ActiveController.php 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137
  1. <?php
  2. /**
  3. * @link https://www.yiiframework.com/
  4. * @copyright Copyright (c) 2008 Yii Software LLC
  5. * @license https://www.yiiframework.com/license/
  6. */
  7. namespace yii\rest;
  8. use yii\base\InvalidConfigException;
  9. use yii\base\Model;
  10. use yii\web\ForbiddenHttpException;
  11. /**
  12. * ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
  13. *
  14. * The class of the ActiveRecord should be specified via [[modelClass]], which must implement [[\yii\db\ActiveRecordInterface]].
  15. * By default, the following actions are supported:
  16. *
  17. * - `index`: list of models
  18. * - `view`: return the details of a model
  19. * - `create`: create a new model
  20. * - `update`: update an existing model
  21. * - `delete`: delete an existing model
  22. * - `options`: return the allowed HTTP methods
  23. *
  24. * You may disable some of these actions by overriding [[actions()]] and unsetting the corresponding actions.
  25. *
  26. * To add a new action, either override [[actions()]] by appending a new action class or write a new action method.
  27. * Make sure you also override [[verbs()]] to properly declare what HTTP methods are allowed by the new action.
  28. *
  29. * You should usually override [[checkAccess()]] to check whether the current user has the privilege to perform
  30. * the specified action against the specified model.
  31. *
  32. * For more details and usage information on ActiveController, see the [guide article on rest controllers](guide:rest-controllers).
  33. *
  34. * @author Qiang Xue <qiang.xue@gmail.com>
  35. * @since 2.0
  36. */
  37. class ActiveController extends Controller
  38. {
  39. /**
  40. * @var string the model class name. This property must be set.
  41. */
  42. public $modelClass;
  43. /**
  44. * @var string the scenario used for updating a model.
  45. * @see \yii\base\Model::scenarios()
  46. */
  47. public $updateScenario = Model::SCENARIO_DEFAULT;
  48. /**
  49. * @var string the scenario used for creating a model.
  50. * @see \yii\base\Model::scenarios()
  51. */
  52. public $createScenario = Model::SCENARIO_DEFAULT;
  53. /**
  54. * {@inheritdoc}
  55. */
  56. public function init()
  57. {
  58. parent::init();
  59. if ($this->modelClass === null) {
  60. throw new InvalidConfigException('The "modelClass" property must be set.');
  61. }
  62. }
  63. /**
  64. * {@inheritdoc}
  65. */
  66. public function actions()
  67. {
  68. return [
  69. 'index' => [
  70. 'class' => 'yii\rest\IndexAction',
  71. 'modelClass' => $this->modelClass,
  72. 'checkAccess' => [$this, 'checkAccess'],
  73. ],
  74. 'view' => [
  75. 'class' => 'yii\rest\ViewAction',
  76. 'modelClass' => $this->modelClass,
  77. 'checkAccess' => [$this, 'checkAccess'],
  78. ],
  79. 'create' => [
  80. 'class' => 'yii\rest\CreateAction',
  81. 'modelClass' => $this->modelClass,
  82. 'checkAccess' => [$this, 'checkAccess'],
  83. 'scenario' => $this->createScenario,
  84. ],
  85. 'update' => [
  86. 'class' => 'yii\rest\UpdateAction',
  87. 'modelClass' => $this->modelClass,
  88. 'checkAccess' => [$this, 'checkAccess'],
  89. 'scenario' => $this->updateScenario,
  90. ],
  91. 'delete' => [
  92. 'class' => 'yii\rest\DeleteAction',
  93. 'modelClass' => $this->modelClass,
  94. 'checkAccess' => [$this, 'checkAccess'],
  95. ],
  96. 'options' => [
  97. 'class' => 'yii\rest\OptionsAction',
  98. ],
  99. ];
  100. }
  101. /**
  102. * {@inheritdoc}
  103. */
  104. protected function verbs()
  105. {
  106. return [
  107. 'index' => ['GET', 'HEAD'],
  108. 'view' => ['GET', 'HEAD'],
  109. 'create' => ['POST'],
  110. 'update' => ['PUT', 'PATCH'],
  111. 'delete' => ['DELETE'],
  112. ];
  113. }
  114. /**
  115. * Checks the privilege of the current user.
  116. *
  117. * This method should be overridden to check whether the current user has the privilege
  118. * to run the specified action against the specified data model.
  119. * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
  120. *
  121. * @param string $action the ID of the action to be executed
  122. * @param object|null $model the model to be accessed. If null, it means no specific model is being accessed.
  123. * @param array $params additional parameters
  124. * @throws ForbiddenHttpException if the user does not have access
  125. */
  126. public function checkAccess($action, $model = null, $params = [])
  127. {
  128. }
  129. }