RestfulServer - Miscellaneous improvements

[sabina-talipova]

Description

• Implement PUT/POST/DELETE for relations
• Access-Control for relations (you might be allowed to view Members and Groups, but not their relation with each other)
• Make SearchContext specification customizeable for each class
• Allow for range-searches (e.g. on Created column)
• Relation listings by $api_access and canView() permissions
• Exclude relations when "fields" are specified through URL (they should be explicitly requested in this case)
• Custom filters per DataObject subclass, e.g. to disallow showing unpublished pages in SiteTree/Versioned/Hierarchy
• URL parameter namespacing for search-fields, limit, fields, add_fields (might all be valid dataobject properties) e.g. you wouldn't be able to search for a "limit" property on your subclass as its overlayed with the search logic
• i18n integration (e.g. Page/1.xml?lang=de_DE)
• Access to extendable methods/relations like SiteTree/1/Versions or SiteTree/1/Version/22
• Respect $api_access array notation in search contexts
• RestfulServer::init() - In 3.2 we should make the default Live, then change to Stage in the admin area (with a nicer API)
• RestfulServer::getHandler() - check access
• RestfulServer::getSearchQuery() - Allow specifying of different searchcontext getters on model-by-model basis
• RestfulServer::postHandler - @todo Posting to an existing URL (without a relation) current resolves in creatig a new element, rather than a "Conflict" message.
• RestfulServer::getAllowedRelations - Respect field level permissions once they are available in core
• RestfulServer::getHandler - Avoid creating data formatter again for relation class
• RestfulServer::updateDataObject - Disallow editing of certain keys in database