Last active
January 5, 2018 15:06
-
-
Save waqqas/7f773454b778bf1da63a to your computer and use it in GitHub Desktop.
API RBAC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public function checkApiAccess($model, $params = array()){ | |
$op = strtolower(substr($this->action->id, strpos($this->action->id, ".") + 1)); | |
if(is_object($model)) | |
$model = strtolower(get_class($model)); | |
$key = Yii::app()->getRequest()->getParam('apikey'); | |
return Yii::app()->apiAuthManager->checkAccess($op. "-" . $model, $key, $params); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class m150512_070256_create_api_rbac_tables extends CDbMigration | |
{ | |
public function safeUp() | |
{ | |
$this->createTable('{{auth_item}}', array( | |
'name' => 'varchar(64) not null', | |
'type' => 'integer not null', | |
'description' => 'text', | |
'bizrule' => 'text', | |
'data' => 'text', | |
'primary key (`name`)', | |
), 'ENGINE=InnoDB' | |
); | |
$this->createTable('{{auth_item_child}}', array( | |
'parent' => 'varchar(64) not null', | |
'child' => 'varchar(64) not null', | |
'primary key (`parent`,`child`)', | |
'foreign key (`parent`) references `{{auth_item}}` (`name`) on delete cascade on update cascade', | |
'foreign key (`child`) references `{{auth_item}}` (`name`) on delete cascade on update cascade' | |
), 'ENGINE=InnoDB' | |
); | |
$this->createTable('{{auth_assignment}}', array( | |
'itemname' => 'varchar(64) not null', | |
'userid' => 'varchar(64) not null', | |
'bizrule' => 'text', | |
'data' => 'text', | |
'primary key (`itemname`,`userid`)', | |
'foreign key (`itemname`) references `{{auth_item}}` (`name`) on delete cascade on update cascade' | |
), 'ENGINE=InnoDB' | |
); | |
} | |
public function safeDown() | |
{ | |
$this->dropTable('{{auth_assignment}}'); | |
$this->dropTable('{{auth_item_child}}'); | |
$this->dropTable('{{auth_item}}'); | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'apiAuthManager' => array( | |
'class' => 'CDbAuthManager', | |
'assignmentTable' => 'tbl_auth_assignment', | |
'itemChildTable' => 'tbl_auth_item_child', | |
'itemTable' => 'tbl_auth_item', | |
), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$this->onRest('model.count', function ($model) { | |
if (!$this->checkApiAccess($model)) | |
return 0; | |
return $model->count(); | |
}); | |
$this->onRest('model.find.all', function ($model) { | |
if (!$this->checkApiAccess($model)) | |
return array(); | |
return $model->findAll(); | |
}); | |
$this->onRest('model.find', function ($model, $id) { | |
if ($this->checkApiAccess($model)) | |
return $model->findByPk($id); | |
}); | |
$this->onRest('model.with.relations', function ($model) { | |
$nestedRelations = []; | |
foreach ($model->metadata->relations as $rel => $val) { | |
$className = $val->className; | |
if ($this->checkApiAccess(strtolower($className))) { | |
$rel_model = call_user_func([$className, 'model']); | |
if (!is_array($rel_model->tableSchema->primaryKey) && substr($rel, 0, 1) != '_') { | |
$nestedRelations[] = $rel; | |
} | |
} | |
} | |
return $nestedRelations; | |
}); | |
$this->onRest('req.is.subresource', function ($model, $subresource_name, $http_verb) { | |
if (!array_key_exists($subresource_name, $model->relations())) { | |
return false; | |
} | |
if(!$this->checkApiAccess($model->metadata->relations[$subresource_name]->className)) | |
return false; | |
return true; | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
An updated version of SeriesController.php here:
$this->onRest(ERestEvent::REQ_CORS_ACCESS_CONTROL_ALLOW_ORIGIN, function() {
return ApiHelper::GetAllowedOrigins();
});