Chapters
37 Chapters
|
3:43:31
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/core": "^3.0", // v3.1.2
"doctrine/annotations": "^2.0", // 2.0.1
"doctrine/doctrine-bundle": "^2.8", // 2.8.3
"doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.2
"doctrine/orm": "^2.14", // 2.14.1
"nelmio/cors-bundle": "^2.2", // 2.2.0
"nesbot/carbon": "^2.64", // 2.66.0
"phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
"phpstan/phpdoc-parser": "^1.15", // 1.16.1
"symfony/asset": "6.2.*", // v6.2.5
"symfony/console": "6.2.*", // v6.2.5
"symfony/dotenv": "6.2.*", // v6.2.5
"symfony/expression-language": "6.2.*", // v6.2.5
"symfony/flex": "^2", // v2.2.4
"symfony/framework-bundle": "6.2.*", // v6.2.5
"symfony/property-access": "6.2.*", // v6.2.5
"symfony/property-info": "6.2.*", // v6.2.5
"symfony/runtime": "6.2.*", // v6.2.5
"symfony/security-bundle": "6.2.*", // v6.2.6
"symfony/serializer": "6.2.*", // v6.2.5
"symfony/twig-bundle": "6.2.*", // v6.2.5
"symfony/ux-react": "^2.6", // v2.7.1
"symfony/ux-vue": "^2.7", // v2.7.1
"symfony/validator": "6.2.*", // v6.2.5
"symfony/webpack-encore-bundle": "^1.16", // v1.16.1
"symfony/yaml": "6.2.*" // v6.2.5
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.2
"mtdowling/jmespath.php": "^2.6", // 2.6.1
"phpunit/phpunit": "^9.5", // 9.6.3
"symfony/browser-kit": "6.2.*", // v6.2.5
"symfony/css-selector": "6.2.*", // v6.2.5
"symfony/debug-bundle": "6.2.*", // v6.2.5
"symfony/maker-bundle": "^1.48", // v1.48.0
"symfony/monolog-bundle": "^3.0", // v3.8.0
"symfony/phpunit-bridge": "^6.2", // v6.2.5
"symfony/stopwatch": "6.2.*", // v6.2.5
"symfony/web-profiler-bundle": "6.2.*", // v6.2.5
"zenstruck/browser": "^1.2", // v1.2.0
"zenstruck/foundry": "^1.26" // v1.28.0
}
}
12 Comments
for filtering GetCollection so that only owner can see it you can check following documentation https://api-platform.com/docs/core/extensions/#example
Hey Nuri,
Thanks for sharing this link!
Cheers!
Hi All,
I have this error : Session was used while the request was declared stateless."
Hey @Amine
Could you tell me more about what were you doing?
Cheers!
I had to use a strict comparison (
object.getOwner() === user), otherwise my tests would fail with a 403.Maybe that was also @Cameron's issue?
Hey @Manuel-B!
That's interesting. Using
===should be stronger than==... so if I'm thinking about it correctly, if anything, this should make the code deny access in MORE situations. But, I believe you - I just can't think in my head why this would make a difference :).Anyway, thanks for posting - if it is important in some cases, it will help others.
Cheers!
Hey @weaverryan!
Yes, I totally agree with you. It's definitely counter-intuitive. Iirc it had something to do with nesting and how
==would iterate over all nested objects (deadly if your resource has a relation with yourUserresource) whereas===would compare the objects directly. I believe it was this StackOverflow answer that led me to try this.It still seems odd to me that it would've thrown a 403, but unfortunately I cannot reproduce the issue anymore.
Ah, nested objects! That is, indeed, an interesting hint!
Hey team,
I used:
on the POST operation (to properly lockdown the creation of the entity). but it gives a 403 error.
it doesn't even hit my
dd($data);in the processor - so it's like it doesn't even get to denormalise stage (is this the correct flow of things?)I haven't been able to solve this. But strangely this works on PATCH operations. do you have any suggestions on what this might be or even how I might start debugging it (as I can't see profiler for access control stuff). Thanks again :-)
Hey @Cameron
so if you can't get to denormalize, then there is another security rule which fires. Can you show complete resource config?
Cheers!
Hey sadikoff, i solved this but i cant remember how. I should have posted my answer here at the time, i think i got caught up writing code. Thanks for the help, ive found apiplatform security a bit challenging.
Yeah that's happens sometime, happy hat you solved your issue!
"Houston: no signs of life"
Start the conversation!