douyu9012
2014-08-23 13:31 阅读 61
已采纳

Yii:restfullyii在restEvents上的扩展accessRules

He there,

I've been using the restfullyii extension for a while now, and everything is working great. (http://www.yiiframework.com/extension/restfullyii/)

I was just wondering if the following is possible:

  • Admin is allowed to do all REST.GET, REST.PUT, REST.POST and REST.DELETE
  • Normal users can only use the own defined ones in restEvents.

accessRules is looking like this:

public function accessRules()
{
    return array(
        array('allow', 
            'actions'=>array('REST.GET.SPECIAL'),
            'users'=>array('@'),
        ),
        array('allow', // allow admin user to perform 'admin' actions
            'actions'=>array('REST.GET', 'REST.PUT', 'REST.POST', 'REST.DELETE'),
            'users'=>Yii::app()->getModule('user')->getAdmins(),
        ),
        array('deny',  // deny all users
            'users'=>array('*'),
        ),
    );
}

restEvents is looking like this:

public function restEvents()
{ 
    $this->onRest('req.get.special.render', function() {
        /// blabla code
    });
}

I can't seem to find it in the documentation.

Thanks a lot!

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dssk35460 dssk35460 2014-08-27 17:58

    I figured it out with the following:

     /**
     * req.auth.uri
     *
     * return true to allow access to a given uri / http verb;
     * false to deny access to a given uri / http verb;
     *
     * @return (bool) default is true
     */ 
    $this->onRest(req.auth.uri, function($uri, $verb) {
        return true;
    });
    

    This will allow you to block/allow particular users in the controller. Just put it in the restEvents() method.

    点赞 评论 复制链接分享