Moved yii\rest\Controller::checkAccess() to ActiveController.

9b2fec6b · Qiang Xue · 17f4f420 · 9b2fec6b · 9b2fec6b
Commit 9b2fec6b authored May 16, 2014 by Qiang Xue
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 17 deletions

ActiveController.php framework/rest/ActiveController.php +17 -0

Controller.php framework/rest/Controller.php +0 -17

No files found.
--- a/framework/rest/ActiveController.php
+++ b/framework/rest/ActiveController.php
@@ -9,6 +9,7 @@ namespace yii\rest;

 use yii\base\InvalidConfigException;
 use yii\base\Model;
+use yii\web\ForbiddenHttpException;

 /**
 * ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
@@ -114,4 +115,20 @@ class ActiveController extends Controller
            'delete' => ['DELETE'],
        ];
    }
+
+    /**
+     * Checks the privilege of the current user.
+     *
+     * This method should be overridden to check whether the current user has the privilege
+     * to run the specified action against the specified data model.
+     * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
+     *
+     * @param string $action the ID of the action to be executed
+     * @param object $model the model to be accessed. If null, it means no specific model is being accessed.
+     * @param array $params additional parameters
+     * @throws ForbiddenHttpException if the user does not have access
+     */
+    public function checkAccess($action, $model = null, $params = [])
+    {
+    }
 }
--- a/framework/rest/Controller.php
+++ b/framework/rest/Controller.php
@@ -13,7 +13,6 @@ use yii\filters\ContentNegotiator;
 use yii\filters\RateLimiter;
 use yii\web\Response;
 use yii\filters\VerbFilter;
-use yii\web\ForbiddenHttpException;

 /**
 * Controller is the base class for RESTful API controller classes.
@@ -97,20 +96,4 @@ class Controller extends \yii\web\Controller
    {
        return Yii::createObject($this->serializer)->serialize($data);
    }
-
-    /**
-     * Checks the privilege of the current user.
-     *
-     * This method should be overridden to check whether the current user has the privilege
-     * to run the specified action against the specified data model.
-     * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
-     *
-     * @param string $action the ID of the action to be executed
-     * @param object $model the model to be accessed. If null, it means no specific model is being accessed.
-     * @param array $params additional parameters
-     * @throws ForbiddenHttpException if the user does not have access
-     */
-    public function checkAccess($action, $model = null, $params = [])
-    {
-    }
 }