Skip to content

refactor(state): merge parameter and link security #7200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 13, 2025
Merged

refactor(state): merge parameter and link security #7200

merged 4 commits into from
Jun 13, 2025

Conversation

soyuka
Copy link
Member

@soyuka soyuka commented Jun 10, 2025

Q A
Branch? 4.1 (experimental feature changes, no bc)
Tickets Closes #7061
License MIT

I was working on parameters and it struck me that @KDederichs actually wrote a ParameterProvider for links that could be quite useful with all kind of parameters (not only uri variables also knowns as links, especially that a Link extends Parameter). This refactor removes a lot of code by reusing the logic of the actual parameters (that also have a security) and adding the features that were only present on Links to every parameters.

Tests left to be done:

This mimics the behavior of the well-known MapEntity of symfony:

use ApiPlatform\Metadata\Get;
use ApiPlatform\State\ParameterProvider\ReadLinkParameterProvider'
use App\Entity\Author;

#[Get(
    uriTemplate: '/author/{authorId}/books`,
    uriVariables: ['authorId' => new Link(provider: ReadLinkParameterProvider::class, fromClass: Author::class)]
)]

After that if an Author is not found this throws a 404 (disable this using extraProperties: ['throw_not_found' => false] on the Link (or Parameter of any kind). Then uriVariables['authorId'] should contain the Author from the database.

This can be applied to any kind of parameters:

use ApiPlatform\Metadata\Get;
use ApiPlatform\State\ParameterProvider\ReadLinkParameterProvider'
use App\Entity\Author;

#[GetCollection(
    uriTemplate: '/authors`,
    parameters: ['author' => new QueryParameter(provider: ReadLinkParameterProvider::class, extraProperties: ['resource_class' => Author::class, 'uri_template' => '/authors/{id}'])]
)]
#[Get(
    uriTemplate: '/authors/{id}`,
)]

This also resolves #7112 in my opinion ping @joelwurtz @lyrixx

@soyuka soyuka mentioned this pull request Jun 10, 2025
Closed
6 tasks
@soyuka soyuka force-pushed the link-parameter-providers branch from 80b6c90 to f7f2d19 Compare June 10, 2025 11:50
@lyrixx
Copy link
Contributor

lyrixx commented Jun 11, 2025

Looks promising ! Thanks

@soyuka soyuka force-pushed the link-parameter-providers branch 3 times, most recently from 50310c0 to bb27dfb Compare June 13, 2025 11:43
@soyuka soyuka force-pushed the link-parameter-providers branch from bb27dfb to f0388b6 Compare June 13, 2025 11:48
@soyuka soyuka merged commit b2b5f99 into api-platform:4.1 Jun 13, 2025
108 of 111 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@soyuka @lyrixx