How to disable authorization for certain actions (Yii2, rest api)?

A

Artem2016-03-07 12:43:26

Yii

Artem, 2016-03-07 12:43:26

I am writing an api in yii2 for an existing site and ran into such a problem.
We need to make some actions public (i.e. you don't need to go through authorization to get information).
Api wrote based on this data yiiframework.com
but did not find where authorization is disabled there.
Maybe someone faced such a problem? Tell me please!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Artem, 2016-03-08
@ArtemSV

public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => HttpBasicAuth::className(),
'optional' => ['index']
];
return $behaviors;
}
found the setting, optional - an array of actions that will be public is passed

A

Anton Natarov, 2016-03-07
@HanDroid

In your controller where you want to make the action public.

public function behaviors()
    {
        return [
            'access' => [
                'class' => AccessControl::className(),
                'only' => ['someActionOne', 'someActionTwo',],
                'rules' => [
                    [
                        'allow' => true,
                        'actions' => ['someActionOne', 'someActionTwo'],
                        'roles' => ['?'],
                    ],
                ],
            ],
        ];
    }

The question mark in rules indicates that any unauthorized user has access to the action. The @ symbol indicates that it will be available only to authorized users. If you don't have ACF in your behavior, they will be available on their own. All of the above is relevant if you do not have the RBAC role system implemented, otherwise, instead of characters, you will have to specify the role.
ACF is a filter, it works with both simple application and REST api. If I'm not mistaken )