Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 11 |
| TableController | |
0.00% |
0 / 1 |
|
0.00% |
0 / 2 |
30.00 | |
0.00% |
0 / 11 |
| actions | |
0.00% |
0 / 1 |
2.00 | |
0.00% |
0 / 5 |
|||
| checkAccess | |
0.00% |
0 / 1 |
20.00 | |
0.00% |
0 / 6 |
|||
| <?php | |
| namespace api\modules\v1\controllers; | |
| use yii\rest\ActiveController; | |
| use yii\web\ForbiddenHttpException; | |
| /** | |
| * TableController implements the RESTful CRUD actions for Table resource. | |
| */ | |
| class TableController extends ActiveController | |
| { | |
| public $modelClass = 'api\modules\v1\models\TableResource'; | |
| /** | |
| * @inheritdoc | |
| */ | |
| public function actions() | |
| { | |
| $actions = parent::actions(); | |
| // disable the "create", "update" and "delete" actions | |
| unset($actions['create'], $actions['update'], $actions['delete']); | |
| return $actions; | |
| } | |
| /** | |
| * Checks the privilege of the current user. | |
| * | |
| * This method should be overridden to check whether the current user has the privilege | |
| * to run the specified action against the specified data model. | |
| * If the user does not have access, a [[ForbiddenHttpException]] should be thrown. | |
| * | |
| * @param string $action the ID of the action to be executed | |
| * @param \yii\base\Model $model the model to be accessed. If `null`, it means no specific model is being accessed. | |
| * @param array $params additional parameters | |
| * @throws ForbiddenHttpException if the user does not have access | |
| */ | |
| public function checkAccess($action, $model = null, $params = []) | |
| { | |
| // check if the user can access $action and $model | |
| // throw ForbiddenHttpException if access should be denied | |
| if ($action === 'update' || $action === 'delete') { | |
| if ($model->author_id !== \Yii::$app->user->id) | |
| throw new ForbiddenHttpException(sprintf('You can only %s articles that you\'ve created.', $action)); | |
| } | |
| } | |
| } |