(I have also posted this question on Stack Overflow.)
I replaced the standard REST actionUpdate with one that only allows updates to the user password and returns the boolean result of save() rather than the $user object:
class UserController extends ActiveController
{
// ...
public function actions()
{
$actions = parent::actions();
unset($actions['update']);
return $actions;
}
// ...
public function actionUpdate($id)
{
if (! Yii::$app->request->isPut) {
throw new MethodNotAllowedHttpException('Please use PUT');
}
/** @var User $user */
$user = User::findIdentity($id);
if (Yii::$app->request->post('password') !== null) {
$user->setPassword(Yii::$app->request->post('password'));
}
return $user->save();
}
// ...
}
Testing with Postman and Codeception, [Response] = true and [Status] = 200. Both expected. However, the update does not take.
The [Request] =
PUT http://localhost:8888/api/v1/users/1 {"password":"another password"}
…which is correct. When I print_r the Yii::$app->request->post() and Yii::$app->request->bodyParams in actionUpdate, both return an empty array. However, when I print_r the $_GET, both the id and password are returned. Model rules lists ‘password’ as safe.
Are you sure you’ve sent the request to the same action, that you’ve been trying to debug? It’s a bit weird question BUT recently I’ve developed an API based on the Yii2 generic actions for REST and didn’t face any problem with that.
The most strange point is, that you are able to retrive parameters sent as POST as GET. Check twice if you have everything done correctly, it looks like as a mistake you’ve made somewhere at your app.
I sent trace messages to the log, and it identifies the action that is being called (updateAction). Also, I am doing the print_r from that action and the only request is the one I send in Postman. So I am pretty sure the answer to this question is yes.
I have been trying to figure this out for days, so you might say I have checked…and much more than twice. Was hoping that someone could give me something specific to look for.
Oh, and I also tried to go back to the generic actionUpdate(). It also returns status ok, and also does not pass the data in the bodyParams(). So I don’t believe the problem is that I am using a custom action.
It looks like the app does a redirect after the first request. I am pretty sure of that basing on $_SERVER[‘redirect_url’] which is set to some value in case above.
I am sorry, but I don’t follow you. I understand that the $_SERVER[‘REDIRECT_URL’] variable is set by Apache. However, $_SERVER[‘REQUEST_METHOD’] is PUT. Are you saying that there is an HTTP GET request happening after the put but before the routing to actionUpdate takes place? How can that happen?