Yii Framework Forum: beforeDelete return false - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

beforeDelete return false may be the cause for 500 Server Error?

#1 User is offline   toaster 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 29
  • Joined: 24-December 13
  • Location:Perugia - Italy

Posted 22 August 2017 - 08:44 AM

Hi There guys,

I am developing a REST Api with the possibility for users to add and delete comments: about the deletion I want that only the owner of the comment can delete its comment so I have overridden the beforeDelete() method inside the Comment ActiveRecord Class in this way:
...
public function beforeDelete() {
    if(!parent::beforeDelete()){
      return false;
    }
    $userApi = AuthHelper::getUserByToken();
    if(!is_object($userApi)){
      $this->addError('id_user', 'Unrecognized user');
      return false;
    }
    if($this->id_user != $userApi->id){
      $this->addError('id_user', 'Not authorized to perform this action');
      return false;
    }
    return true;
  }
...

The static method AuthHelper::getUserByToken() basically just get the token from the request header, and invoke the User::findIdentityByAccessToken to return the user object (if exist).
...
public static function getUserByToken() {
    $headers = \Yii::$app->request->headers;
    $token_value = $headers->get('Authorization');
    $token = str_replace('Bearer ', '', $token_value);
    return User::findIdentityByAccessToken($token);
  }
...

However if I try to delete a comment that does not belong to me, the server deny my request but do not show any of the errors I declared using the addError() method, but instead it send me a 500 Server Error:
{
    "name": "Internal Server Error",
    "message": "Failed to delete the object for unknown reason.",
    "code": 0,
    "status": 500,
    "type": "yii\\web\\ServerErrorHttpException"
}

My question is: is it a normal behavior to throw a ServerErrorHttpException because the beforeDelete() return false or it might be related to other things? Could it be any better way to deny the deletion and send back a proper error message instead of a generic 500 ServerError?
Thank you in advance

Raffaele
Backend Developer at DigiSin
0

#2 User is offline   Patrick Jones 

  • Advanced Member
  • PipPipPip
  • Yii
  • Group: Members
  • Posts: 495
  • Joined: 14-July 12
  • Location:Berlin

Posted 22 August 2017 - 09:11 AM

View Posttoaster, on 22 August 2017 - 08:44 AM, said:

My question is: is it a normal behavior to throw a ServerErrorHttpException because the beforeDelete() return false


Yes, see the implementation of DeleteAction:

if ($model->delete() === false) {
            throw new ServerErrorHttpException('Failed to delete the object for unknown reason.');
        }



View Posttoaster, on 22 August 2017 - 08:44 AM, said:

Could it be any better way to deny the deletion and send back a proper error message instead of a generic 500 ServerError?


http://www.yiiframew...r-handling.html
Freelance developer for hire - send me a message!
1

#3 User is offline   toaster 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 29
  • Joined: 24-December 13
  • Location:Perugia - Italy

Posted 22 August 2017 - 09:21 AM

Thank you very much Partik for your answer, at the end of the day I have solved throwing a 401 UnauthorizedHttpException, is not that elegant but it works!
if($this->id_user != $userApi->id){
   throw new \yii\web\UnauthorizedHttpException('Not authorized to perform this action');
}

Backend Developer at DigiSin
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users