|
|
|
<?php
|
|
|
|
/**
|
|
|
|
* @link http://www.yiiframework.com/
|
|
|
|
* @copyright Copyright (c) 2008 Yii Software LLC
|
|
|
|
* @license http://www.yiiframework.com/license/
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace yii\rest;
|
|
|
|
|
|
|
|
use Yii;
|
|
|
|
use yii\filters\auth\CompositeAuth;
|
|
|
|
use yii\filters\ContentNegotiator;
|
|
|
|
use yii\filters\RateLimiter;
|
|
|
|
use yii\web\Response;
|
|
|
|
use yii\web\UnsupportedMediaTypeHttpException;
|
|
|
|
use yii\filters\VerbFilter;
|
|
|
|
use yii\web\ForbiddenHttpException;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Controller is the base class for RESTful API controller classes.
|
|
|
|
*
|
|
|
|
* Controller implements the following steps in a RESTful API request handling cycle:
|
|
|
|
*
|
|
|
|
* 1. Resolving response format (see [[ContentNegotiator]]);
|
|
|
|
* 2. Validating request method (see [[verbs()]]).
|
|
|
|
* 3. Authenticating user (see [[\yii\filters\auth\AuthInterface]]);
|
|
|
|
* 4. Rate limiting (see [[RateLimiter]]);
|
|
|
|
* 5. Formatting response data (see [[serializeData()]]).
|
|
|
|
*
|
|
|
|
* @author Qiang Xue <qiang.xue@gmail.com>
|
|
|
|
* @since 2.0
|
|
|
|
*/
|
|
|
|
class Controller extends \yii\web\Controller
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* @var string|array the configuration for creating the serializer that formats the response data.
|
|
|
|
*/
|
|
|
|
public $serializer = 'yii\rest\Serializer';
|
|
|
|
/**
|
|
|
|
* @inheritdoc
|
|
|
|
*/
|
|
|
|
public $enableCsrfValidation = false;
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @inheritdoc
|
|
|
|
*/
|
|
|
|
public function behaviors()
|
|
|
|
{
|
|
|
|
return [
|
|
|
|
'contentNegotiator' => [
|
|
|
|
'class' => ContentNegotiator::className(),
|
|
|
|
'formats' => [
|
|
|
|
'application/json' => Response::FORMAT_JSON,
|
|
|
|
'application/xml' => Response::FORMAT_XML,
|
|
|
|
],
|
|
|
|
],
|
|
|
|
'verbFilter' => [
|
|
|
|
'class' => VerbFilter::className(),
|
|
|
|
'actions' => $this->verbs(),
|
|
|
|
],
|
|
|
|
'authenticator' => [
|
|
|
|
'class' => CompositeAuth::className(),
|
|
|
|
],
|
|
|
|
'rateLimiter' => [
|
|
|
|
'class' => RateLimiter::className(),
|
|
|
|
],
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @inheritdoc
|
|
|
|
*/
|
|
|
|
public function afterAction($action, $result)
|
|
|
|
{
|
|
|
|
$result = parent::afterAction($action, $result);
|
|
|
|
return $this->serializeData($result);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Declares the allowed HTTP verbs.
|
|
|
|
* Please refer to [[VerbFilter::actions]] on how to declare the allowed verbs.
|
|
|
|
* @return array the allowed HTTP verbs.
|
|
|
|
*/
|
|
|
|
protected function verbs()
|
|
|
|
{
|
|
|
|
return [];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Serializes the specified data.
|
|
|
|
* The default implementation will create a serializer based on the configuration given by [[serializer]].
|
|
|
|
* It then uses the serializer to serialize the given data.
|
|
|
|
* @param mixed $data the data to be serialized
|
|
|
|
* @return mixed the serialized data.
|
|
|
|
*/
|
|
|
|
protected function serializeData($data)
|
|
|
|
{
|
|
|
|
return Yii::createObject($this->serializer)->serialize($data);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Checks the privilege of the current user.
|
|
|
|
*
|
|
|
|
* This method should be overridden to check whether the current user has the privilege
|
|
|
|
* to run the specified action against the specified data model.
|
|
|
|
* If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
|
|
|
|
*
|
|
|
|
* @param string $action the ID of the action to be executed
|
|
|
|
* @param object $model the model to be accessed. If null, it means no specific model is being accessed.
|
|
|
|
* @param array $params additional parameters
|
|
|
|
* @throws ForbiddenHttpException if the user does not have access
|
|
|
|
*/
|
|
|
|
public function checkAccess($action, $model = null, $params = [])
|
|
|
|
{
|
|
|
|
}
|
|
|
|
}
|