You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.1 KiB
143 lines
4.1 KiB
11 years ago
|
<?php
|
||
|
/**
|
||
|
* @link http://www.yiiframework.com/
|
||
|
* @copyright Copyright (c) 2008 Yii Software LLC
|
||
|
* @license http://www.yiiframework.com/license/
|
||
|
*/
|
||
|
|
||
|
namespace yii\rest;
|
||
|
|
||
|
use yii\base\InvalidConfigException;
|
||
|
use yii\web\ForbiddenHttpException;
|
||
|
|
||
|
/**
|
||
|
* ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
|
||
|
*
|
||
|
* The class of the ActiveRecord should be specified via [[modelClass]], which must implement [[\yii\db\ActiveRecordInterface]].
|
||
|
* By default, the following actions are supported:
|
||
|
*
|
||
|
* - `index`: list of models
|
||
|
* - `view`: return the details of a model
|
||
|
* - `create`: create a new model
|
||
|
* - `update`: update an existing model
|
||
|
* - `delete`: delete an existing model
|
||
|
* - `options`: return the allowed HTTP methods
|
||
|
*
|
||
|
* You may disable some of these actions by overriding [[actions()]] and unsetting the corresponding actions.
|
||
|
*
|
||
|
* To add a new action, either override [[actions()]] by appending a new action class or write a new action method.
|
||
|
* Make sure you also override [[verbs()]] to properly declare what HTTP methods are allowed by the new action.
|
||
|
*
|
||
|
* You should usually override [[checkAccess()]] to check whether the current user has the privilege to perform
|
||
|
* the specified action against the specified model.
|
||
|
*
|
||
|
* @author Qiang Xue <qiang.xue@gmail.com>
|
||
|
* @since 2.0
|
||
|
*/
|
||
|
class ActiveController extends Controller
|
||
|
{
|
||
|
/**
|
||
|
* @var string the model class name. This property must be set.
|
||
|
*/
|
||
|
public $modelClass;
|
||
|
/**
|
||
|
* @var string the scenario used for updating a model.
|
||
|
* @see \yii\base\Model::scenarios()
|
||
|
*/
|
||
|
public $updateScenario = 'api-update';
|
||
|
/**
|
||
|
* @var string the scenario used for creating a model.
|
||
|
* @see \yii\base\Model::scenarios()
|
||
|
*/
|
||
|
public $createScenario = 'api-create';
|
||
|
/**
|
||
|
* @var boolean whether to use a DB transaction when creating, updating or deleting a model.
|
||
|
* This property is only useful for relational database.
|
||
|
*/
|
||
|
public $transactional = true;
|
||
|
|
||
|
|
||
|
/**
|
||
|
* @inheritdoc
|
||
|
*/
|
||
|
public function init()
|
||
|
{
|
||
|
parent::init();
|
||
|
if ($this->modelClass === null) {
|
||
|
throw new InvalidConfigException('The "modelClass" property must be set.');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @inheritdoc
|
||
|
*/
|
||
|
public function actions()
|
||
|
{
|
||
|
return [
|
||
|
'index' => [
|
||
|
'class' => 'yii\rest\IndexAction',
|
||
|
'modelClass' => $this->modelClass,
|
||
|
'checkAccess' => [$this, 'checkAccess'],
|
||
|
],
|
||
|
'view' => [
|
||
|
'class' => 'yii\rest\ViewAction',
|
||
|
'modelClass' => $this->modelClass,
|
||
|
'checkAccess' => [$this, 'checkAccess'],
|
||
|
],
|
||
|
'create' => [
|
||
|
'class' => 'yii\rest\CreateAction',
|
||
|
'modelClass' => $this->modelClass,
|
||
|
'checkAccess' => [$this, 'checkAccess'],
|
||
|
'scenario' => $this->createScenario,
|
||
|
'transactional' => $this->transactional,
|
||
|
],
|
||
|
'update' => [
|
||
|
'class' => 'yii\rest\UpdateAction',
|
||
|
'modelClass' => $this->modelClass,
|
||
|
'checkAccess' => [$this, 'checkAccess'],
|
||
|
'scenario' => $this->updateScenario,
|
||
|
'transactional' => $this->transactional,
|
||
|
],
|
||
|
'delete' => [
|
||
|
'class' => 'yii\rest\DeleteAction',
|
||
|
'modelClass' => $this->modelClass,
|
||
|
'checkAccess' => [$this, 'checkAccess'],
|
||
|
'transactional' => $this->transactional,
|
||
|
],
|
||
|
'options' => [
|
||
|
'class' => 'yii\rest\OptionsAction',
|
||
|
],
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* @inheritdoc
|
||
|
*/
|
||
|
protected function verbs()
|
||
|
{
|
||
|
return [
|
||
|
'index' => ['GET', 'HEAD'],
|
||
|
'view' => ['GET', 'HEAD'],
|
||
|
'create' => ['POST'],
|
||
|
'update' => ['PUT', 'PATCH'],
|
||
|
'delete' => ['DELETE'],
|
||
|
];
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Checks the privilege of the current user.
|
||
|
*
|
||
|
* This method should be overridden to check whether the current user has the privilege
|
||
|
* to run the specified action against the specified data model.
|
||
|
* If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
|
||
|
*
|
||
|
* @param \yii\base\Action $action the action to be executed
|
||
|
* @param \yii\base\Model $model the model to be accessed. If null, it means no specific model is being accessed.
|
||
|
* @param array $params additional parameters
|
||
|
* @throws ForbiddenHttpException if the user does not have access
|
||
|
*/
|
||
|
public function checkAccess($action, $model = null, $params = [])
|
||
|
{
|
||
|
}
|
||
|
}
|