM_ELEMENT_SIMPLE_ALL_CONTAINER = "SELECT fe.id, fe.feIdContainer, fe.name, fe.value, fe.label, fe.type, fe.encode, fe.checkType, fe.checkPattern, fe.mode, fe.modeSql, fe.parameter, fe.dynamicUpdate FROM FormElement AS fe, Form AS f WHERE f.name = ? AND f.id = fe.formId AND fe.deleted = 'no' AND fe.class = 'native' AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
 const SQL_FORM_ELEMENT_CONTAINER_TEMPLATE_GROUP = "SELECT fe.id, fe.name, fe.label, fe.maxLength, fe.parameter FROM FormElement AS fe, Form AS f WHERE f.name = ? AND f.id = fe.formId AND fe.deleted = 'no' AND fe.class = 'container' AND fe.type='templateGroup' AND fe.enabled='yes' ORDER BY fe.ord, fe.id";
 const SQL_FORM_ELEMENT_TEMPLATE_GROUP_FE_ID = "SELECT * FROM FormElement AS fe WHERE fe.id = ? AND fe.deleted = 'no' AND fe.class = 'container' AND fe.type='templateGroup' AND fe.enabled='yes' ";
 //const SQL_FORM_ELEMENT_NATIVE_TG_COUNT = "SELECT fe.*, IFNULL(feTg.maxLength,0) AS _tgCopies FROM FormElement AS fe LEFT JOIN FormElement AS feTg ON fe.feIdContainer=feTg.id AND feTg.deleted = 'no' AND feTg.class = 'container' AND feTg.type='templateGroup' AND feTg.enabled='yes' WHERE fe.formId = ? AND fe.deleted = 'no' AND fe.class = 'native' AND fe.enabled='yes'";
@@ -137,6 +141,7 @@ const KVP_VALUE_GIVEN = 'value_given';
 const ERROR_MESSAGE_TO_USER = 'toUser'; // always shown to the user.
 const ERROR_MESSAGE_SUPPORT = 'support'; // Message to help the developer to understand the problem.
 const ERROR_MESSAGE_OS = 'os'; // Error message from the OS - like 'file not found' or specific SQL problem
+const ERROR_MESSAGE_HTTP_STATUS = 'httpStatus'; // HTTP Status Code to report
 
 // QFQ Error Codes
 const ERROR_UNKNOW_SANITIZE_CLASS = 1001;
@@ -358,6 +363,10 @@ const ERROR_FORM_RESERVED_NAME = 2800;
 const ERROR_IMPORT_MISSING_EXPLICIT_TYPE = 2900;
 const ERROR_IMPORT_LIST_SHEET_NAMES = 2901;
 
+// REST
+const ERROR_FORM_REST = 3000;
+const ERROR_REST_AUTHORIZATION = 3001;
+const ERROR_REST_INVALID_ID = 3002;
 //
 // Store Names: Identifier
 //
@@ -413,12 +422,18 @@ const CLIENT_SERVER_ADDRESS = 'SERVER_ADDR';
 const CLIENT_SERVER_PORT = 'SERVER_PORT';
 const CLIENT_REMOTE_ADDRESS = 'REMOTE_ADDR';
 const CLIENT_REQUEST_SCHEME = 'REQUEST_SCHEME';
+const CLIENT_REQUEST_METHOD = 'REQUEST_METHOD';
 const CLIENT_SCRIPT_FILENAME = 'SCRIPT_FILENAME';
 const CLIENT_QUERY_STRING = 'QUERY_STRING';
 const CLIENT_REQUEST_URI = 'REQUEST_URI';
 const CLIENT_SCRIPT_NAME = 'SCRIPT_NAME';
 const CLIENT_PHP_SELF = 'PHP_SELF';
 
+const REQUEST_METHOD_GET = 'GET';
+const REQUEST_METHOD_POST = 'POST';