2014-08-23 13:31 阅读 61


He there,

I've been using the restfullyii extension for a while now, and everything is working great. (

I was just wondering if the following is possible:

  • Admin is allowed to do all REST.GET, REST.PUT, REST.POST and REST.DELETE
  • Normal users can only use the own defined ones in restEvents.

accessRules is looking like this:

public function accessRules()
    return array(
        array('allow', // allow admin user to perform 'admin' actions
            'actions'=>array('REST.GET', 'REST.PUT', 'REST.POST', 'REST.DELETE'),
        array('deny',  // deny all users

restEvents is looking like this:

public function restEvents()
    $this->onRest('req.get.special.render', function() {
        /// blabla code

I can't seem to find it in the documentation.

Thanks a lot!

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dssk35460 dssk35460 2014-08-27 17:58

    I figured it out with the following:

     * req.auth.uri
     * return true to allow access to a given uri / http verb;
     * false to deny access to a given uri / http verb;
     * @return (bool) default is true
    $this->onRest(req.auth.uri, function($uri, $verb) {
        return true;

    This will allow you to block/allow particular users in the controller. Just put it in the restEvents() method.

    点赞 评论 复制链接分享