Chapters
37 Chapters
|
3:43:31
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"api-platform/core": "^3.0", // v3.1.2
"doctrine/annotations": "^2.0", // 2.0.1
"doctrine/doctrine-bundle": "^2.8", // 2.8.3
"doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.2
"doctrine/orm": "^2.14", // 2.14.1
"nelmio/cors-bundle": "^2.2", // 2.2.0
"nesbot/carbon": "^2.64", // 2.66.0
"phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
"phpstan/phpdoc-parser": "^1.15", // 1.16.1
"symfony/asset": "6.2.*", // v6.2.5
"symfony/console": "6.2.*", // v6.2.5
"symfony/dotenv": "6.2.*", // v6.2.5
"symfony/expression-language": "6.2.*", // v6.2.5
"symfony/flex": "^2", // v2.2.4
"symfony/framework-bundle": "6.2.*", // v6.2.5
"symfony/property-access": "6.2.*", // v6.2.5
"symfony/property-info": "6.2.*", // v6.2.5
"symfony/runtime": "6.2.*", // v6.2.5
"symfony/security-bundle": "6.2.*", // v6.2.6
"symfony/serializer": "6.2.*", // v6.2.5
"symfony/twig-bundle": "6.2.*", // v6.2.5
"symfony/ux-react": "^2.6", // v2.7.1
"symfony/ux-vue": "^2.7", // v2.7.1
"symfony/validator": "6.2.*", // v6.2.5
"symfony/webpack-encore-bundle": "^1.16", // v1.16.1
"symfony/yaml": "6.2.*" // v6.2.5
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.2
"mtdowling/jmespath.php": "^2.6", // 2.6.1
"phpunit/phpunit": "^9.5", // 9.6.3
"symfony/browser-kit": "6.2.*", // v6.2.5
"symfony/css-selector": "6.2.*", // v6.2.5
"symfony/debug-bundle": "6.2.*", // v6.2.5
"symfony/maker-bundle": "^1.48", // v1.48.0
"symfony/monolog-bundle": "^3.0", // v3.8.0
"symfony/phpunit-bridge": "^6.2", // v6.2.5
"symfony/stopwatch": "6.2.*", // v6.2.5
"symfony/web-profiler-bundle": "6.2.*", // v6.2.5
"zenstruck/browser": "^1.2", // v1.2.0
"zenstruck/foundry": "^1.26" // v1.28.0
}
}
12 Comments
I tried to change the test testAdminCanPatchToEditTreasure to actually edit the isPublished status.
That was not passing at the current time.
EG. From the script this is OK and passes when the only field changed is value.
But this test does not pass, changing the value of isPublished doesn't seem to work.
Should this work at this point? I think so but maybe I have missed something.
Hey @Lola-Slade!
Sorry for the very slow reply! So the test only passes if you include
'isPublished' => true,? If you don't include it, where is the failure exactly? Do you get a 200 status code, but thevaluereturned is wrong? Or is the failure elsewhere?Let me know and I bet we can unravel this mystery :).
Cheers!
I think I found the explanation for this one after much debugging:
The issue is that the
securityargument of theApiPropertyattribute is evaluated before the denormalization in order to find out which properties are allowed to be written to.But since the treasure object is not denormalized yet the
objectin thesecurityexpression will always benullwhile denormalizing, effectively failing ever time and thus never writing to the property.In this case this could be fixed by letting the
securityexpression pass in caseobjectis not instantiated yet and validate the permissions withsecurityPostDenormalizefor denormalization:I found this behavior of
objectbeingnullin thesecurityexpression while denormalizing very surprising and against my expectation. Especially as the documentation for the same arguments for the operations (Get,Putetc.) attributes mentions a different behavior:And since
securityPostDenormalizeis only evaluated after denormalization of the user provided data into the object this causes huge headaches when a property used for the access decision is writable.Because contrary to the operations
with
ApiPropertythere is noprevious_objectavailable in the expression.Hey @acran!
Fantastic debugging & explanation! Thanks for filling in for me ;)
Thanks a lot for getting back to me Ryan!
It's the opposite. The issue is that the value of isPublished cannot be changed to true.
So any test that does include
isPublishedand then tries to validate the changed value fails.Hey @Lola-Slade!
Glacial reply again, but, does this help? https://symfonycasts.com/screencast/api-platform-security/api-property#comment-33098
Strange Api-platform activity. It looks like ApiProperty Attribute doesn't work with json format. Why? And how to make ApiProperty to work on json format too?
I have simple ApiResource example
If i request jsonld format
http://localhost/api/users/1.jsonld, i get:'doNotShow' is not visible
If i request json format
http://localhost/api/users/1.json, i get:'doNotShow' is visible
PHP 8.2, Symfony 7, "api-platform/core": "3.3.2",
config file: api_platform.yaml
Hey @Mantasz
It seems like an ApiPlatform bug. Try upgrading to the latest version. If the problem remains, you may want to open an issue to the ApiPlatform GitHub repository
Cheers!
it is the latest version: "api-platform/core": "3.3.2".
The only thing I can think of is that it's an ApiPlatform bug. Try asking in their Slack channel
Sorry I cannot help further
is there a securityMessage for ApiProperty like for Operations ?
Hey Gamusta,
Here's the list of possible arguments for ApiProperty: https://github.com/api-platform/core/blob/main/src/Metadata/ApiProperty.php#L45 - there's
security, but nosecurityMessage.Cheers!
"Houston: no signs of life"
Start the conversation!