Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 4 |
CRAP | |
0.00% |
0 / 30 |
| MeetingController | |
0.00% |
0 / 1 |
|
0.00% |
0 / 4 |
132.00 | |
0.00% |
0 / 30 |
| actions | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 6 |
|||
| prepareDataProvider | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 8 |
|||
| findParticipantModelByUserId | |
0.00% |
0 / 1 |
12.00 | |
0.00% |
0 / 10 |
|||
| checkAccess | |
0.00% |
0 / 1 |
42.00 | |
0.00% |
0 / 6 |
|||
| <?php | |
| namespace api\modules\v1\controllers; | |
| use Yii; | |
| use common\models\Participant; | |
| use yii\data\ActiveDataProvider; | |
| use yii\rest\ActiveController; | |
| use yii\web\ForbiddenHttpException; | |
| use yii\web\NotFoundHttpException; | |
| /** | |
| * MeetingController implements the RESTful CRUD actions for Meeting resource. | |
| */ | |
| class MeetingController extends ActiveController | |
| { | |
| public $modelClass = 'api\modules\v1\models\MeetingResource'; | |
| /** | |
| * @inheritdoc | |
| */ | |
| public function actions() | |
| { | |
| $actions = parent::actions(); | |
| // disable the "create", "update" and "delete" actions | |
| unset($actions['create'], $actions['update'], $actions['delete']); | |
| // customize the data provider preparation with the "prepareDataProvider()" method | |
| $actions['index']['prepareDataProvider'] = [$this, 'prepareDataProvider']; | |
| return $actions; | |
| } | |
| /** | |
| * Prepares the data provider that should return the requested collection of the models. | |
| * @return ActiveDataProvider | |
| */ | |
| public function prepareDataProvider() | |
| { | |
| /* @var $modelClass \yii\db\BaseActiveRecord */ | |
| $modelClass = $this->modelClass; | |
| $participant = $this->findParticipantModelByUserId(); | |
| return Yii::createObject([ | |
| 'class' => ActiveDataProvider::className(), | |
| 'query' => $modelClass::find()->isHostOrGuestFilter($participant->id), | |
| ]); | |
| } | |
| /** | |
| * Finds the Organization model based on its primary key value. | |
| * If the model is not found, a 404 HTTP exception will be thrown. | |
| * @param integer $id | |
| * @return Organization the loaded model | |
| * @throws NotFoundHttpException if the model cannot be found | |
| */ | |
| protected function findParticipantModelByUserId($user_id = null) | |
| { | |
| if ($user_id === null) { | |
| $user_id = Yii::$app->user->id; | |
| } | |
| if (($model = Participant::findOne(['user_id' => $user_id])) !== null) { | |
| return $model; | |
| } else { | |
| throw new NotFoundHttpException('The requested page does not exist.'); | |
| } | |
| } | |
| /** | |
| * Checks the privilege of the current user. | |
| * | |
| * This method should be overridden to check whether the current user has the privilege | |
| * to run the specified action against the specified data model. | |
| * If the user does not have access, a [[ForbiddenHttpException]] should be thrown. | |
| * | |
| * @param string $action the ID of the action to be executed | |
| * @param \yii\base\Model $model the model to be accessed. If `null`, it means no specific model is being accessed. | |
| * @param array $params additional parameters | |
| * @throws ForbiddenHttpException if the user does not have access | |
| */ | |
| public function checkAccess($action, $model = null, $params = []) | |
| { | |
| // check if the user can access $action and $model | |
| // throw ForbiddenHttpException if access should be denied | |
| if ($action === 'view' || $action === 'update' || $action === 'delete') { | |
| if (($model->guestParticipant->user->id !== \Yii::$app->user->id) && ($model->hostParticipant->user->id !== \Yii::$app->user->id)) | |
| throw new ForbiddenHttpException(sprintf('You can only %s meetings that you participate.', $action)); | |
| } | |
| } | |
| } |