Use BjyAuthorize with restful webservice

[ghost]

I'm finding a way to use this plugin with restful webservice but still don't know how. When I activate the plugin, the route configuration for restful webservice doesn't work anymore. I request the url, it returns html instead.

Looking forward to your reply @bjyoungblood

[bjyoungblood]

In order to do this, you would want to implement your own view strategy that does not render an HTML error page. The class in question is in UnauthorizedStrategy.php (modifying lines 132-140 will probably get you what you need).

When you create your own view strategy, you can modify the config to use yours instead of the default. See here.

[ghost]

Thanks for your quick answer, I will try to implement it too see if I come up with anything :)

[ghost]

I've tried to change the ViewModel but it seems that it still returns the application layout html in the response.

[Ocramius]

This is supported on controller routes now if you use the HTTP method as action in configuration.

[Ocramius]

@rhacker news on this one?

[nXqd]

@Ocramius Actually, I don't have much time atm so I've tried to implement something on my own and it goes well. But I will look into this plugin later to implement the acl :)

[Ocramius]

Closing then, since this was implemented in master

[nXqd]

Thanks @Ocramius , I haven't your last message clearly. I will try it today and see if it fits with my current application :D
@Ocramius Can you reference me to the commit :D

[localheinz]

@Ocramius

If using the Guard\Controller how would you be able to differentiate between

• GET /foo
• GET /foo/{id}

I'm not so sure at the moment how to implement this using BjyAuthorize. Should I use both Guard\Controller and Guard\Route?

[Ocramius]

@localheinz good point. I didn't think about this use case, and that's mainly because I have different controllers for /foo (collection) and /foo/{id}, which are different resources.

I guess it is a limitation for now.

[localheinz]

@Ocramius

Actually, that's not even that bad an idea! Thanks.

It may seem like a workaround and it may even duplicate some code in the factory layer (because a collection controller might have similar dependencies), but it actually fits the single responsibility principle.

[fiWhy]

When i try to get access by POST method i catch an forbidden 403 error. How to fix this?

[Ocramius]

@fiWhy unrelated.

[fiWhy]

I'm sorry. Wrong question. I'm trying to use module with rest api's methods. In case of using get or getList I have access, but when try to send data I catch a forbidden response. Correctly I asked create and update methods.

[Ocramius]

@fiWhy open a new issue with more detailed information to reproduce this, please :-\