RESTfulAPI::api_access_control PHP 메소드

RESTfulAPI 1 문서 Usage Examples Of RESTfulAPI::api_access_control 파일 보기 프로젝트 열기: colymba/silverstripe-restfulapi

api_access_control() 공개 정적인 메소드

- 1st config check - 2nd permission check if config access passes

public static api_access_control ( string \| DataObject $model, string $httpMethod = 'GET' ) : boolean
$model	string \| DataObject	Model's classname or DataObject
$httpMethod	string	API request HTTP method
리턴	boolean	true if access is granted, false otherwise

    public static function api_access_control($model, $httpMethod = 'GET')
    {
        $policy = self::config()->access_control_policy;
        if ($policy === false) {
            return true;
        } else {
            $policy = constant('self::' . $policy);
        }
        if ($policy === self::ACL_CHECK_MODEL_ONLY) {
            $access = true;
        } else {
            $access = false;
        }
        if ($policy === self::ACL_CHECK_CONFIG_ONLY || $policy === self::ACL_CHECK_CONFIG_AND_MODEL) {
            if (!is_string($model)) {
                $className = $model->className;
            } else {
                $className = $model;
            }
            $access = self::api_access_config_check($className, $httpMethod);
        }
        if ($policy === self::ACL_CHECK_MODEL_ONLY || $policy === self::ACL_CHECK_CONFIG_AND_MODEL) {
            if ($access) {
                $access = self::model_permission_check($model, $httpMethod);
            }
        }
        return $access;
    }

Usage Example

예제 #1

파일 보기

파일: RESTfulAPI_Test.php 프로젝트: helpfulrobot/colymba-silverstripe-restfulapi

 /**
  * Checks that api access config check works
  */
 public function testDataObjectAPIEnaled()
 {
     Config::inst()->update('RESTfulAPI', 'access_control_policy', 'ACL_CHECK_CONFIG_ONLY');
     // ----------------
     // Method Calls
     // Disabled by default
     $enabled = RESTfulAPI::api_access_control('ApiTest_Author');
     $this->assertFalse($enabled, 'Access control should return FALSE by default');
     // Enabled
     Config::inst()->update('ApiTest_Author', 'api_access', true);
     $enabled = RESTfulAPI::api_access_control('ApiTest_Author');
     $this->assertTrue($enabled, 'Access control should return TRUE when api_access is enbaled');
     // Method specific
     Config::inst()->update('ApiTest_Author', 'api_access', 'GET,POST');
     $enabled = RESTfulAPI::api_access_control('ApiTest_Author');
     $this->assertTrue($enabled, 'Access control should return TRUE when api_access is enbaled with default GET method');
     $enabled = RESTfulAPI::api_access_control('ApiTest_Author', 'POST');
     $this->assertTrue($enabled, 'Access control should return TRUE when api_access match HTTP method');
     $enabled = RESTfulAPI::api_access_control('ApiTest_Author', 'PUT');
     $this->assertFalse($enabled, 'Access control should return FALSE when api_access does not match method');
     // ----------------
     // API Calls
     /*
     // Access authorised
     $response = Director::test('api/ApiTest_Author/1', null, null, 'GET'); 
     $this->assertEquals(
       $response->getStatusCode(),
       200
     );
     
     // Access denied
     Config::inst()->update('ApiTest_Author', 'api_access', false);
     $response = Director::test('api/ApiTest_Author/1', null, null, 'GET');
     $this->assertEquals(
       $response->getStatusCode(),
       403
     );
     
     // Access denied
     Config::inst()->update('ApiTest_Author', 'api_access', 'POST');
     $response = Director::test('api/ApiTest_Author/1', null, null, 'GET');
     $this->assertEquals(
       $response->getStatusCode(),
       403
     );
     */
 }

All Usage Examples Of RESTfulAPI::api_access_control

RESTfulAPI

__construct

acl

answer

api_access_config_check

api_access_control

auth

error

getqueryHandler

getserializer

index

init

model_permission_check

setAnswerCORS