Chapters

36 Chapters | 3:44:20 |

01

Setup & Ways to Extend API Platform

4:39
02

State Providers, Processors & a Custom Field

4:49
03

Decorating the Core State Provider

4:47
04

Decorating the CollectionProvider

7:12
05

Simpler State Processor

5:47
06

Running Code "On Publish"

6:05
07

Totally Custom Resource

4:19
08

Custom Resource State Provider

5:04
09

Using a Custom (Date) Identifier

7:35
10

Custom Resource Item Provider

3:26
11

Custom Resource State Processor

6:48
12

Relating Custom ApiResources

5:13
13

Embedding Custom DTO's

4:47
14

Pagination on a Custom Resource

8:18
15

User Class Dto

4:24
16

stateOptions + entityClass Magic

10:07
17

Entities, DTO's & The "Central" Object

6:24
18

Provider: Transforming Entities to DTOs

4:47
19

Entity -> DTO Item State Provider

4:11
20

DTO -> Entity State Processor

7:39
21

Leveraging the Core Processor

7:11
22

Controlling Fields without Groups

4:31
23

Other Conditional Field Strategies

6:04
24

DTO Validation & Security

6:13
25

MicroMapper: Central DTO Mapping

10:11
26

Reusable Entity->Dto Provider & Processor

4:11
27

Quick! Create a DragonTreasure DTO

9:51
28

Dtos, Mapping & Max Depth of Relations

8:05
29

Making DragonTreasureApi Writable

7:23
30

DTO & Security

9:39
31

Field Security with Patch

6:17
32

Triggering a "Publish"

4:14
33

Writable Relation Fields

5:09
34

Writing to a Collection Relation

5:08
35

Writable Collection via the PropertyAccessor

6:29
36

Simpler Validator for Checking State Change

7:23

> APIs > API Platform 3 Part 3: Custom Resources

Buy Access to Course

34.

Writing to a Collection Relation

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Chapter

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

We are so close to completely re-implementing our API using these custom classes. So excited!

Let's run every test to see where we stand.

symfony php bin/phpunit

And... everything passes except one. This trouble-maker test is UserResourceTest::testTreasuresCannotBeStolen. Let's go check it out!

Open tests/Functional/UserResourceTest.php and search for testTreasuresCannotBeStolen(). Here it is.

            Copy Code

                            Show All Lines

                        91 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCannotBeStolen(): void
        
                {
        
                    $user = UserFactory::createOne();
        
                    $otherUser = UserFactory::createOne();
        
                    $dragonTreasure = DragonTreasureFactory::createOne(['owner' => $otherUser]);
        
                    $this->browser()
        
                        ->actingAs($user)
        
                        ->patch('/api/users/' . $user->getId(), [
        
                            'json' => [
        
                                'username' => 'changed',
        
                                'dragonTreasures' => [
        
                                    '/api/treasures/' . $dragonTreasure->getId(),
        
                                ],
        
                            ],
        
                            'headers' => ['Content-Type' => 'application/merge-patch+json']
        
                        ])
        
                        ->assertStatus(422);
        
                }
        
                Show Lines

                                                    // ... lines 76 - 89
                            
            }

Let's read the story. We update a user and attempt to change its dragonTreasures property to contain a treasure owned by someone else. The test looks for a 422 status code - because we want to prevent stealing treasures - but the test fails with a 200.

But apart from the whole stealing thing, this is the first test that we've seen that writes to a collection relation field. And that is an interesting topic all on its own.

Avoid Writable Collection Fields?

First, if you can, I'd recommend against allowing collection relationship fields like this to be writable. I mean, you absolutely can... but it adds complexity. For example, like this test shows, we need to worry about how setting the dragonTreasures property changes the owner on that treasure. And there's already a different way to do this: make a patch() request to this treasure and... change the owner. Simple!

But, if you still want to allow your collection relation to be writable in your DTO system, fine, here's how to do it. I'm kidding - it's not too bad.

Testing the Collection Write

Start by duplicating this test. Rename it to testTreasuresCanBeRemoved. I totally typo'ed that - mine says cannot, which is the opposite of what I want to test - so make sure you get that right in your code.

            Copy Code

                            Show All Lines

                        111 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCanBeRemoved(): void
        
                {
        
                Show Lines

                                                    // ... lines 59 - 74
                            
                }
        
                Show Lines

                                                    // ... lines 76 - 109
                            
            }

Now we can dress this up a bit. Make the first $dragonTreasure owned by $user. Then create a second $dragonTreasure also owned by $user, but we won't need a variable for it... you'll see. Finally, add a third $dragonTreasure called $dragonTreasure3 that's owned by $otherUser.

            Copy Code

                            Show All Lines

                        119 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCanBeRemoved(): void
        
                {
        
                    $user = UserFactory::createOne();
        
                    $otherUser = UserFactory::createOne();
        
                    $dragonTreasure = DragonTreasureFactory::createOne(['owner' => $user]);
        
                    DragonTreasureFactory::createOne(['owner' => $user]);
        
                    $dragonTreasure3 = DragonTreasureFactory::createOne(['owner' => $otherUser]);
        
                Show Lines

                                                    // ... lines 64 - 82
                            
                }
        
                Show Lines

                                                    // ... lines 84 - 117
                            
            }

So we have three dragonTreasures, two owned by $user, and one by $otherUser. Down here, we patch to modify $user. Remove username - we don't care about that - then send two dragonTreasures: the first and the third: /api/treasures/ $dragonTreasure3->getId().

            Copy Code

                            Show All Lines

                        119 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCanBeRemoved(): void
        
                {
        
                    $user = UserFactory::createOne();
        
                    $otherUser = UserFactory::createOne();
        
                    $dragonTreasure = DragonTreasureFactory::createOne(['owner' => $user]);
        
                    DragonTreasureFactory::createOne(['owner' => $user]);
        
                    $dragonTreasure3 = DragonTreasureFactory::createOne(['owner' => $otherUser]);
        
                    $this->browser()
        
                        ->actingAs($user)
        
                        ->patch('/api/users/' . $user->getId(), [
        
                            'json' => [
        
                                'dragonTreasures' => [
        
                                    '/api/treasures/' . $dragonTreasure->getId(),
        
                                    '/api/treasures/' . $dragonTreasure3->getId(),
        
                                ],
        
                            ],
        
                            'headers' => ['Content-Type' => 'application/merge-patch+json']
        
                        ])
        
                Show Lines

                                                    // ... lines 76 - 81
                            
                    ;
        
                }
        
                Show Lines

                                                    // ... lines 84 - 117
                            
            }

We're going to test for two things. First, that the second treasure is removed from this user. Think about it: $user started with these two treasures... and the fact that this second treasure's IRI is not sent means that we want it to be removed from $user.

Second, I added $dragonTreasure3 temporarily to prove that treasures can be stolen. This is currently owned by $otherUser, but we pass it to dragonTreasures... and we're going to verify that the owner of $dragonTreasure3 changes from $otherUser to $user. That's not the end behavior we want, but it'll help us get all the relation writing working. Then we'll worry about preventing that.

Down here, ->assertStatus(200) then extend the test by saying ->get('/api/users/' . $user->getId()) and ->dump().

            Copy Code

                            Show All Lines

                        119 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCanBeRemoved(): void
        
                {
        
                    $user = UserFactory::createOne();
        
                    $otherUser = UserFactory::createOne();
        
                    $dragonTreasure = DragonTreasureFactory::createOne(['owner' => $user]);
        
                    DragonTreasureFactory::createOne(['owner' => $user]);
        
                    $dragonTreasure3 = DragonTreasureFactory::createOne(['owner' => $otherUser]);
        
                    $this->browser()
        
                        ->actingAs($user)
        
                        ->patch('/api/users/' . $user->getId(), [
        
                            'json' => [
        
                                'dragonTreasures' => [
        
                                    '/api/treasures/' . $dragonTreasure->getId(),
        
                                    '/api/treasures/' . $dragonTreasure3->getId(),
        
                                ],
        
                            ],
        
                            'headers' => ['Content-Type' => 'application/merge-patch+json']
        
                        ])
        
                        ->assertStatus(200)
        
                        ->get('/api/users/' . $user->getId())
        
                        ->dump()
        
                Show Lines

                                                    // ... lines 79 - 81
                            
                    ;
        
                }
        
                Show Lines

                                                    // ... lines 84 - 117
                            
            }

I want to see what the user looks like after the update. Finally, assert that the length of the dragonTreasures field - I need quotes on that - is 2, for treasures 1 and 3. Then assert that dragonTreasures[0] is equal to '/api/treasures/'., followed by $dragonTreasure->getId(). Copy that, paste, and assert that the 1 key is $dragonTreasure3.

            Copy Code

                            Show All Lines

                        119 lines
            |
            tests/Functional/UserResourceTest.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class UserResourceTest extends ApiTestCase
        
            {
        
                Show Lines

                                                    // ... lines 13 - 56
                            
                public function testTreasuresCanBeRemoved(): void
        
                {
        
                    $user = UserFactory::createOne();
        
                    $otherUser = UserFactory::createOne();
        
                    $dragonTreasure = DragonTreasureFactory::createOne(['owner' => $user]);
        
                    DragonTreasureFactory::createOne(['owner' => $user]);
        
                    $dragonTreasure3 = DragonTreasureFactory::createOne(['owner' => $otherUser]);
        
                    $this->browser()
        
                        ->actingAs($user)
        
                        ->patch('/api/users/' . $user->getId(), [
        
                            'json' => [
        
                                'dragonTreasures' => [
        
                                    '/api/treasures/' . $dragonTreasure->getId(),
        
                                    '/api/treasures/' . $dragonTreasure3->getId(),
        
                                ],
        
                            ],
        
                            'headers' => ['Content-Type' => 'application/merge-patch+json']
        
                        ])
        
                        ->assertStatus(200)
        
                        ->get('/api/users/' . $user->getId())
        
                        ->dump()
        
                        ->assertJsonMatches('length("dragonTreasures")', 2)
        
                        ->assertJsonMatches('dragonTreasures[0]', '/api/treasures/' . $dragonTreasure->getId())
        
                        ->assertJsonMatches('dragonTreasures[1]', '/api/treasures/' . $dragonTreasure3->getId())
        
                    ;
        
                }
        
                Show Lines

                                                    // ... lines 84 - 117
                            
            }

Lovely! That test took some work, but it'll be super useful. Let's... just run it and see what happens! Copy the method name and, over at your terminal, run:

symfony php bin/phpunit --filter=testTreasuresCanBeRemoved

And by "cannot be removed", I, of course, mean that it can be removed. That was some good 'ol copy/paste madness right there. There we go. And... it fails, on line 81. This means that the request was successful... but the dragonTreasures are still the original two: /api/treasures/2 instead of /api/treasures/3. No changes were made to the treasures.

Why? Let's find out next and leverage the property accessor component to make sure the changes save correctly.

12 Comments

Sort By

Joel-L 11 months ago

Hey Ryan,

you might say it already but i can't find the reference in your course, if i execute a patch request with a collection of embed objects (not IRI) , there is a way to use the EntityClassDtoStateProcessor or should i use a custom processor class ?

| Reply |

Joel-L Joel-L 11 months ago

or should i use the serialization group in ApiResource class like we used to do it entity class ?

| Reply |

weaverryan SFCASTS Joel-L 11 months ago

Hey @Joel-L!

You're doing something like PATCH:

{
    "name": "Cool product",
    "specs": [
        { "name": "weight", "value": "10 kg" },
        { "name": "color", "value": "red" },
    ]
}

Right? Without thinking about this too hard, yes, the answer should be to use serialization groups. This all comes down to the serializer: we want it to "accept" the serialization groups and return them into DTO objects. Then, by the time the code gets to our state processor, we should have (to use my example here) a ProductDto with a specs property full of ProductSpecDto objects. Then, transforming that into entity objects and saving them shouldn't be any different.

The biggest bummer for me when allowing embedded objects with this setup is that you suddenly do need to use serialization groups. The system simplified life so that we didn't need them anymore... but if you want to accept embedded data, then you do need them.

Cheers!

| Reply |

Joel-L weaverryan 11 months ago

Thanks Ryan

in that direction i'm facing a new problem :

"type": "https://tools.ietf.org/html/rfc2616#section-10",
    "title": "An error occurred",
    "detail": "Could not determine access type for property \"items\" in class \"App\\Entity\\Product\".",
    "trace": [
        {
            "namespace": "",
            "short_class": "",
            "class": "",
            "type": "",
            "function": "",
            "file": "/api/vendor/symfony/property-access/PropertyAccessor.php",
            "line": 544,
            "args": []
        },

There is a Product and a (child) Item entity class.
I've created a ProductApi and ItemApi resource class everything is fine except for Patch operation who i got the error above.

It seems happening from the mapper $this->propertyAccessor->setValue($entity, 'items', $importItemEntities);
where $entity is ProductApi and items is ItemApi Collection.

Any idea ?

| Reply |

weaverryan SFCASTS Joel-L 11 months ago

Hey @Joel-L!

On your Product class, how is the $items property accessible? You would typically have an addItem() and removeItem() method, and the property accessor is smart enough to call those. Do you have them (they're added by MakerBundle if you generated the relationship via make:entity and said that you wanted to map the "inverse" side of the relation),

Cheers!

| Reply |

Joel-L weaverryan 11 months ago

yes i have them :
getItems()
addItem()
removeItem()

| Reply |

weaverryan SFCASTS Joel-L 11 months ago

Hmm, then that just doesn't make sense. The error specifically is:

Could not determine access type for property \"items\" in class \"App\Entity\Product\".

So this means that PropertyAccess component is being asked to read or write the "items" property on the Product entity. And being able to use getItems() (in the case of reading) or addItem() / removeItem() is core to the property accessor component https://symfony.com/doc/current/components/property_access.html#writing-to-array-properties

Hmm, unless there is something weird happening because items on your entity is a Collection and on your DTO it is an array. You could try making your items on your DTO an ArrayCollection from Doctrine to test that theory (so that both sides are a type of "collection" object).

Cheers!

| Reply |

Joel-L weaverryan 11 months ago

below the source code i'm using , jus tin case you have time :

Product entity

#[ORM\Entity(repositoryClass: ProductRepository::class)]
#[ORM\Table(name: 'sdp_product')]
class Product
{
	#[ORM\Id]
    #[ORM\Column(type: 'uuid', unique: true)]
    #[ORM\GeneratedValue(strategy: 'CUSTOM')]
    #[ORM\CustomIdGenerator(class: 'doctrine.uuid_generator')]
    private ?Uuid $id = null;

    #[ORM\OneToMany(mappedBy: 'importation', targetEntity: Item::class, cascade: ['persist'], orphanRemoval: true)]
    private Collection $items;

    public function __construct()
    {
     
        $this->items = new ArrayCollection();
     
    }

     public function getId(): ?Uuid
    {
        return $this->id;
    }


    /**
     * @return Collection<int, Item>
     */
    public function getItems(): Collection
    {
        return $this->items;
    }

    public function addItem(Item $item): self
    {
        if (!$this->items->contains($item)) {
            $this->items->add($item);
            $item->setImportation($this);
        }

        return $this;
    }

    public function removeItem(Item $item): self
    {
        if ($this->items->removeElement($item)) {
            // set the owning side to null (unless already changed)
            if ($item->getImportation() === $this) {
                $item->setImportation(null);
            }
        }

        return $this;
    }

}

Item entity

#[ORM\Entity(repositoryClass: ItemRepository::class)]
#[ORM\Table(name: 'sdp_item')]
class Item
{
    #[ORM\Id]
    #[ORM\Column(type: 'uuid', unique: true)]
    #[ORM\GeneratedValue(strategy: 'CUSTOM')]
    #[ORM\CustomIdGenerator(class: 'doctrine.uuid_generator')]
    private ?Uuid $id = null;


	#[ORM\ManyToOne(inversedBy: 'items')]
    private ?Product $product = null;

	public function getId(): ?Uuid
    {
        return $this->id;
    }

    public function getProduct(): ?Product
    {
        return $this->product;
    }

    public function setProduct(?Product $product): self
    {
        $this->product = $product;

        return $this;
    }

}

ProductApi resource

#[ApiResource(    
    normalizationContext: ['groups' => ['read']],
    denormalizationContext: ['groups' => ['write']],
    provider: EntityToDtoStateProvider::class,
    processor: EntityClassDtoStateProcessor::class,
    stateOptions: new Options(entityClass: Product::class),
)]
class ProductApi
{
    #[ApiProperty(readable: true, writable: false, identifier: true)]
    #[Groups(['read'])]
    private ?Uuid $id = null;

    #[Groups(['read','write'])]
    private Collection $items;


    public function __construct()
    {
        $this->items = new ArrayCollection();
    }



    /**
     * @return Collection<int, ItemApi>
     */
    public function getItems(): Collection
    {
        return $this->items;
    }

    public function addItem(ItemApi $item): self
    {
        if (!$this->items->contains($item)) {
            $this->items->add($item);
            $item->setImport($this);
        }

        return $this;
    }

    public function removeItem(ItemApi $item): self
    {
        if ($this->items->removeElement($item)) {            
            if ($item->getProduct() === $this) {
                $item->setProduct(null);
            }
        }

        return $this;
    }

}

ItemApi resource

#[ApiResource(    
    provider: EntityToDtoStateProvider::class,
    processor: EntityClassDtoStateProcessor::class,
    stateOptions: new Options(entityClass: Item::class),
)]
class ItemApi
{
    #[ApiProperty(readable: true, writable: false, identifier: true)]
    #[Groups(['read'])]
    private ?Uuid $id = null;

    #[Groups(['read','write'])]
    private ?int $price = null;

    #[Groups(['read','write'])]
    private ?int $quantity = null;


    ... with Getter and Setter
}

ProductApiToEntityMapper

#[AsMapper(from: ProductApi::class, to: Product::class)]
class ProductApiToEntityMapper implements MapperInterface
{
    public function __construct(
        private ProductRepository $productRepository,
        private MicroMapperInterface $microMapper,
        private PropertyAccessorInterface $propertyAccessor,
    )
    {
    }

    public function load(object $from, string $toClass, array $context): object
    {
        $dto = $from;
        assert($dto instanceof ProductApi);

        $userEntity = $dto->getId() ? $this->importationRepository->find($dto->getId()) : new Importation();
        if (!$userEntity) {
            throw new \Exception('Importation not found');
        }

        return $userEntity;
    }

    public function populate(object $from, object $to, array $context): object
    {
        $dto = $from;
        assert($dto instanceof ProductApi);
        $entity = $to;
        assert($entity instanceof Product);
                

        $itemEntities = [];
        foreach ($dto->getItems() as $itemApi) {
            $itemEntities[] = $this->microMapper->map($importItemApi, ImportationItem::class, [
                MicroMapperInterface::MAX_DEPTH => 1,
            ]);
        }        
        $this->propertyAccessor->setValue($entity, 'items', $itemEntities);

        return $entity;
    }
}

| Reply |

weaverryan SFCASTS Joel-L 11 months ago

It all looks fine. My best guess, of something to try - just to see if it makes a difference - would be to make the items property in ProductApi an array, instead of an ArrayCollection. That shouldn't make any difference, but your entity looks fine. So the idea is that: perhaps the property accessor is getting confused by the ArrayCollection (not realizing it is a "collection") and so is not looking for an adder/remove and is instead only looking for a setter.

Cheers!

| Reply |

Joel-L weaverryan 11 months ago

thanks for your time.
But unfortunately i got same error message.
I will still searching

| Reply |

Joel-L Joel-L 11 months ago

i found the issue it was mispelling items name
fix now with Collection everywhere
thks againe for your time

| Reply |

weaverryan SFCASTS Joel-L 10 months ago edited

Phew! Fantastic - glad you got it sorted.

Happy holidays!

| Reply |

Symfony 6.3 API Platform 3

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=8.1",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "api-platform/core": "3.1.x-dev", // 3.1.x-dev
        "doctrine/annotations": "^2.0", // 2.0.1
        "doctrine/doctrine-bundle": "^2.8", // 2.10.2
        "doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.4
        "doctrine/orm": "^2.14", // 2.16.1
        "nelmio/cors-bundle": "^2.2", // 2.3.1
        "nesbot/carbon": "^2.64", // 2.69.0
        "phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
        "phpstan/phpdoc-parser": "^1.15", // 1.23.1
        "symfony/asset": "6.3.*", // v6.3.0
        "symfony/console": "6.3.*", // v6.3.2
        "symfony/dotenv": "6.3.*", // v6.3.0
        "symfony/expression-language": "6.3.*", // v6.3.0
        "symfony/flex": "^2", // v2.3.3
        "symfony/framework-bundle": "6.3.*", // v6.3.2
        "symfony/property-access": "6.3.*", // v6.3.2
        "symfony/property-info": "6.3.*", // v6.3.0
        "symfony/runtime": "6.3.*", // v6.3.2
        "symfony/security-bundle": "6.3.*", // v6.3.3
        "symfony/serializer": "6.3.*", // v6.3.3
        "symfony/stimulus-bundle": "^2.9", // v2.10.0
        "symfony/string": "6.3.*", // v6.3.2
        "symfony/twig-bundle": "6.3.*", // v6.3.0
        "symfony/ux-react": "^2.6", // v2.10.0
        "symfony/ux-vue": "^2.7", // v2.10.0
        "symfony/validator": "6.3.*", // v6.3.2
        "symfony/webpack-encore-bundle": "^2.0", // v2.0.1
        "symfony/yaml": "6.3.*", // v6.3.3
        "symfonycasts/micro-mapper": "^0.1.0" // v0.1.1
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.4
        "mtdowling/jmespath.php": "^2.6", // 2.6.1
        "phpunit/phpunit": "^9.5", // 9.6.11
        "symfony/browser-kit": "6.3.*", // v6.3.2
        "symfony/css-selector": "6.3.*", // v6.3.2
        "symfony/debug-bundle": "6.3.*", // v6.3.2
        "symfony/maker-bundle": "^1.48", // v1.50.0
        "symfony/monolog-bundle": "^3.0", // v3.8.0
        "symfony/phpunit-bridge": "^6.2", // v6.3.2
        "symfony/stopwatch": "6.3.*", // v6.3.0
        "symfony/web-profiler-bundle": "6.3.*", // v6.3.2
        "zenstruck/browser": "^1.2", // v1.4.0
        "zenstruck/foundry": "^1.26" // v1.35.0
    }
}

Previous Chapter

Next Chapter

Writing to a Collection Relation

Share this awesome video!

Keep on Learning!

Avoid Writable Collection Fields?

Testing the Collection Write

12 Comments

Delete comment?

What PHP libraries does this tutorial use?

Show Lines	// ... lines 1 - 10
	class UserResourceTest extends ApiTestCase
	{
Show Lines	// ... lines 13 - 56
	public function testTreasuresCannotBeStolen(): void
	{
	$user = UserFactory::createOne();
	$otherUser = UserFactory::createOne();
	$dragonTreasure = DragonTreasureFactory::createOne(['owner' => $otherUser]);

	$this->browser()
	->actingAs($user)
	->patch('/api/users/' . $user->getId(), [
	'json' => [
	'username' => 'changed',
	'dragonTreasures' => [
	'/api/treasures/' . $dragonTreasure->getId(),
	],
	],
	'headers' => ['Content-Type' => 'application/merge-patch+json']
	])
	->assertStatus(422);
	}
Show Lines	// ... lines 76 - 89
	}