When creating an entity with #ApiResource, you get 5 routes:
GET /api/entities
POST /api/entities
GET /api/entities/{id}
DELETE /api/entities/{id}
PUT /api/entities/{id}
How can I disable the first route ?
Thanks.
You should customize the collectionOperations attribute in your #ApiResource annotation
/**
* #ApiResource(
* collectionOperations={}
* )
*/
For more information: https://api-platform.com/docs/core/operations/#enabling-and-disabling-operations
Related
currently i'm struggle with the identifier because i not need it.
i only need an get request without anything and returning some system infos.
/**
* #ApiResource(
* itemOperations={
* "info"={
* "method"="GET",
* "path"="/system/info",
* "controller"=GetInfo::class,
* "read"=false
* }
* },
* collectionOperations={
*
* }
* )
*/
thats my current config but it always requires an identifier.
It sounds as if you're after not an ApiPlatform resource, but simply a standard endpoint.
Have a look at this documentation from Symfony on how to define a route.
To me it sounds like you're after something like this:
config/routes.yaml
system_info:
path: /system/info
method: GET
controller: App\System\Info
With controller:
namespace App\System;
class Info
{
public function __invoke(): JsonResponse
{
return new JsonResponse(['pc' => 'master race']);
}
}
Remember that ApiPlatform is supposed to be working with Resources (aka: DTO's and Entities), and as you're use-case does not do either, you end up struggling to make it work.
* #ApiFilter(SearchFilter::class, properties={"serial": "partial"})
I have the following on a products entity. The problem is, when I make API call with ?serial= it returns ALL items in the DB, obviously should have only returned one
EDIT:
This is caused by using a custom controller for the GET method. Looks like it needs refactorring.
* collectionOperations={
* "get"={
* "controller"=DeviceGetCollectionController::class,
* },
Bypasses the searchFilter
Solution was add a check in the custom controller:
if($request->get('serial')){
return $query->findBy(['company' => $user->getCompany(),'serial'=>$request->get('serial')]);
}
I want to check the entity variable and check if it is allowed to delete the entity. For example if the owner entity of the association is linked to another entity, I want to make the deletion impossible.
I've looked in the documentation of api-platform bu I could not find any help regarding my problems. Either you give the right to delete or not. I could not find how to control it (equivalent to validation for POST, PUT and PATCH).
You can use the access control feature of Api-Platform and Symfony Expression Language to achieve what you want. This way you can write pretty complex expressions.
I hope this example makes it clear.
user is the currently logged in user.
object is the resource user is trying to delete.
/**
* #ApiResource(
* itemOperations={
* "delete"={
* "access_control"="is_granted('ROLE_USER') and object.getUsers().contains(user),
* }
* }
* )
*/
class Entity
{
/**
* #var ArrayCollection
*
* #ORM\OneToMany(targetEntity="User", inversedBy="entities")
* #ORM\JoinTable(name="entity_users")
*/
private $users;
/**
* #return ArrayCollection
*/
public function getUsers(): ArrayCollection
{
return $this->users;
}
}
In this case only users who are stored in users Array of Entity can delete this resource.
I'm following the example / documentation closely trying to set up a resource that only its owner can access, and I get this error:
"hydra:description": "Notice: Undefined property:
ApiPlatform\Core\Bridge\Doctrine\Orm\Paginator::$owner",
JWT authentication per se seems to work fine.
my resource is defined like this:
/**
* #ORM\Entity
* #ApiResource(
* attributes={"access_control"="is_granted('ROLE_USER') and object.owner == user"},
* collectionOperations={"get"},
* itemOperations={"get"},
* )
*/
Security and user provider and everything is set up exactly as in the api-platform or Symfony documentation.
The property owner is defined as:
/**
* #var User The owner
*
* #ORM\ManyToOne(targetEntity=User::class)
*/
public $owner;
What am I doing wrong?
I think this would work on your itemOperation GET, but not on your collectionOperation. The reason is that "object" in this case will the the collection of User objects, which is represented as the Paginator class.
#ahaaje is correct.
But you can still achieve what you're looking for by implementing an "extension". This would allow you to filter the collection with only items that belong to your user.
Official documentation is here.
I have a Symfony 2/Doctrine 2 entity with a UniqueEntity constraint. As show in the documentation, it should be possible to set a custom error message. I tied the following syntax, but that dose not work:
/**
* #ORM\Entity
* #ORM\Table(name="User")
* #UniqueEntity("email", message="Your E-Mail adress has already been registered")
*/
class User
What is the correct notation for the UniqueEntity constraint message? Or is the documentation simply wrong?
If you use only fields option in this annotaion, it can be used as the default option (the only option without name). However when you specify additional settings, you have to specify fields property.
/**
* #ORM\Entity
* #ORM\Table(name="User")
* #UniqueEntity(
* fields={"email"},
* message="Your E-Mail adress has already been registered"
* )
*/
class User