Facebook Cookbook - Jay Goldman [157]
Solution
Table 9-7 lists three extended permissions that users can grant an application.
Table 9-7. Extended permissions
Permission
Description
status_update
Your application can call Users.setStatus() for this user.
photo_upload
You can already upload photos and add tags for all users with the Photos.upload() and Photos.addTag() methods, but both will go into a pending state and require approval. Granting this permission allows your app to bypass that step.
create_listing
Your application can create new Marketplace listings on behalf of this user.
The permissions are granted one at a time by sending users to http://www.facebook.com/authorize.php?api_key=YOUR_API_KEY&v=1.0&ext_perm=PERMISSION_NAME (see example page in Figure 9-18), substituting your API key and the permission’s name from Table 9-7.
Figure 9-18. Extended permissions
Discussion
You can add two more parameters to the URL, next and next_cancel, which are URL-encoded URLS you’d like the user sent to when they’re finished granting permission or if they cancel, respectively:
http://www.facebook.com/authorize.php?api_key=YOUR_API_KEY&v=1.0&ext_perm=PERMISSION_NAME&next=http%3A%2F%2Fapps.facebook.com%2Fmyapp%2Fpermissions.php&next_cancel=http%3A%2F%2Fapps.facebook.com%2Fmyapp%2Fcancel.php
If you don’t provide those URLs, users will see a Facebook message letting them know they can return to the app if they save (canceling just goes back one page in their history), as in Figure 9-19.
Figure 9-19. Extended permissions message
Users can revoke extended permissions on their Edit Apps page, at http://www.facebook.com/editapps.php.
You can check to see whether a user has granted a certain permission to your app by calling the API’s Users.hasAppPermission() method (see Checking Extended Permissions for more info).
Checking Extended Permissions
Problem
How can I check to see whether a user has granted my app extended permissions?
Solution
Use the Users.hasAppPermission() method, which is not currently included in the PHP Client Library (see Adding Missing PHP Client Library Methods):
$permission = $facebook->api_client->Users_hasAppPermission('status_update');
Discussion
This will return true (1) or false (0). There are three extended permissions you can check for:
status_update
You can set the user’s status with Users.setStatus().
create_listing
You can create Marketplace listings for the user.
photo_upload
You can upload photos and set tags on nonpending photos.
See Extended Permissions for more information.
Storing Data with the Data Store API
Problem
I need a place to store some data for my app, and I don’t want to use my own database or a third-party service. Is there somewhere I can stick it inside of Facebook?
Solution
Facebook recently introduced the Data Store API, which was still in beta as this book went to press. The approach is to provide specialized storage, highly targeted and optimized to the kind of data that app developers need to store, rather than taking the more generalized approach of Amazon SimpleDB. The API is grouped into the areas:
Specialized tables
One of the advantages of using the Data Store API is specialized tables, designed and optimized to store the kinds of data for which your app is most likely to need storage. The initial pass only includes a User Preference table, but Facebook is looking for feedback from app developers about the types of tables they might be interested in.
Distributed tables
Most web developers understand databases well enough to administer a single server but lack the experience necessary to design and maintain a complicated, scalable, distributed system. Using the Data Store API gives you access to a well-managed distributed system for free, designed to allow your tables to grow to millions of records