Added the possibility to enable/disable REST APIs

docs/install/configuration-options.md

@@ -317,6 +317,10 @@ Possible array keys:
 - special: minimum number of special characters;
 - min: minimum number of characters (= minimum length).
 
+#### enableRestApi (type: `boolean`, default: `false`)
+
+Whether to enable REST APIs.
+
 #### authenticatorClass (type: `string`, default: `yii\filters\auth\QueryParamAuth`)
 
 Which class to use as authenticator for REST API.

src/User/Controller/api/v1/AdminController.php

@@ -139,6 +139,10 @@ class AdminController extends ActiveController
      */
     public function checkAccess($action, $model = null, $params = [])
     {
+        // Check if the REST APIs are enabled
+        if (!$this->module->enableRestApi) {
+            throw new NotFoundHttpException(Yii::t('usuario', 'The requested page does not exist.'));
+        }
         // Access for admins only
         if (!Yii::$app->user->can('admin')) {
             throw new ForbiddenHttpException(Yii::t('usuario', 'User does not have sufficient permissions.'));

src/User/Module.php

@@ -249,6 +249,10 @@ class Module extends BaseModule
         'digit' => 1,
         'upper' => 1,
     ];
+    /**
+     * @var boolean Whether to enable REST APIs.
+     */
+    public $enableRestApi = false;
     /**
      * @var string Which class to use as authenticator for REST API.
      * Possible values: `HttpBasicAuth`, `HttpBearerAuth` or `QueryParamAuth`.