Chapters

37 Chapters | 3:43:31 |

01

API Docs on Production?

8:22
02

API Tokens? Session Cookies?

8:07
03

API Login Form with json_login

5:36
04

Handling Authentication Errors

3:47
05

On Authentication Success

6:03
06

Logout & Passing API Data to JavaScript

5:45
07

Passing Values to Stimulus

4:32
08

Token Types & The ApiToken Entity

5:59
09

Generating the API Token & Fixtures

5:58
10

Access Token Authenticator

8:56
11

Customizing the OpenAPI Docs

7:31
12

API Token Scopes

5:51
13

Deny Access with The "security" Option

7:11
14

Bootstrapping a Killer Test System

8:18
15

JSON Test Assertions & Seeding the Database

3:41
16

Advanced & Flexible JSON Test Assertions

4:04
17

Testing Authentication

4:59
18

Customizing Browser Globally

3:50
19

Testing Token Authentication

3:24
20

New PUT Behavior

4:46
21

Only Allow Owners to Edit

7:49
22

Allow Admin Users to Edit any Treasure

4:11
23

Security Voter

6:13
24

Conditional Fields by User: ApiProperty

5:13
25

User Test + Plain Password

4:21
26

State Processors: Hashing the User Password

6:55
27

Validation Groups & Patch Formats

8:01
28

Dynamic Groups: Context Builder

8:26
29

Custom Normalizer

5:08
30

Normalizer Decoration & "Normalizer Aware"

6:29
31

Totally Custom Fields

3:24
32

Custom Validator

7:58
33

Validating how Values Change

8:30
34

Auto Setting the "owner"

4:19
35

Query Extension: Auto-Filter a Collection

6:15
36

404 On Unpublished Items

8:00
37

Filtering Relation Collection

5:39

> APIs > API Platform 3 Part 2: Security for your Treasures

Buy Access to Course

30.

Normalizer Decoration & "Normalizer Aware"

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Chapter

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

Our mission is clear: set up our normalizer to decorate Symfony's core normalizer service so that we can add the owner:read group when necessary and then call the decorated normalizer.

Setting up for Decoration

And we know decoration! Add public function __construct() with private NormalizerInterface $normalizer:

            Copy Code

                            Show All Lines

                        25 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 4
                            
            use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
        
            class AddOwnerGroupsNormalizer implements NormalizerInterface
        
            {
        
                public function __construct(private NormalizerInterface $normalizer)
        
                {
        
                }
        
                Show Lines

                                                    // ... lines 12 - 23
                            
            }

Below in normalize(), add a dump() then return $this->normalizer->normalize() passing $object $format, and $context. For supportsNormalization(), do the same thing: call supportsNormalization() on the decorated class and pass the args:

            Copy Code

                            Show All Lines

                        25 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 6
                            
            class AddOwnerGroupsNormalizer implements NormalizerInterface
        
            {
        
                Show Lines

                                                    // ... lines 9 - 12
                            
                public function normalize(mixed $object, string $format = null, array $context = []): array|string|int|float|bool|\ArrayObject|null
        
                {
        
                    dump('IT WORKS!');
        
                    return $this->normalizer->normalize($object, $format, $context);
        
                }
        
                public function supportsNormalization(mixed $data, string $format = null, array $context = []): bool
        
                {
        
                    return $this->normalizer->supportsNormalization($data, $format);
        
                }
        
            }

To complete decoration, head to the top of the class. I'll remove a few old use statements... then say #[AsDecorator] passing serializer, which I mentioned is the service id for the top-level main normalizer:

            Copy Code

                            Show All Lines

                        27 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 4
                            
            use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
        
                Show Lines

                                                    // ... lines 6 - 7
                            
            #[AsDecorator('serializer')]
        
            class AddOwnerGroupsNormalizer implements NormalizerInterface
        
            {
        
                Show Lines

                                                    // ... lines 11 - 25
                            
            }

Ok! We haven't made any changes yet... so we should still see the one failing test. Try it:

symfony php bin/phpunit --filter=testOwnerCanSeeIsPublishedField

Woh! An explosion! Wow.

ValidationExceptionListener::__construct(): Argument #1 ($serializer) must be of type SerializerInterface, AddOwnerGroupsNormalizer given.

Okay? When we add #[AsDecorator('serializer')], it means that our service replaces the service known as serializer. So, everyone that's depending on the serializer service will now be passed us... and then the original serializer is passed to our constructor.

So, what's the problem? Decoration has worked several times before. The problem is that the serializer service in Symfony is... kind of big. It implements NormalizerInterface, but also DenormalizerInterface, EncoderInterface, DecoderInterface and SerializerInterface! But our object only implements one of these . And so, when our class is passed to something that expects an object with one of those other 4 interfaces, it explodes.

If we truly wanted to decorate the serializer service, we would need to implement all five of those interfaces... which is just a ugly and too much. And that's fine!

Decorating a Lower-Level Normalizer

Instead of decorating the top level normalizer, let's decorate one specific normalizer: the one that's responsible for normalizing ApiResource objects into JSON-LD. This is another spot where you can rely on the documentation to give you the exact service ID you need. It's api_platform.jsonld.normalizer.item:

            Copy Code

                            Show All Lines

                        27 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 4
                            
            use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
        
                Show Lines

                                                    // ... lines 6 - 7
                            
            #[AsDecorator('api_platform.jsonld.normalizer.item')]
        
            class AddOwnerGroupsNormalizer implements NormalizerInterface
        
            {
        
                Show Lines

                                                    // ... lines 11 - 25
                            
            }

Try the test again: testOwnerCanSeeIsPublishedField

symfony php bin/phpunit --filter=testOwnerCanSeeIsPublishedField

Yes! We see our dump! And... a 400 error? Let me pop open the response so we can see it. Strange:

The injected serializer must be an instance of NormalizerInterface.

And it's coming from deep inside of API Platform's serializer code. So... decorating normalizers is not a very friendly process. It's well-documented, but weird. When you decorate this specific normalizer, you also need to implement SerializerAwareInterface. And that's going to require you to have a setSerializer() method. Oh, let me import that use statement: I don't know why that didn't come automatically:

            Copy Code

                            Show All Lines

                        36 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 6
                            
            use Symfony\Component\Serializer\SerializerAwareInterface;
        
                Show Lines

                                                    // ... lines 8 - 10
                            
            class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
        
            {
        
                Show Lines

                                                    // ... lines 13 - 28
                            
                public function setSerializer(SerializerInterface $serializer)
        
                {
        
                Show Lines

                                                    // ... lines 31 - 33
                            
                }
        
            }

There we go.

Inside, say, if $this->normalizer is an instanceof SerializerAwareInterface, then call $this->normalizer->setSerializer($serializer):

            Copy Code

                            Show All Lines

                        36 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 10
                            
            class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
        
            {
        
                Show Lines

                                                    // ... lines 13 - 28
                            
                public function setSerializer(SerializerInterface $serializer)
        
                {
        
                    if ($this->normalizer instanceof SerializerAwareInterface) {
        
                        $this->normalizer->setSerializer($serializer);
        
                    }
        
                }
        
            }

I don't even want to get into the details of this: it just happens that the normalizer we're decorating implements another interface... so we need to also implement it.

Let's try this again.

symfony php bin/phpunit --filter=testOwnerCanSeeIsPublishedField

Finally, we have the dump and it's failing the assertion we expect... since we haven't added the group yet. Let's do that!

Adding the Dynamic Group

Remember the goal: if we own this DragonTreasure, we want to add the owner:read group. On the constructor, autowire the Security service as a property:

            Copy Code

                            Show All Lines

                        40 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 5
                            
            use Symfony\Bundle\SecurityBundle\Security;
        
                Show Lines

                                                    // ... lines 7 - 12
                            
            class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
        
            {
        
                public function __construct(private NormalizerInterface $normalizer, private Security $security)
        
                {
        
                }
        
                Show Lines

                                                    // ... lines 18 - 38
                            
            }

Then, down here, if $object is an instanceof DragonTreasure - because this method will be called for all of our API resource classes - and $this->security->getUser() equals $object->getOwner(), then call $context['groups'][] to add owner:read:

            Copy Code

                            Show All Lines

                        40 lines
            |
            src/Normalizer/AddOwnerGroupsNormalizer.php
        
                Show Lines

                                                    // ... lines 1 - 4
                            
            use App\Entity\DragonTreasure;
        
                Show Lines

                                                    // ... lines 6 - 12
                            
            class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
        
            {
        
                Show Lines

                                                    // ... lines 15 - 18
                            
                public function normalize(mixed $object, string $format = null, array $context = []): array|string|int|float|bool|\ArrayObject|null
        
                {
        
                    if ($object instanceof DragonTreasure && $this->security->getUser() === $object->getOwner()) {
        
                        $context['groups'][] = 'owner:read';
        
                    }
        
                Show Lines

                                                    // ... lines 24 - 25
                            
                }
        
                Show Lines

                                                    // ... lines 27 - 38
                            
            }

Phew! Try that test one more time:

symfony php bin/phpunit --filter=testOwnerCanSeeIsPublishedField

We got it! We can now return different fields on an object-by-object basis.

Also Decorating the Denormalizer

If you want to also add owner:write during denormalization, you would need to implement a second interface. I'm not going to do the whole thing... but you would implement DenormalizerInterface, add the two methods needed, call the decorated service... and change the argument to be a union type of NormalizerInterface and DenormalizerInterface.

Finally, the service that you're decorating for denormalization is different: it's api_platform.serializer.normalizer.item. However, if you want to decorate both the normalizer and denormalizer in the same class, you'd need to remove #[AsDecorator] and move the decoration config to services.yaml... because a single service can't decorate two things at once. API Platform covers that in their docs.

Ok, I'm going to undo all of that... and just stick with adding owner:read. Next: now that we have a custom normalizer, we can easily do wacky things like adding a totally custom field to our API that doesn't exist in our class.

8 Comments

Sort By

aratinau 1 year ago

Hello,

I'm trying to make a denormalizer but I don't fit in it while I fit well in if ($this->denormalizer instanceof DenormalizerInterface) {
Thanks for your help


namespace App\Serializer;

use App\Entity\DragonTreasure;
use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;

#[AsDecorator('api_platform.serializer.normalizer.item')]
class PlainIdentifierDenormalizer implements /*NormalizerInterface, */ DenormalizerInterface, DenormalizerAwareInterface
{
    public function __construct(
        private DenormalizerInterface $denormalizer,
    ) {
    }

    public function setDenormalizer(DenormalizerInterface $denormalizer)
    {
        if ($this->denormalizer instanceof DenormalizerInterface) {
            $this->denormalizer->setSerializer($denormalizer);
        }
    }

    public function denormalize(mixed $data, string $type, string $format = null, array $context = [])
    {
        dd('yes');
    }

    public function supportsDenormalization(mixed $data, string $type, string $format = null)
    {
        dd('ok');
        return $this->denormalizer->supportsDenormalization($data, $format);
    }
}

1 | Reply |

MolloKhan SFCASTS aratinau 1 year ago edited

Hey @aratinau

I believe you're decorating the wrong service, this is the service you should decorate api_platform.jsonld.normalizer.item

Cheers!

| Reply |

Joris-Mak 1 year ago

I doubt if this is the way to go.

From the Symfony docs to create a custom Normalizer (https://symfony.com/doc/6.4/serializer/custom_normalizer.html#creating-a-new-normalizer):

Injecting an ObjectNormalizer in your custom normalizer is deprecated since Symfony 6.1. Implement the NormalizerAwareInterface and use the NormalizerAwareTrait instead to inject the $normalizer property.

So even the maker-bundle (Which I might not have updated to the latest version since I used the starting project from this tutorial) has a make:serializer:normalizer that isn't 100% correct for Symfony these days.

Create a class, make it implement NormalizerInterface, and also make it implement NormalizerAwareInterface.
Make it use the NormalizerAwareTrait, by adding a use NormalizerAwareTrait; in the top of the class. This is now already enough to have a copy of the 'normal' normalizer available as $this->normalizer.
Implement the required methods (normalize(), supportsNormalization() and also the newer getSupportedTypes()).
Let's start with supportsNormalization(). We want to work on data, if data is a DragonTreasure. So a simple return $data instanceof DragonTreasure seems like it will be enough. It's not, but we'll get back to that.
Now getSupportedTypes(). We must answer what we support and if it's cacheable or not. Now, it seems that we can say we always support $data of type DragonTreasure. Again, this is not true :), but we'll get back to that. For now, let's say it is: return [ DragonTreasure::class => true ];
Now the real normalize() method. Just like decorating a service, we call the normal normalizer we received from the NormalizerAwareTrait. So we start with a simple return $this->normalizer->normalize($object, $format, $context);.

If you try this... you'll notice your application / tests will really crash. Yes, crash. A segfault, or you will see 'it is killed'.
Why?

The serializer checks if we support a DragonTreaure. We do, so our normalize() method gets called. But in that method, we call the normal normalizer to do the business. What does it do? It will check for available normalizers. It will find 'us', we say 'yes, we support that DragonTreasure object', and our normalize() method gets called. And again, and again and again, and boom.

What we need to do, is somehow make sure we only do our normalizer only once per object.
This is pretty simple. In the first line of normalize(), we adjust the $context and set something in it, that will tell us that we already handled it. We can set all kind of things in the $context, but a little convention of myself is to set the array key of my class-string to true. So, above the return statement in normalize() add a line:

$context[self::class] = true;

Now, in supportsNormalization(), we need to say we only support this object if we didn't handle it before.
So, change the return line to:

return $data instanceof DragonTreasure && !isset($context[self::class]);

The last problem we have now, is that in getSupportedTypes() we told that our supportsNormalization() method is cacheable. But since we now have a check for the $context, it's not. So change getSupportedTypes() to be:

return [ DragonTreaure::class => false ];

Now, we have a normalizer that isn't a decorated service, gets only called for DragonTreasure objects and only gets called once.

Ready to do te job we were here for. Under the $context[self::class] = true; line in normalize(), we're going to check if the current user is the owner for this DragonTreasure. If it is, we add 'owner:read' to the $context['groups']. After that, we're going to call the 'normal' normalizer, to do its thing like it normally would. Since we now have the proper groups set, the proper properties will show up in the object.

public function normalize(....)
{
    $context[self::class] = true;
    
    assert($object instanceof DragonTreasure); // Help our IDE to know what kind of object this is
    
    // Don't forget to inject the Security service in your constructor
    $user = $this->security->getUser();
    
    if ($object->getOwner() === $user) {
        // As Ryan did in the previous chapter, check if 'groups' is really set.
        // Otherwise, we won't touch it, just to be sure.
        
        if (isset($context['groups'])) {
            $context['groups'][] = 'owner:read';
        }
    }
    
    // Let the normal normalizer do its thing
    return $this->normalizer->normalize($object, $format, $context);
 }

I'll summarize my final normalizer, including strict typing for phpstan:

<?php

namespace App\Serializer\Normalizer;

use App\Entity\DragonTreasure;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Serializer\Normalizer\NormalizerAwareInterface;
use Symfony\Component\Serializer\Normalizer\NormalizerAwareTrait;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;

class AddOwnerGroupsNormalizer implements NormalizerInterface, NormalizerAwareInterface
{
    use NormalizerAwareTrait;

    public function __construct(
        private readonly Security $security
    ) {
    }

    /**
     * @param array<string,mixed> $context
     *
     * @return array<int|string,mixed>|string|int|float|bool|\ArrayObject<int|string,mixed>|null
     */
    public function normalize($object, string $format = null, array $context = []): array|string|int|float|bool|\ArrayObject|null
    {
        // Mark in the context that we already handled this object, don't do it again
        $context[self::class] = true;

        assert($object instanceof DragonTreasure);

        $user = $this->security->getUser();

        if ($object->getOwner() === $user) {
            // This object is owned by the current user.
            // Add owner:read to the groups before handing of to the normal normalizer
            if (isset($context['groups'])) {
                $context['groups'][] = 'owner:read';
            }
        }

        // Hand it over to the normal normalizer like usual
        $data = $this->normalizer->normalize($object, $format, $context);

        return $data;
    }

    /**
     * @param array<string,mixed> $context
     */
    public function supportsNormalization($data, string $format = null, array $context = []): bool
    {
        // We only support it if it's a DragonTreasure, and if we didn't handle it before
        return $data instanceof DragonTreasure && !isset($context[self::class]);
    }

    /**
     * @return array<class-string|'*'|'object'|string, bool|null>
     */
    public function getSupportedTypes(?string $format): array
    {
        return [
            DragonTreasure::class => false,
        ];
    }
}

If someone knows a way to keep the supportsNormalization() call cacheable, it would be nicer. Maybe just accept it and make it cacheable, and in the normalize() call just return $data as is, if we handled the object before? I'm just thinking out loud here, no clue if this will work. The above code does, and also seems easier to extend to a denormalizer as well.

| Reply |

Dhd 1 year ago

I'm running into the following error trying to create a denormalizer. I can't seem to figure out the cause.

Circular reference detected for service "api_platform.serializer.normalizer.validation_exception", path: "api_platform.serializer.normalizer.validation_exception -> Ap <br /> p\Normalizer\AddOwnerGroupsDenormalizer -> debug.serializer -> debug.serializer.inner -> api_platform.serializer.normalizer.validation_exception".

Any idea as to what might be happening?

Here's my code:


namespace App\Normalizer;

use App\Entity\User;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;


#[AsDecorator('api_platform.serializer.normalizer.item')]
class AddOwnerGroupsDenormalizer implements DenormalizerInterface, DenormalizerAwareInterface
{
    public function __construct(private NormalizerInterface|DenormalizerInterface $denormalize, private Security $security)
    {
    }

    public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): mixed
    {
        if ($data instanceof User && $this->security->getUser() === $data) {
            $context['groups'][] = 'owner:write';
        }

        return $this->denormalize->denormalize($data, $type, $format, $context);
    }

    public function supportsDenormalization(mixed $data, string $type, ?string $format = null, array $context = []): bool
    {
        return $this->denormalize->supportsDenormalization($data, $type, $format, $context);
    }

    public function setDenormalizer(DenormalizerInterface $denormalizer): void
    {
        if ($this->denormalize instanceof DenormalizerAwareInterface) {
            $this->denormalize->setDenormalizer($denormalizer);
        }
    }

    public function getSupportedTypes(?string $format): array
    {
        return [
            User::class => true,
        ];
    }
}

| Reply |

MolloKhan SFCASTS Dhd 1 year ago edited

Hey @Dhd

It seems like you're decorating the main Normalizer service, so when Symfony autowire your class AddOwnerGroupsDenormalizer it's injecting another instance of that same class, hence the circular reference. Try specifying what Normalizer you want in your constructor, you can use the "inner" service like this

    public function __construct(
        #[AutowireDecorated]
        private NormalizerInterface|DenormalizerInterface $denormalize,
    ) {
    }

You can read more about decorating services in Symfony here: https://symfony.com/doc/current/service_container/service_decoration.html

Cheers!

| Reply |

Dhd MolloKhan 1 year ago edited

<?php

namespace App\Normalizer;
use App\ApiResource\CompanyApi;
use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
use Symfony\Component\DependencyInjection\Attribute\AutowireDecorated;
use Symfony\Component\Serializer\Normalizer\DenormalizerAwareInterface;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;

#[AsDecorator('api_platform.serializer.normalizer.item')]
class CompanyOwnerDeNormalizer implements DenormalizerInterface, DenormalizerAwareInterface
{

    public function __construct(
        #[AutowireDecorated]
        private NormalizerInterface|DenormalizerInterface $denormalizer,
        private Security $security
    ) {
    }

    public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): mixed
    {
        dd('works');
        return $this->denormalizer->denormalize($data, $type, $format, $context);
    }
    public function supportsDenormalization(mixed $data, string $type, ?string $format = null, array $context = []): bool
    {
        return $this->denormalizer->supportsDenormalization($data, $format);
    }

    public function setDenormalizer(DenormalizerInterface $denormalizer): void
    {
        if ($this->denormalizer instanceof DenormalizerAwareInterface) {
            $this->denormalizer->setDenormalizer($denormalizer);
        }
    }

    public function getSupportedTypes(?string $format): array
    {
        return [
            CompanyApi::class => false
        ];
    }
}

The error I'm now getting is

ApiPlatform\Symfony\Validator\Serializer\ValidationExceptionNormalizer::__construct(): Argument #1 ($decorated) must be of type Symfony\Component\Serializer\Normalizer\NormalizerInterface, App\Normalizer\CompanyOwnerDeNormalizer given, called in /var/www/api/var/cache/dev/ContainerZ3bWSUF/App_KernelDevDebugContainer.php on line 1828

| Reply |

MolloKhan SFCASTS Dhd 1 year ago

Right, you're decorating the normalizer service so your class requires to implement the Normalizer interface

| Reply |

ulfgar-hammerschlag 1 year ago

Hey there :)

Could you briefly explain the difference between our two approaches to add dynamic groups?

For the admin:read and admin:write, we decorated the context builder. Got the security, checked out, if user is admin and added the groups.

For the owner:read, we now decorated the NormalizerInterface and same here: Got the security, checked if user === owner and added the groups.

My question is:
Could we also add the adminGroups in the AddOwnerGroupsNormalizer (of course it needs a new name then)? (I think we could?)
Could we also add the owner:read group in the context builder? (We can, but then it's not DragonTreasure related?)

Theoretically, the contextbuilder is triggered before the normalizer, because if "is responsible for building the normalization or denormalization contexts that are then passed into the serializer"
And there our custom Normalizer is used used.

So to sum this up:
When is it necessary to add a dynamic group in the ContextBuilder, and when is it necessary to add it in the normalization process?

Because we can't refer to the ApiEntity/Object in the ContextBuilder?

| Reply |

API Platform 3 Symfony 6.2

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=8.1",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "api-platform/core": "^3.0", // v3.1.2
        "doctrine/annotations": "^2.0", // 2.0.1
        "doctrine/doctrine-bundle": "^2.8", // 2.8.3
        "doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.2
        "doctrine/orm": "^2.14", // 2.14.1
        "nelmio/cors-bundle": "^2.2", // 2.2.0
        "nesbot/carbon": "^2.64", // 2.66.0
        "phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
        "phpstan/phpdoc-parser": "^1.15", // 1.16.1
        "symfony/asset": "6.2.*", // v6.2.5
        "symfony/console": "6.2.*", // v6.2.5
        "symfony/dotenv": "6.2.*", // v6.2.5
        "symfony/expression-language": "6.2.*", // v6.2.5
        "symfony/flex": "^2", // v2.2.4
        "symfony/framework-bundle": "6.2.*", // v6.2.5
        "symfony/property-access": "6.2.*", // v6.2.5
        "symfony/property-info": "6.2.*", // v6.2.5
        "symfony/runtime": "6.2.*", // v6.2.5
        "symfony/security-bundle": "6.2.*", // v6.2.6
        "symfony/serializer": "6.2.*", // v6.2.5
        "symfony/twig-bundle": "6.2.*", // v6.2.5
        "symfony/ux-react": "^2.6", // v2.7.1
        "symfony/ux-vue": "^2.7", // v2.7.1
        "symfony/validator": "6.2.*", // v6.2.5
        "symfony/webpack-encore-bundle": "^1.16", // v1.16.1
        "symfony/yaml": "6.2.*" // v6.2.5
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.2
        "mtdowling/jmespath.php": "^2.6", // 2.6.1
        "phpunit/phpunit": "^9.5", // 9.6.3
        "symfony/browser-kit": "6.2.*", // v6.2.5
        "symfony/css-selector": "6.2.*", // v6.2.5
        "symfony/debug-bundle": "6.2.*", // v6.2.5
        "symfony/maker-bundle": "^1.48", // v1.48.0
        "symfony/monolog-bundle": "^3.0", // v3.8.0
        "symfony/phpunit-bridge": "^6.2", // v6.2.5
        "symfony/stopwatch": "6.2.*", // v6.2.5
        "symfony/web-profiler-bundle": "6.2.*", // v6.2.5
        "zenstruck/browser": "^1.2", // v1.2.0
        "zenstruck/foundry": "^1.26" // v1.28.0
    }
}

Previous Chapter

Next Chapter

Normalizer Decoration & "Normalizer Aware"

Share this awesome video!

Keep on Learning!

Setting up for Decoration

Decorating a Lower-Level Normalizer

Adding the Dynamic Group

Also Decorating the Denormalizer

8 Comments

Delete comment?

What PHP libraries does this tutorial use?

Show Lines	// ... lines 1 - 4
	use Symfony\Component\Serializer\Normalizer\NormalizerInterface;

	class AddOwnerGroupsNormalizer implements NormalizerInterface
	{
	public function __construct(private NormalizerInterface $normalizer)
	{
	}
Show Lines	// ... lines 12 - 23
	}

Show Lines	// ... lines 1 - 6
	class AddOwnerGroupsNormalizer implements NormalizerInterface
	{
Show Lines	// ... lines 9 - 12
	public function normalize(mixed $object, string $format = null, array $context = []): array\|string\|int\|float\|bool\|\ArrayObject\|null
	{
	dump('IT WORKS!');

	return $this->normalizer->normalize($object, $format, $context);
	}

	public function supportsNormalization(mixed $data, string $format = null, array $context = []): bool
	{
	return $this->normalizer->supportsNormalization($data, $format);
	}
	}

Show Lines	// ... lines 1 - 4
	use Symfony\Component\DependencyInjection\Attribute\AsDecorator;
Show Lines	// ... lines 6 - 7
	#[AsDecorator('serializer')]
	class AddOwnerGroupsNormalizer implements NormalizerInterface
	{
Show Lines	// ... lines 11 - 25
	}

Show Lines	// ... lines 1 - 6
	use Symfony\Component\Serializer\SerializerAwareInterface;
Show Lines	// ... lines 8 - 10
	class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
	{
Show Lines	// ... lines 13 - 28
	public function setSerializer(SerializerInterface $serializer)
	{
Show Lines	// ... lines 31 - 33
	}
	}

Show Lines	// ... lines 1 - 10
	class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
	{
Show Lines	// ... lines 13 - 28
	public function setSerializer(SerializerInterface $serializer)
	{
	if ($this->normalizer instanceof SerializerAwareInterface) {
	$this->normalizer->setSerializer($serializer);
	}
	}
	}

Show Lines	// ... lines 1 - 5
	use Symfony\Bundle\SecurityBundle\Security;
Show Lines	// ... lines 7 - 12
	class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
	{
	public function __construct(private NormalizerInterface $normalizer, private Security $security)
	{
	}
Show Lines	// ... lines 18 - 38
	}

Show Lines	// ... lines 1 - 4
	use App\Entity\DragonTreasure;
Show Lines	// ... lines 6 - 12
	class AddOwnerGroupsNormalizer implements NormalizerInterface, SerializerAwareInterface
	{
Show Lines	// ... lines 15 - 18
	public function normalize(mixed $object, string $format = null, array $context = []): array\|string\|int\|float\|bool\|\ArrayObject\|null
	{
	if ($object instanceof DragonTreasure && $this->security->getUser() === $object->getOwner()) {
	$context['groups'][] = 'owner:read';
	}
Show Lines	// ... lines 24 - 25
	}
Show Lines	// ... lines 27 - 38
	}