rest WIP

framework/rest/Controller.php

@@ -14,6 +14,7 @@ use yii\web\UnauthorizedHttpException;
 use yii\web\UnsupportedMediaTypeHttpException;
 use yii\web\TooManyRequestsHttpException;
 use yii\web\VerbFilter;
+use yii\web\ForbiddenHttpException;
 
 /**
  * Controller is the base class for RESTful API controller classes.
@@ -227,4 +228,20 @@ class Controller extends \yii\web\Controller
 	{
 		return Yii::createObject($this->serializer)->serialize($data);
 	}
+
+	/**
+	 * Checks the privilege of the current user.
+	 *
+	 * This method should be overridden to check whether the current user has the privilege
+	 * to run the specified action against the specified data model.
+	 * If the user does not have access, a [[ForbiddenHttpException]] should be thrown.
+	 *
+	 * @param string $action the ID of the action to be executed
+	 * @param object $model the model to be accessed. If null, it means no specific model is being accessed.
+	 * @param array $params additional parameters
+	 * @throws ForbiddenHttpException if the user does not have access
+	 */
+	public function checkAccess($action, $model = null, $params = [])
+	{
+	}
 }