Regarding the configuration of access control, I know that there are many access control methods for yii2, but I don’t know which one is better. For a project, should I put these access controls in config/main.php for global configuration, or should I implement parentController and then implement control in the Controller, and other controllers should be based on this controller.
by config:
'bootstrap' => [
'log',
[
'class' => 'Forwzb\Yii2Api\api\ApiPresetBootstrap',
'contentNegotiator' => [
'formats' => [
'application/json' => Response::FORMAT_JSON,
// 'application/xml' => Response::FORMAT_XML,
'text/html' => Response::FORMAT_HTML,
],
],
'basicAuth' => [
'header' => 'X-Api-Key',
'optional' => [
'debug/*',
'gii/*',
'api/login/*',
'site/*',
'test/*'
],
],
'initBootstrap' => function ($app) {
//other behaviors code
}
I implemented a general permission encapsulation class myself, and then put it in bootstrap and configure permission control.
the other way is:
//ParentController.php
public function behaviors()
{
$parents = parent::behaviors();
$parents['contentNegotiator'] = [
'class' => ContentNegotiator::className(),
'formats' => [
'application/json' => Response::FORMAT_JSON,
// 'application/xml' => Response::FORMAT_XML,
],
];
unset($parents[$this->authenticator]);
if ($this->corsFilter) {
$parents[$this->corsFilter] = [
'class' => \yii\filters\Cors::class,
];
}
if ($this->authenticator) {
$parents[$this->authenticator] = [
'class' => \yii\filters\auth\HttpBearerAuth::class,
'optional' => array_merge(['options'], $this->optional),
'header' => 'api-authorization',
];
}
return $parents;
}
I don’t know which is the general way. The first global control may not be suitable for fine-grained control, and the second control needs to modify the code of ParentController every time, which is not conducive to the concept of “configuration permission”.
Which one should I choose?