Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access and Assignment issue with REST API #455

Open
biladina opened this issue Aug 8, 2021 · 0 comments
Open

Access and Assignment issue with REST API #455

biladina opened this issue Aug 8, 2021 · 0 comments

Comments

@biladina
Copy link

biladina commented Aug 8, 2021
edited
Loading

hi, I just created REST API and want to use yii2-admin as control for API access, is it possible to do it with this module??

I tried to add AccessControl component to API controller, it recognize the user is logged in, but not recognize the user assignment and keep showing me 403 response, even the user has right assignment for the URL..
but if I remove the access part from controller behavior, it works but no restriction to user assignment..

this is my config, main.php :

<?php
$params = array_merge(
    require __DIR__ . '/../../common/config/params.php',
    require __DIR__ . '/../../common/config/params-local.php',
    require __DIR__ . '/params.php'
);

return [
    'id' => 'app-api',
    'basePath' => dirname(__DIR__),
    'bootstrap' => ['log'],
    'modules' => [
        'v1' => [
            'basePath' => '@app/modules/v1',
            'class' => 'api\modules\v1\Module'
        ],
    ],
    'components' => [
        'authManager' => [
            'class' => 'yii\rbac\DbManager',
            'defaultRoles' => ['guest'],
        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'loginUrl' => null,
            'enableAutoLogin' => false,
            'enableSession' => false,
        ],
        'log' => [
            'targets' => [
                [
                    'class' => 'yii\log\FileTarget',
                    'levels' => ['error', 'warning'],
                ],
            ],
        ],
        'request' => [
            'parsers' => [
                'application/json' => 'yii\web\JsonParser',
            ]
        ],
        'urlManager' => [
            'enablePrettyUrl' => true,
            'showScriptName' => false,
            'rules' => [
                [
                    'pluralize' => false,
                    'class' => 'yii\rest\UrlRule',
                    'controller' => 'v1/data-satuan',
                ],
            ]
        ],
    ],

    'params' => $params,
];

this is index.php :

<?php

defined('YII_DEBUG') or define('YII_DEBUG', true);
defined('YII_ENV') or define('YII_ENV', 'dev');

require(__DIR__ . '/../../vendor/autoload.php');
require(__DIR__ . '/../../vendor/yiisoft/yii2/Yii.php');
require(__DIR__ . '/../../common/config/bootstrap.php');

$config = yii\helpers\ArrayHelper::merge(
    require(__DIR__ . '/../../common/config/main-local.php'),
    require(__DIR__ . '/../config/main.php'),
    require(__DIR__ . '/../config/main-local.php')
);

(new yii\web\Application($config))->run();

and this is the controller :

<?php
     
namespace api\modules\v1\controllers;

use Yii;
use yii\rest\ActiveController;
use yii\filters\Cors;
use yii\filters\VerbFilter;
use yii\filters\auth\HttpBearerAuth;
use mdm\admin\components\AccessControl;
 
/**
 * DataSatuan Controller API
 */
class DataSatuanController extends ActiveController
{
    public $modelClass = 'common\models\DataSatuan';

    public function behaviors()
    {
        $behaviors = parent::behaviors();
        
        $auth = $behaviors['authenticator'];
        $auth['authMethods'] = [
            HttpBearerAuth::class
        ];
        unset($behaviors['authenticator']);
        $behaviors['cors'] = [
            'class' => Cors::class
        ];
        $behaviors['authenticator'] = $auth;
        $behaviors['access'] = [
            'class' => AccessControl::className(),
        ];

        return $behaviors;
    }

    public function actions()
    {
        $actions = parent::actions();
        unset($actions['index']);
        return $actions;
    }

    public function actionIndex(){
        $activeData = new \yii\data\ActiveDataProvider([
            'query' => \common\models\DataSatuan::find(),
            // 'pagination' => false
            // 'pagination' => ['pageSize' => 0]
            // 'pagination' => ['defaultPageSize' => 40]
        ]);
        return $activeData;
    }
}

and this is the response from cURL :

{
    "name": "Forbidden",
    "message": "You are not allowed to perform this action.",
    "code": 0,
    "status": 403,
    "type": "yii\\web\\ForbiddenHttpException"
}

is there anything wrong or anything I can do to make this module work in REST API??
@biladina biladina changed the title Access issue with REST API Access and Assignment issue with REST API Aug 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@biladina