yii-api icon indicating copy to clipboard operation
yii-api copied to clipboard

Published 20 hours ago verified publisher icon yiisoft

Inconsistent behavior for partially implemented Rest\ActiveController

Open SamMousa opened this issue 10 years ago • 4 comments
trafficstars

Consider we have:

  1. One Rest\UrlRule with 1 controller.
  2. One Rest\ActiveController.

Suppose 2 scenarios:

  1. List only resource, implemented by overriding actions and removing all but index.
  2. Write only resource, implemented by overriding actions and removing all but create.

Now we go ahead and create (in)correct requests:

   GET /listonly --> 200
   POST /listonly --> 405 Method not allowed

    GET /writeonly --> 404 Page not found
    POST /writeonly -> 200

The reason this happens is because beforeAction is not called for actions that can't be found. Some issues arise from this

  1. ContentNegotiator is not used.
  2. A REST URL is an endpoint and it should not return 404 when 405 is more appropriate.

Not sure how to fix this, possible fixes include:

  1. Add event "beforeCreateAction" that gets called before attempting to create the action. --> This would allow VerbFilter and ContentNegotiator to do their work for not implemented actions.
  2. Add event "onInvalidRoute" that gets called before the exception, allowing a controller behavior to do some stuff to resolve the situation before falling back to the exception handler at the Application level.
  3. Add "beforeRunAction" event that gets called before runAction is called.

Any of these solutions would:

  1. Increase power of behaviors to do some stuff before failing.
  2. Not break BC in anyway.

SamMousa avatar Sep 25 '15 12:09 SamMousa

realated to #5850

cebe avatar Sep 26 '15 13:09 cebe

for your case you should create the GET rule and send it to the same action that you use for POST and then user VerbFilter to generate the 405 response.

In general there is a design flaw in yii routing which implements HTTP verbs only partially so the allowed HTTP verbs for an endpoint have to be configured in two places to work correctly. We should try to fix this in 2.1.

cebe avatar Jul 04 '16 10:07 cebe

We need to respond with 405 in case one of the REST methods is not implemented.

samdark avatar Sep 08 '20 15:09 samdark

In https://github.com/yiisoft/yii-api/blob/master/src/RestGroup.php in case reflection doesn't find a handler method we need to register default handler returning 405. Also we need to collect methods implemented and automatically register a handler for OPTIONS returning methods implemented.

An extra task is to check user syntax for RestGroup usage and fine-tune it.

samdark avatar Oct 04 '20 14:10 samdark