yii2-RBAC-rest api开发思路

rest api是通过资源请求的，所以不像一般的/add /edit等来判断是否拥有权限。
我们可以写个方法一键写入权限的时候默认增加 ，其实和常规的YII2 RBAC权限一样的做法，我就不在这里详细说RBAC怎么做了，网上也有很多资料，我会提下，网上教程没有的，角色添加后的编辑怎么操作
/index = get请求
/create = post请求
/update = put/patch请求
/options = delete;

• 一键写入权限

 //一键插入所有权限    public function actionInit()    {        $trans = Yii::$app->db->beginTransaction();        $controllers_name = array();        try {            $dir = yii::$app->basePath . '/modules';            $controllers = glob($dir . '/*');            foreach ($controllers as $k => $value) {                $controllers[$k] = $value . '/controllers/OrmController.php';                $controllers_name[$k] = substr($value, strrpos($value, '/') + 1);            }            $permissions = [];            foreach ($controllers as $k => $controller) {                $content = file_get_contents($controller);                //正则匹配拿到控制器名称，但我们一般都是Orm                preg_match('/class ([a-zA-Z]+)Controller/', $content, $match);                $cName = $match[1];                $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/*');                $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/index');                $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/create');                $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/update');                $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/options');                //正则找方法                preg_match_all('/public function action([a-zA-Z_]+)/', $content, $matches);                foreach ($matches[1] as $aName) {                    $permissions[] = strtolower($controllers_name[$k] . '/' . $cName . '/' . $aName);                }            }            foreach ($permissions as $k => $v) {                if (substr($v, -2) === '/s') {                    unset($permissions[$k]);                }            }            $permissions = array_values($permissions);            $auth = Yii::$app->authManager;            foreach ($permissions as $permission) {                if (!$auth->getPermission($permission)) {                    $obj = $auth->createPermission($permission);                    $obj->description = $permission;                    $auth->add($obj);                }            }            $trans->commit();            return "import success";        } catch (\Exception $e) {            $trans->rollback();            return "import failed ";        }    }

• 控制器继承的公共控制器进行判断资源请求

       $controller = $action->controller->module->id;//控制器名称        $actionName = $action->id;//方法名称        $method = Yii::$app->request->method;        if (Yii::$app->user->can($controller. '/orm/*')) {            return true;        }        if ($method == 'POST') {            if (!Yii::$app->user->can($controller . '/orm/create')) {                throw new UserException('请求不允许');            }        }        if ($method == 'GET') {            if (!Yii::$app->user->can($controller . '/orm/index')) {                throw new UserException('请求不允许');            }        }        if ($method == 'PATCH' || $method == 'PUT') {            if (!Yii::$app->user->can($controller . '/orm/update')) {                throw new UserException('请求不允许');            }        }        if (Yii::$app->user->can($controller . '/orm/' . $actionName)) {            return true;        }        return true;        throw new UserException('对不起，您没有访问' . $controller . '/' . $actionName . '的权限');

• 角色添加后的编辑怎么操作

    public function actionEditrole($name)    {        if (Yii::$app->request->isPost) {            $authManager = Yii::$app->authManager;            $post=Yii::$app->request->post();            $role = $authManager->getRole($name);            $role->name = $post['name'];            $role->description = $post['description'];            if(!$authManager->update($name,$role)){            //$name：老名字 $role：新对象                throw new UserException('编辑失败');            };            return '编辑角色成功';        }    }