doukenqiong0588 2015-03-23 11:38
浏览 51
已采纳

将REST API中的CRUD限制为所有者

My api has this routes defined:

GET test.com/api/v1/users
POST test.com/api/v1/users
PUT test.com/api/v1/users/{id}
GET test.com/api/v1/users/{id}
DELETE test.com/api/v1/users/{id}

Also, i'm using OAuth2 Password authentication so these resources are only available once authenticated.

My point is.. keeping RESTFULL API principles, how should I aproach limiting PUT AND DELETE methods to the actual resource owner?

Basically I don't want anybody except the owner to be able to edit his information.

  • 写回答

2条回答 默认 最新

  • dq05304 2015-03-23 12:24
    关注

    You have implemented the authentication part of your system, meaning your application knows who the users are. Now you need to devise an authorization sub-system, meaning what your users have access to.

    As your question is tagged PHP and Laravel, a quick Google search for laravel authorization brings results such as this:

    https://github.com/machuga/authority-l4

    or

    http://laravel.io/forum/02-03-2014-authority-controller-authorization-library-cancan-port

    This should be a good starting point.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探