Account Management

A tutorial on building an API that supports multiple users within the same account.

Modifying the entry point.

You first need to register a new resource in index.php.

$app->registerResource('accounts');
		

Modifying configurations.

You will then need to change some configurations in DevConfigs.php to allow for users to use accounts.

$app['users.use_account'] = true;
		

Adding account classes

The first class we will add is the model which will simply extend the account model provided with the framework.

<?php

namespace BeRest\GettingStarted\Models;

use BeRest\API\Models\Account as BaseAccount;

class Account extends BaseAccount
{
}
		

The account model provided with the framework assumes the following fields are defined in the accounts table.

- id
- name
- dateCreated
- dateUpdated
		

Then, we will add the manager which will also extend the accounts manager provided with the framework which assumes the table is named accounts in the database.

<?php

namespace BeRest\GettingStarted\Managers;

use BeRest\API\Managers\Accounts as BaseAccounts;

class Accounts extends BaseAccounts
{
}
		

Finally, we will add the controller which also extend the accounts controller provided with the framework.

<?php

namespace BeRest\GettingStarted\Controllers;

use BeRest\API\Controllers\Accounts as BaseAccounts;

class Accounts extends BaseAccounts
{
}
		

Modifying user model class.

You will then need to change the base class of the user model.

<?php

namespace BeRest\GettingStarted\Models;

use BeRest\API\Models\AccountUser as BaseUser;

class User extends BaseUser
{
}
		

The account user model provided with the framework assumes the following fields are defined in the users table.

- id
- accountId
- email
- password
- permissionLevel
- status
- name
- dateCreated
- dateUpdated
		

Securing existing resources.

To secure existing resources and make sure only accounts having access to them can actually access them we need to add the field accountId to the existing models. Here is what our previous Resource.php would look like.

<?php

namespace BeRest\GettingStarted\Models;

use BeRest\API\Models\Base;

class Resource extends Base
{
    public $name;
    public $userId;
    public $accountId;
}
		

Account Permissions

Some API calls will require higher permission levels to access resources not owned by the user within the same account.

By default, a controller requires a permission level of 50 to perform such actions.

In that case, the level 100 will be to perform actions on resources not owned by the account.

If you want to change this behaviour, you can do so by overriding the routes property of the controller. For example this would be the new routes property to make getting a resource or listing resources public.

public static $routes = [
    'get_' => ['function' => 'getAll'],
    'get_/{id}' => ['function' => 'getOne'],
    'post_' => ['function' => 'create', 'permissions' => ['admin' => 100, 'account' => 50], 'authenticate' => 'hasAccess'],
    'put_/{id}' => ['function' => 'update', 'permissions' => ['admin' => 100, 'account' => 50], 'authenticate' => 'hasAccess'],
    'delete_/{id}' => ['function' => 'delete', 'permissions' => ['admin' => 100, 'account' => 50], 'authenticate' => 'hasAccess']
];
		

Similarly, if you want to have multiple levels of users, you can specify for each action what the permission level is for the access.

public static $routes = [
    'get_' => ['function' => 'getAll'],
    'get_/{id}' => ['function' => 'getOne'],
    'post_' => ['function' => 'create', 'permissions' => ['admin' => 100, 'account' => 25], 'authenticate' => 'hasAccess'],
    'put_/{id}' => ['function' => 'update', 'permissions' => ['admin' => 100, 'account' => 50], 'authenticate' => 'hasAccess'],
    'delete_/{id}' => ['function' => 'delete', 'permissions' => ['admin' => 100, 'account' => 100], 'authenticate' => 'hasAccess']
];