rest WIP

framework/rest/ActiveController.php

@@ -9,7 +9,6 @@ namespace yii\rest;
 
 use yii\base\InvalidConfigException;
 use yii\base\Model;
-use yii\web\ForbiddenHttpException;
 
 /**
  * ActiveController implements a common set of actions for supporting RESTful access to ActiveRecord.
@@ -124,20 +123,4 @@ class ActiveController extends Controller
 			'delete' => ['DELETE'],
 		];
 	}
-
-	/**
-	 * Checks the privilege of the current user.
-	 *
-	 * This method should be overridden to check whether the current user has the privilege
-	 * to run the specified action against the specified data model.
-	 * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
-	 *
-	 * @param \yii\base\Action $action the action to be executed
-	 * @param \yii\base\Model $model the model to be accessed. If null, it means no specific model is being accessed.
-	 * @param array $params additional parameters
-	 * @throws ForbiddenHttpException if the user does not have access
-	 */
-	public function checkAccess($action, $model = null, $params = [])
-	{
-	}
 }

framework/rest/Controller.php

@@ -14,6 +14,7 @@ use yii\web\UnauthorizedHttpException;
 use yii\web\UnsupportedMediaTypeHttpException;
 use yii\web\TooManyRequestsHttpException;
 use yii\web\VerbFilter;
+use yii\web\ForbiddenHttpException;
 
 /**
  * Controller is the base class for RESTful API controller classes.
@@ -227,4 +228,20 @@ class Controller extends \yii\web\Controller
 	{
 		return Yii::createObject($this->serializer)->serialize($data);
 	}
+
+	/**
+	 * Checks the privilege of the current user.
+	 *
+	 * This method should be overridden to check whether the current user has the privilege
+	 * to run the specified action against the specified data model.
+	 * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
+	 *
+	 * @param string $action the ID of the action to be executed
+	 * @param object $model the model to be accessed. If null, it means no specific model is being accessed.
+	 * @param array $params additional parameters
+	 * @throws ForbiddenHttpException if the user does not have access
+	 */
+	public function checkAccess($action, $model = null, $params = [])
+	{
+	}
 }

framework/rest/CreateAction.php

@@ -41,7 +41,7 @@ class CreateAction extends Action
 	public function run()
 	{
 		if ($this->checkAccess) {
-			call_user_func($this->checkAccess, $this);
+			call_user_func($this->checkAccess, $this->id);
 		}
 
 		/**

framework/rest/DeleteAction.php

@@ -32,7 +32,7 @@ class DeleteAction extends Action
 		$model = $this->findModel($id);
 
 		if ($this->checkAccess) {
-			call_user_func($this->checkAccess, $this, $model);
+			call_user_func($this->checkAccess, $this->id, $model);
 		}
 
 		if ($this->transactional && $model instanceof ActiveRecord) {

framework/rest/IndexAction.php

@@ -38,7 +38,7 @@ class IndexAction extends Action
 	public function run()
 	{
 		if ($this->checkAccess) {
-			call_user_func($this->checkAccess, $this);
+			call_user_func($this->checkAccess, $this->id);
 		}
 
 		return $this->prepareDataProvider();

framework/rest/UpdateAction.php

@@ -41,7 +41,7 @@ class UpdateAction extends Action
 		$model = $this->findModel($id);
 
 		if ($this->checkAccess) {
-			call_user_func($this->checkAccess, $this, $model);
+			call_user_func($this->checkAccess, $this->id, $model);
 		}
 
 		$model->scenario = $this->scenario;

framework/rest/UrlRule.php

@@ -93,6 +93,12 @@ class UrlRule extends CompositeUrlRule
 	 */
 	public $except = [];
 	/**
+	 * @var array patterns for supporting extra actions in addition to those listed in [[patterns]].
+	 * The keys are the patterns and the values are the corresponding action IDs.
+	 * These extra patterns will take precedence over [[patterns]].
+	 */
+	public $extra = [];
+	/**
 	 * @var array list of tokens that should be replaced for each pattern. The keys are the token names,
 	 * and the values are the corresponding replacements.
 	 * @see patterns
@@ -117,9 +123,19 @@ class UrlRule extends CompositeUrlRule
 		'{id}' => 'options',
 		'' => 'options',
 	];
+	/**
+	 * @var array the default configuration for creating each URL rule contained by this rule.
+	 */
 	public $ruleConfig = [
 		'class' => 'yii\web\UrlRule',
 	];
+	/**
+	 * @var boolean whether to automatically pluralize the URL names for controllers.
+	 * If true, a controller ID will appear in plural form in URLs. For example, `user` controller
+	 * will appear as `users` in URLs.
+	 * @see controllers
+	 */
+	public $pluralize = true;
 
 
 	/**
@@ -134,7 +150,7 @@ class UrlRule extends CompositeUrlRule
 		$controllers = [];
 		foreach ((array)$this->controller as $urlName => $controller) {
 			if (is_integer($urlName)) {
-				$urlName = Inflector::pluralize($controller);
+				$urlName = $this->pluralize ? Inflector::pluralize($controller) : $controller;
 			}
 			$controllers[$urlName] = $controller;
 		}
@@ -152,10 +168,11 @@ class UrlRule extends CompositeUrlRule
 	{
 		$only = array_flip($this->only);
 		$except = array_flip($this->except);
+		$patterns = array_merge($this->patterns, $this->extra);
 		$rules = [];
 		foreach ($this->controller as $urlName => $controller) {
 			$prefix = trim($this->prefix . '/' . $urlName, '/');
-			foreach ($this->patterns as $pattern => $action) {
+			foreach ($patterns as $pattern => $action) {
 				if (!isset($except[$action]) && (empty($only) || isset($only[$action]))) {
 					$rules[$urlName][] = $this->createRule($pattern, $prefix, $controller . '/' . $action);
 				}

framework/rest/ViewAction.php

@@ -26,7 +26,7 @@ class ViewAction extends Action
 	{
 		$model = $this->findModel($id);
 		if ($this->checkAccess) {
-			call_user_func($this->checkAccess, $this, $model);
+			call_user_func($this->checkAccess, $this->id, $model);
 		}
 		return $model;
 	}