123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137 |
- <?php
- /**
- * @link https://www.yiiframework.com/
- * @copyright Copyright (c) 2008 Yii Software LLC
- * @license https://www.yiiframework.com/license/
- */
- namespace yii\rest;
- use yii\base\InvalidConfigException;
- use yii\base\Model;
- use yii\web\ForbiddenHttpException;
- /**
- * ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
- *
- * The class of the ActiveRecord should be specified via [[modelClass]], which must implement [[\yii\db\ActiveRecordInterface]].
- * By default, the following actions are supported:
- *
- * - `index`: list of models
- * - `view`: return the details of a model
- * - `create`: create a new model
- * - `update`: update an existing model
- * - `delete`: delete an existing model
- * - `options`: return the allowed HTTP methods
- *
- * You may disable some of these actions by overriding [[actions()]] and unsetting the corresponding actions.
- *
- * To add a new action, either override [[actions()]] by appending a new action class or write a new action method.
- * Make sure you also override [[verbs()]] to properly declare what HTTP methods are allowed by the new action.
- *
- * You should usually override [[checkAccess()]] to check whether the current user has the privilege to perform
- * the specified action against the specified model.
- *
- * For more details and usage information on ActiveController, see the [guide article on rest controllers](guide:rest-controllers).
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @since 2.0
- */
- class ActiveController extends Controller
- {
- /**
- * @var string the model class name. This property must be set.
- */
- public $modelClass;
- /**
- * @var string the scenario used for updating a model.
- * @see \yii\base\Model::scenarios()
- */
- public $updateScenario = Model::SCENARIO_DEFAULT;
- /**
- * @var string the scenario used for creating a model.
- * @see \yii\base\Model::scenarios()
- */
- public $createScenario = Model::SCENARIO_DEFAULT;
- /**
- * {@inheritdoc}
- */
- public function init()
- {
- parent::init();
- if ($this->modelClass === null) {
- throw new InvalidConfigException('The "modelClass" property must be set.');
- }
- }
- /**
- * {@inheritdoc}
- */
- public function actions()
- {
- return [
- 'index' => [
- 'class' => 'yii\rest\IndexAction',
- 'modelClass' => $this->modelClass,
- 'checkAccess' => [$this, 'checkAccess'],
- ],
- 'view' => [
- 'class' => 'yii\rest\ViewAction',
- 'modelClass' => $this->modelClass,
- 'checkAccess' => [$this, 'checkAccess'],
- ],
- 'create' => [
- 'class' => 'yii\rest\CreateAction',
- 'modelClass' => $this->modelClass,
- 'checkAccess' => [$this, 'checkAccess'],
- 'scenario' => $this->createScenario,
- ],
- 'update' => [
- 'class' => 'yii\rest\UpdateAction',
- 'modelClass' => $this->modelClass,
- 'checkAccess' => [$this, 'checkAccess'],
- 'scenario' => $this->updateScenario,
- ],
- 'delete' => [
- 'class' => 'yii\rest\DeleteAction',
- 'modelClass' => $this->modelClass,
- 'checkAccess' => [$this, 'checkAccess'],
- ],
- 'options' => [
- 'class' => 'yii\rest\OptionsAction',
- ],
- ];
- }
- /**
- * {@inheritdoc}
- */
- protected function verbs()
- {
- return [
- 'index' => ['GET', 'HEAD'],
- 'view' => ['GET', 'HEAD'],
- 'create' => ['POST'],
- 'update' => ['PUT', 'PATCH'],
- 'delete' => ['DELETE'],
- ];
- }
- /**
- * Checks the privilege of the current user.
- *
- * This method should be overridden to check whether the current user has the privilege
- * to run the specified action against the specified data model.
- * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
- *
- * @param string $action the ID of the action to be executed
- * @param object|null $model the model to be accessed. If null, it means no specific model is being accessed.
- * @param array $params additional parameters
- * @throws ForbiddenHttpException if the user does not have access
- */
- public function checkAccess($action, $model = null, $params = [])
- {
- }
- }
|