-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REST: limit fields list for index and view actions #7098
Comments
what do you mean by restrict? |
Model has |
i probably would just deal with the model to do this, override the public function toArray(array $fields = [], array $expand = [], $recursive = true)
{
if (empty($fields)) {
$fields = ['username', 'id'];
}
return parent::toArray($fields, $expand, $recursive);
} this would work for me because i have models for my |
if not, i suppose your solution about |
My idea is to make it easier than extending each model for API. BTW, you can do the same by overriding model's |
yeah i guess class UserController extends ActiveController
{
public $serializer = [
'class' => 'api\\Serializer',
'defaultFields' => ['id', 'name']
];
... |
Also these new action properties can accept a callback to set different fields arrays according to API user. Then you can do it like this: public function actions()
{
$actions = parent::actions();
$actions['view']['defaultFields'] = function () {
if (Yii::$app->user->identity->username == 'testuser') {
return ['attr1', 'attr2', 'attr3'];
}
return null;
};
return $actions;
} |
You can set different arrays for different actions, so it could be better to use properties of |
but from an API user's perspective it wouldn't make sense to them if something is a |
|
I suggest to not overcomplicate things and not add ANY excess methods to framework. If you need restrictions make it standart way. Standart way in that case 1) using scenarios, 2) have base model and 2 children models with different |
Can you show how can I use scenarios in |
(new MyModel(['scenario' => 'index']))->find()->all(); |
@RomeroMsk In case of You can achive what you want by providing |
It doesn't work like this... |
@RomeroMsk Yes, seems you can't manipulate scenarios of received models. Ok, than go subclassing way. Base model + 2 children models with different |
@RomeroMsk On other side there is another scenarios way. You can provide |
Using subclassing of models - is the best way (without enhancing rest classes). But I think that limiting fields list for API is common use case, and we can make it a feature of Yii2 REST. |
@RomeroMsk There is scenarios way with just different implementation (as i shown in my message above). So 2 ways without any additional core code. |
@RomeroMsk But to be honest i do not like |
There are many features of framework which could be implemented by other ways (subclassing etc). But when it is common case, why not add new feature which can help to not write much code? :) |
Yes, I thought about |
@RomeroMsk Lets think from that way. This will lead us to thinking around Serializer enhancements and probably will give more clean solution than mess new methods into |
@RomeroMsk Seems everything is obvious now... We need |
For example i want that my |
My arguments for dealing with rest classes: |
funny enough, it seems that i had the need of something like this |
Any thoughts from core devs? |
Upvote, I need this feature. |
I'm using this solution for now:
So, my changes to framework code are minimal: only in |
There is much more better solution called P.S. Working on it. PR will be little later. |
@creocoder look forward on that one, |
this is my solution for this problems, using Yii::$app()
hope works for you 👯 |
Thanks @blacksesion. It helps me. |
This is my solution: app\components\Serializer
app\modules\v1\controllers\CustomerController
OR
|
|
You've forgotten about events
and inside of ActiveRecord (Thing in my case) check the scenario in fields() method
Check my answer in stackoverflow |
I'm using
yii\rest\ActiveController
and want to limit list of resource fields returned byindex
andview
actions. I can useyii\rest\ViewAction::$findModel
to setscenario
of found model - it can help to restrict fields forview
, but forindex
it is not so easy.Why not add something like
defaultFields
(anddeafultExtraFields
) property to these actions and pass it toyii\rest\Serializer::getRequestedFields()
to intersect with arrays from $_GET? NamedefaultFields
is not good for restriction, but you can suggest another names.The text was updated successfully, but these errors were encountered: