Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 19 |
| MessageController | |
0.00% |
0 / 1 |
|
0.00% |
0 / 3 |
56.00 | |
0.00% |
0 / 19 |
| actions | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 6 |
|||
| prepareDataProvider | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 7 |
|||
| checkAccess | |
0.00% |
0 / 1 |
30.00 | |
0.00% |
0 / 6 |
|||
| <?php | |
| namespace api\modules\v1\controllers; | |
| use Yii; | |
| use yii\data\ActiveDataProvider; | |
| use yii\rest\ActiveController; | |
| use yii\web\ForbiddenHttpException; | |
| /** | |
| * MessageController implements the RESTful CRUD actions for Message resource. | |
| */ | |
| class MessageController extends ActiveController | |
| { | |
| public $modelClass = 'api\modules\v1\models\MessageResource'; | |
| /** | |
| * @inheritdoc | |
| */ | |
| public function actions() | |
| { | |
| $actions = parent::actions(); | |
| // disable the "create", "update" and "delete" actions | |
| unset($actions['create'], $actions['update'], $actions['delete']); | |
| // customize the data provider preparation with the "prepareDataProvider()" method | |
| $actions['index']['prepareDataProvider'] = [$this, 'prepareDataProvider']; | |
| return $actions; | |
| } | |
| /** | |
| * Prepares the data provider that should return the requested collection of the models. | |
| * @return ActiveDataProvider | |
| */ | |
| public function prepareDataProvider() | |
| { | |
| /* @var $modelClass \yii\db\BaseActiveRecord */ | |
| $modelClass = $this->modelClass; | |
| return Yii::createObject([ | |
| 'class' => ActiveDataProvider::className(), | |
| 'query' => $modelClass::find()->where(['reciver_user_id' => Yii::$app->user->id]), | |
| ]); | |
| } | |
| /** | |
| * Checks the privilege of the current user. | |
| * | |
| * This method should be overridden to check whether the current user has the privilege | |
| * to run the specified action against the specified data model. | |
| * If the user does not have access, a [[ForbiddenHttpException]] should be thrown. | |
| * | |
| * @param string $action the ID of the action to be executed | |
| * @param \yii\base\Model $model the model to be accessed. If `null`, it means no specific model is being accessed. | |
| * @param array $params additional parameters | |
| * @throws ForbiddenHttpException if the user does not have access | |
| */ | |
| public function checkAccess($action, $model = null, $params = []) | |
| { | |
| // check if the user can access $action and $model | |
| // throw ForbiddenHttpException if access should be denied | |
| if ($action === 'view' || $action === 'update' || $action === 'delete') { | |
| if ($model->reciver_user_id !== \Yii::$app->user->id) | |
| throw new ForbiddenHttpException(sprintf('You can only %s messages that you recived.', $action)); | |
| } | |
| } | |
| } |