Comments (3)
Of course you can fairly easily do this by just grabbing the events associated with your route(s) and doing whatever authorization check you would like to do. You can also use the post.filter.req.auth.user & post.filter.req.auth.ajax.user and again checking the route and applying your custom logic.
That said I could imagine a system where by an auth event is thrown for a given route when that route is requested. Something like:
$this->emitRest('filter.req.route', ['route'=>$route]);
Again you could simply do this yourself by emitting this event in your post.filter(s) and then catching it and applying your custom logic.
Do you have a better solution in mind or can you provide some pseudo code, so I can see how you image it working because I think you might be on to something.
from restfullyii.
I was thinking something along the lines of your event example or through configuration
For example, using CAccessControlFilter as an example:
array(
'allow',
'verb' => array('GET')
'route' => array('/user/', '/user/< id >', '/user/custom'),
//not sure how to differentiate between /user/ and /user/< id>, maybe we can use the actionTypes you have defined, //i.e. resources vs resource and only allow strings for 'custom' routes.
then any combination of the following...
'user' => ...
'ip' => ...
'expression' => ...
'roles' => ...
Then I'm trying to figure out a way to incorporate HMAC verification into the auth control. Right now I do a check for REST.GET in req.auth.user, If it is a REST.GET then calculate HMAC, if not, I need to wait until req.data.read then perform it including the POST body.
from restfullyii.
Checkout the docs there is now an new event "req.auth.uri" and it gets two params $uri & $verb. You can hook this event and apply whatever route based auth you would like. Return "true" to allow and false to deny.
from restfullyii.
Related Issues (20)
- Usage without urlFormat = 'path' HOT 2
- Yii2 HOT 1
- slug for requesting resources
- LoadBalancer on Amazon Web Services causing "Unauthorized" message in Restful Yii HOT 2
- Filter is not working by case insensitive HOT 1
- Documentation HOT 1
- fig
- Error 404 Unable to resolve the request "api/series" HOT 1
- Many to many Relationship HOT 3
- Can i login by AJAX? HOT 4
- PHP Error on processing nullable relation data (PUT, POST)
- How to pass params
- Multiple model save with relation HAS_MANY HOT 5
- support for yii 2.0+? HOT 1
- del
- Error is thrown when overriding model attributes with request's parameters HOT 5
- Sub-Resources on HAS_ONE or HAS_MANY not working HOT 2
- feature request: ability to pass callable to onRest HOT 1
- API requests rate limit HOT 2
- Filter model in a custom request HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from restfullyii.