Auto Setting the "owner"
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
With a Subscription, click any sentence in the script to jump to that part of the video!
Login SubscribeEvery DragonTreasure
must have an owner
... and to set that, when you POST
to create a treasure, we require that field. I think we should make that optional. So, in the test, stop sending the owner
field:
// ... lines 1 - 12 | |
class DragonTreasureResourceTest extends ApiTestCase | |
{ | |
// ... lines 15 - 41 | |
public function testPostToCreateTreasure(): void | |
{ | |
// ... lines 44 - 45 | |
$this->browser() | |
// ... lines 47 - 51 | |
->post('/api/treasures', HttpOptions::json([ | |
// ... lines 53 - 56 | |
'owner' => '/api/users/'.$user->getId(), | |
])) | |
// ... lines 59 - 60 | |
; | |
} | |
// ... lines 63 - 179 | |
} |
When this happens, let's automatically set it to the currently-authenticated user.
Make sure the test fails. Copy the method name... and run it:
symfony php bin/phpunit --filter=testPostToCreateTreasure
Nailed it. Got a 422, 201 expected. That 422 is a validation error from the owner
property: this value should not be null.
Removing the Owner Validation
If we're going to make it optional, we need to remove that Assert\NotNull
:
// ... lines 1 - 88 | |
class DragonTreasure | |
{ | |
// ... lines 91 - 136 | |
// ... line 138 | |
private ?User $owner = null; | |
// ... lines 140 - 251 | |
} |
And now when we try the test:
symfony php bin/phpunit --filter=testPostToCreateTreasure
Well hello there gorgeous 500 error! Probably it's because the null owner_id
is going kaboom when it hits the database. Yup!
Using the State Processors
So: how can we automatically set this field when it's not sent? In the previous API Platform 2 tutorial, I did this with an entity listener, which is a fine solution. But in API Platform 3, just like when we hashed the user password, there's now a really nice system for this: the state processor system.
As a reminder, our POST and PATCH endpoints for DragonTreasure
already have a state processor that comes from Doctrine: it's responsible for saving the object to the database. Our goal will feel familiar at this point: to decorate that state process so we can run extra code before saving.
Like before, start by running:
php bin/console make:state-processor
Call it DragonTreasureSetOwnerProcessor
:
// ... lines 1 - 2 | |
namespace App\State; | |
use ApiPlatform\Metadata\Operation; | |
use ApiPlatform\State\ProcessorInterface; | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): void | |
{ | |
// Handle the state | |
} | |
} |
Over in src/State/
, open that up. Ok, let's decorate! Add the construct method with private ProcessorInterface $innerProcessor
:
// ... lines 1 - 5 | |
use ApiPlatform\State\ProcessorInterface; | |
// ... lines 7 - 9 | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
public function __construct(private ProcessorInterface $innerProcessor) | |
{ | |
} | |
// ... lines 15 - 19 | |
} |
Tip
In API Platform 3.2 and higher, you should return $this->innerProcessor->process()
. This
is also a safe thing to do in 3.0 & 3.1.
Then down in process()
, call that! This method doesn't return anything - it has a void
return - so we just need $this->innerProcessor
- don't forget that part like I am - ->process()
passing $data
, $operation
, $uriVariables
and $context
:
// ... lines 1 - 9 | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
// ... lines 12 - 15 | |
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): void | |
{ | |
$this->innerProcessor->process($data, $operation, $uriVariables, $context); | |
} | |
} |
Now, to make Symfony use our state processor instead of the normal one from Doctrine, add #[AsDecorator]
... and the id of the service is api_platform.doctrine.orm.state.persist_processor
:
// ... lines 1 - 6 | |
use Symfony\Component\DependencyInjection\Attribute\AsDecorator; | |
'api_platform.doctrine.orm.state.persist_processor') | (|
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
// ... lines 12 - 19 | |
} |
Cool! Now, everything that uses that service in the system will be passed our service instead... and then the original will be passed into us.
Decorating Multiple Times is Ok!
Oh, and there's something cool going on. Look at UserHashPasswordStateProcessor
. We're decorating the same thing there! Yea, we're decorating that service twice, which is totally allowed! Internally, this will create a, sort of, chain of decorated services.
Ok, let's get to work setting the owner. Autowire our favorite Security
service so we can figure out who is logged in:
// ... lines 1 - 7 | |
use Symfony\Bundle\SecurityBundle\Security; | |
// ... lines 9 - 11 | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
public function __construct(private ProcessorInterface $innerProcessor, private Security $security) | |
{ | |
} | |
// ... lines 17 - 25 | |
} |
Then, before we do the saving, if $data
is an instanceof DragonTreasure
and $data->getOwner()
is null and $this->security->getUser()
- making sure the user is logged in - then $data->setOwner($this->security->getUser())
:
// ... lines 1 - 11 | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
// ... lines 14 - 17 | |
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): void | |
{ | |
if ($data instanceof DragonTreasure && $data->getOwner() === null && $this->security->getUser()) { | |
$data->setOwner($this->security->getUser()); | |
} | |
$this->innerProcessor->process($data, $operation, $uriVariables, $context); | |
} | |
} |
That should do it! Run that test:
symfony php bin/phpunit --filter=testPostToCreateTreasure
Yikes! Allowed memory size exhausted. I smell recursion! Because... I'm calling process()
on myself: I need $this->innerProcessor->process()
:
// ... lines 1 - 11 | |
class DragonTreasureSetOwnerProcessor implements ProcessorInterface | |
{ | |
// ... lines 14 - 17 | |
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): void | |
{ | |
// ... lines 20 - 23 | |
$this->innerProcessor->process($data, $operation, $uriVariables, $context); | |
} | |
} |
Now:
symfony php bin/phpunit --filter=testPostToCreateTreasure
A passing test is so much cooler than recursion. And the owner field is now optional!
Next: we currently return all treasures from our GET collection endpoint, including unpublished treasures. Let's fix that by modifying the query behind that endpoint to hide them.
process method should return the result, otherwise you get NULL response in the response body