I am attempting to add the current user to a create mutation by decorating graphql stages as per the documentation.
It is a feature to allow users to block other users in a message system, fyi.
It should satisfy the following access control:
"access_control"="is_granted('IS_AUTHENTICATED_FULLY') and object.getBlocker() == user"
Meaning that the user that is blocking is the currently authenticated user.
I can get it done if I modify the above to just:
"access_control"="is_granted('IS_AUTHENTICATED_FULLY')"
by decorating the deserialize stage like so:
App/Stage/DeserializeStage
/**
* #param object|null $objectToPopulate
*
* #return object|null
*/
public function __invoke($objectToPopulate, string $resourceClass, string $operationName, array $context)
{
// Call the decorated serialized stage (this syntax calls the __invoke method).
$deserializeObject = ($this->deserializeStage)($objectToPopulate, $resourceClass, $operationName, $context);
if ($resourceClass === 'App\Entity\BlockedUser' && $operationName === 'create') {
$user = $this->tokenStorage->getToken()->getUser();
$deserializeObject->setBlocker($user);
}
return $deserializeObject;
}
As I understand it, in order to get it to work fully satisfying the access control, I would need to decorate the read stage, which comes before the security stage and insert the currently authenticated user to the object.
In that way, it would satisfy the second portion of the access control, ie,
and object.getBlocker() == user
I attempted to do it as follows, but I get a NULL object :
App/Stage/ReadStage
/**
* #return object|iterable|null
*/
public function __invoke(?string $resourceClass, ?string $rootClass, string $operationName, array $context)
{
$readObject = ($this->readStage)($resourceClass, $rootClass, $operationName, $context);
var_dump($readObject->getBlocked()->getUsername()); // throws error 'method getBlocked on NULL
if ($resourceClass === 'App\Entity\BlockedUser' && $operationName === 'create') {
$userId = $this->tokenStorage->getToken()->getUser();
$readObject->setBlocker($user);
}
return $readObject;
}
Well, after restarting the app it seems to be working properly in the deserialize stage. It might have been an issue with cache or something.
I am still not sure why it works in the deserialize stage nor if that's the correct place to modify the object.
In any case, it is working as is, so...
So, I am posting the full code for reference.
App/Stage/DeserializeStage
<?php
namespace App\Stage;
use ApiPlatform\Core\GraphQl\Resolver\Stage\DeserializeStageInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
final class DeserializeStage implements DeserializeStageInterface
{
private $deserializeStage;
/**
* #var TokenStorageInterface
*/
private $tokenStorage;
public function __construct(
DeserializeStageInterface $deserializeStage,
TokenStorageInterface $tokenStorage)
{
$this->deserializeStage = $deserializeStage;
$this->tokenStorage = $tokenStorage;
}
/**
* #param object|null $objectToPopulate
*
* #return object|null
*/
public function __invoke($objectToPopulate, string $resourceClass, string $operationName, array $context)
{
// Call the decorated serialized stage (this syntax calls the __invoke method).
$deserializeObject = ($this->deserializeStage)($objectToPopulate, $resourceClass, $operationName, $context);
if ($resourceClass === 'App\Entity\BlockedUser' && $operationName === 'create') {
$user = $this->tokenStorage->getToken()->getUser();
$deserializeObject->setBlocker($user);
}
return $deserializeObject;
}
}
And you need to add this to config/services.yaml
App\Stage\DeserializeStage:
decorates: api_platform.graphql.resolver.stage.deserialize
Related
I have custom model User and I want push custom attribute to model after fetching data. How I can do it?
I know what before fetching we can add custom attibute like this:
class User extends Model
{
protected $appends = ['callable'];
public function getCallableAttribute()
{
$callable = $this->getMeta('phone') ? true : false;
return $callable;
}
}
But how do it after fetching data, for example after:
$user = User::find(1);
And now how append custom attribute to fetched User object data?
You can define a Laravel Accessor for that
E.g.
class User extends Model
{
/**
* Get the user's first name.
*
* #param string $value
* #return string
*/
public function getFirstNameAttribute($value)
{
return ucfirst($value);
}
/**
* Get the user's full name.
*
* #return string
*/
public function getFullNameAttribute()
{
return "{$this->first_name} {$this->last_name}";
}
}
Then you can access Accessors like this:
$user = App\User::find(1);
$firstName = $user->first_name; // In studly Case
$firstName = $user->full_name; // In studly Case
You can read more about Laravel Accessors here: https://laravel.com/docs/5.8/eloquent-mutators#defining-an-accessor
I need to make a change to the retrieveUser() function within Illuminate/Broadcasting/Broadcasters/Broadcaster.php.
The change works if I edit the class directly, but I have heard that you are not supposed to do that because it is difficult to track changes to the source code and because it will get overwritten when upgrading Laravel or when pushing to production.
So if I wanted to write my own modified retrieveUser() function for the Broadcaster class (it happens to be an abstract class which implements BroadcasterContract), then where and how would I do that?
Original function:
/**
* Retrieve the authenticated user using the configured guard (if any).
*
* #param \Illuminate\Http\Request $request
* #param string $channel
* #return mixed
*/
protected function retrieveUser($request, $channel)
{
$options = $this->retrieveChannelOptions($channel);
$guards = $options['guards'] ?? null;
if (is_null($guards)) {
return $request->user();
}
foreach (Arr::wrap($guards) as $guard) {
if ($user = $request->user($guard)) {
return $user;
}
}
}
New function:
protected function retrieveUser($request, $channel)
{
$options = $this->retrieveChannelOptions($channel);
$guards = $options['guards'] ?? null;
if (is_null($guards)) {
$token = $request->header('Token');
$id = Crypt::decrypt($token);
$user = User::find($id);
return $user;
}
foreach (Arr::wrap($guards) as $guard) {
if ($user = $request->user($guard)) {
return $user;
}
}
}
UPDATE
As #ggdx pointed out in the comments, I can override the class by doing class yourClass extends Illuminate\Broadcasting\Broadcasters\Broadcaster
However, I still don't know where to put this new class within the Laravel framework. I tried creating the new class in the /app route, but that did not work.
I'm not completely sure what you are trying to accomplish. But I think making a custom driver for a guard will do what you want. Looking at the docs https://laravel.com/docs/5.8/authentication#adding-custom-guards
You can do this in the boot method of your AuthServiceProvider.
Auth::viaRequest('custom-token', function ($request) {
return User::find(Crypt::decrypt($request->header('Token')));
});
Also, make sure to select it as the driver for your guard in your auth.php config file.
I'd like to hook a model event to perform a task after the model has been deleted. I've added the following code to my model:
protected static function boot()
{
parent::boot();
static::deleted( 'static::removeStorageAllocation' );
}
Rather than put the logic I want to run inside a closure in the boot function, which seems a pretty ugly spot for it, I noticed in the method signature it supposedly takes "\Closure|string $callback" is there a way I can specify a function name like I've tried to do above? I can't seem to come up with anything that works. I've tried lots of combinations:
'self::removeStorageAllocation'
'static::removeStorageAllocation'
'\App\MyModel::removeStorageAllocation'
I know I can probably just specify a closure which calls my function, but I'm wondering what the string form of $callback is for?
You could just pass an anonymous function:
static::deleted(function() {
static::removeStorageAllocation();
});
To know the string representation of $callback, you could look at the source of deleted:
/**
* Register a deleted model event with the dispatcher.
*
* #param \Closure|string $callback
* #param int $priority
* #return void
*/
public static function deleted($callback, $priority = 0)
{
static::registerModelEvent('deleted', $callback, $priority);
}
You'll see it is registering an event listener:
/**
* Register a model event with the dispatcher.
*
* #param string $event
* #param \Closure|string $callback
* #param int $priority
* #return void
*/
protected static function registerModelEvent($event, $callback, $priority = 0)
{
if (isset(static::$dispatcher))
{
$name = get_called_class();
static::$dispatcher->listen("eloquent.{$event}: {$name}", $callback, $priority);
}
}
Therefore, $callback is used eventually as a listener. A string representation would most likely be the name of a listener class, not a method.
Create a protected or public static function on your model (private will not work):
protected static function myStaticCallback($model)
{
// Your code
}
Then add a boot method to your model, using an array for the callback [class, function]:
protected static function boot()
{
parent::boot();
static::creating(['MyModel', 'myStaticCallback']);
}
I have a simple trait which I use to always include soft-deleted items for a few things:
trait OverrideTrashedTrait {
public static function find($id, $columns = ['*'])
{
return parent::withTrashed()->find($id, $columns);
}
}
However, since upgrading to Laravel 5.1, this no longer works. Soft-deleted items do not turn up in get() lists, and if I try to access a page where I've used route model bindings, I get the NotFoundHttpException.
Laravel's upgrade documentation states that:
If you are overriding the find method in your own models and calling parent::find() within your custom method, you should now change it to call the find method on the Eloquent query builder:
So I changed the trait accordingly:
trait OverrideTrashedTrait {
public static function find($id, $columns = ['*'])
{
return static::query()->withTrashed()->find($id, $columns);
}
}
But it appears that no matter what I write in there, it doesn't affect the results. I have also tried to put the overriding find() method directly in the model, but that doesn't appear to be working either. The only way anything changes is if I write invalid syntax. Even if I change the $id to a hardcoded id of an item that is not soft-deleted, I get the same result, and absolutely nothing happens if I e.g. try to dd('sdfg'), so I doubt the method is even called.
Edit: If I do trigger the method manually, it works just like intended.
How can I fix this?
Ok here it goes:
short version: Model binding does not use find.
longer version:
/**
* Register a model binder for a wildcard.
*
* #param string $key
* #param string $class
* #param \Closure|null $callback
* #return void
*
* #throws NotFoundHttpException
*/
public function model($key, $class, Closure $callback = null)
{
$this->bind($key, function ($value) use ($class, $callback) {
if (is_null($value)) {
return;
}
// For model binders, we will attempt to retrieve the models using the first
// method on the model instance. If we cannot retrieve the models we'll
// throw a not found exception otherwise we will return the instance.
$instance = new $class;
if ($model = $instance->where($instance->getRouteKeyName(), $value)->first()) {
return $model;
}
// If a callback was supplied to the method we will call that to determine
// what we should do when the model is not found. This just gives these
// developer a little greater flexibility to decide what will happen.
if ($callback instanceof Closure) {
return call_user_func($callback, $value);
}
throw new NotFoundHttpException;
});
}
Line 931 of Illuminate\Routing\Router says it does:
$instance->where($instance->getRouteKeyName(), $value)->first()
It uses the key from the model used in a where and loads the first result.
In Laravel 5.1 find() method can be found in Illuminate\Database\Eloquent\Builder
From your Model class you can override it like following:
namespace App;
use Illuminate\Database\Eloquent\Model;
class Product extends Model
{
/**
* Overrides find() method in Illuminate\Database\Eloquent\Builder.
* Finds only active products.
*
* #param mixed $id
* #param array $columns
* #return \Illuminate\Database\Eloquent\Model|\Illuminate\Database\Eloquent\Collection|null
*/
public static function find($id, $columns = ['*']) {
// create builder from the Model
$builder = (new self)->newQuery();
// method customization
if (is_array($id)) {
// findMany() also should be customized
return self::findMany($id, $columns);
}
$builder->getQuery()->where("isActive", '=', 1)->where($builder->getModel()->getQualifiedKeyName(), '=', $id);
return $builder->first($columns);
}
}
I want to extend the Symfony2 Debug Toolbar with my own custom data.
I have a service where I want to log specific method calls and then display them in the web debug toolbar.
I read the cookbook article, but it's not very helpful.
I created my own DataCollector class:
class PermissionDataCollector extends DataCollector
{
private $permissionCalls = array();
private $permissionExtension;
public function __construct(PermissionExtension $permissionExtension)
{
$this->permissionExtension = $permissionExtension;
}
/**
* Collects data for the given Request and Response.
*
* #param Request $request A Request instance
* #param Response $response A Response instance
* #param \Exception $exception An Exception instance
*
* #api
*/
public function collect(Request $request, Response $response, \Exception $exception = null)
{
$this->permissionCalls = $this->permissionExtension->getPermissionCalls();
$this->data = array(
'calls' => $this->permissionCalls
);
}
public function getPermissionCallsCount()
{
return count($this->permissionCalls);
}
public function getFailedPermissionCallsCount()
{
return count(array_filter($this->permissionCalls, array(&$this, "filterForFailedPermissionCalls")));
}
private function filterForFailedPermissionCalls($var)
{
return $var['success'];
}
/**
* Returns the name of the collector.
*
* #return string The collector name
*
* #api
*/
public function getName()
{
return 'permission';
}
}
The PermissionExtension logs all calls and then I want to retrieve this array of calls in
PermissionDataCollector.
And a template just outputting {{ collector.permissionCallsCount }}.
The section gets displayed in the in the toolbar but it just shows a 0 which is wrong.
I'm not sure if I'm even doing this right, because the documentation lacks this section. I'm using Symfony 2.1
Has anybody extended the toolbar with custom data?
ah great! It works. I basically need to refer to $this->data all the time.
The reason for this that ->data is used by the Symfony\Component\HttpKernel\DataCollector\DataCollector and serialized (see DataCollector::serialize).
This is later stored (somehow, I don't know where, but it is later unserialized). If you use own properties the DataCollector::unserialize just prunes your data.
See https://symfony.com/doc/current/profiler/data_collector.html#creating-a-custom-data-collector
As the profiler serializes data collector instances, you should not store objects that cannot be serialized (like PDO objects) or you need to provide your own serialize() method.
Just use $this->data all the time, or implement your own \Serializable serializing.