Creating Embedded Objects
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
With a Subscription, click any sentence in the script to jump to that part of the video!
Login SubscribeIs it possible to create a totally new DragonTreasure when we create a user? Like... instead of sending the IRI of an existing treasure, we send an object?
Let's try it! First, I'll change this to a unique email and username. Then, for dragonTreasures, clear those IRIs and, instead, pass a JSON object with the fields that we know are required. Our new dragon user just scored a copy of GoldenEye for N64! Legendary. Add a description... and a value.
In theory, this JSON body makes sense! But does it work? Hit "Execute" and... nope! Well, not yet. But we know this error!
Nested documents for attribute
dragonTreasuresare not allowed. Use IRIs instead.
Making dragonTreasures Accept JSON Objects
Inside User, if we scroll way up, the $dragonTreasures property is writable because it has user:write.
| // ... lines 1 - 22 | |
| class User implements UserInterface, PasswordAuthenticatedUserInterface | |
| { | |
| // ... lines 25 - 51 | |
| (['user:read', 'user:write']) | |
| private Collection $dragonTreasures; | |
| // ... lines 54 - 170 | |
| } |
But we can't send an object for this property because we haven't added user:write to any of the fields inside of DragonTreasure. Let's fix that.
We want to be able to send $name, so add user:write... I'll skip $description but do the same for $value. Now search for setTextDescription() which is the actual description. Add user:write here too.
| // ... lines 1 - 55 | |
| class DragonTreasure | |
| { | |
| // ... lines 58 - 63 | |
| (['treasure:read', 'treasure:write', 'user:read', 'user:write']) | |
| // ... lines 65 - 67 | |
| private ?string $name = null; | |
| // ... lines 69 - 79 | |
| (['treasure:read', 'treasure:write', 'user:read', 'user:write']) | |
| // ... lines 81 - 82 | |
| private ?int $value = 0; | |
| // ... lines 84 - 138 | |
| (['treasure:write', 'user:write']) | |
| public function setTextDescription(string $description): self | |
| { | |
| // ... lines 142 - 144 | |
| } | |
| // ... lines 146 - 214 | |
| } |
Okay, in theory, we should now be able to send an embedded object. If we head over and try it again... we upgraded to a 500 error!
A new entity was found through the relationship
User#dragonTreasures
Cascading an Entity Relation Persist
This is great! We already know that when you send an embedded object, if you include @id, the serializer will fetch that object first and then update it. But if you don't have an @id, it will create a brand new object. Right now, it is creating a new object,... but nothing told the entity manager to persist it. That's why we're getting this error.
To solve this, we need to cascade persist this property. In User, on the OneToMany for $dragonTreasures, add a cascade option set to ['persist'].
| // ... lines 1 - 22 | |
| class User implements UserInterface, PasswordAuthenticatedUserInterface | |
| { | |
| // ... lines 25 - 50 | |
| #[ORM\OneToMany(mappedBy: 'owner', targetEntity: DragonTreasure::class, cascade: ['persist'])] | |
| // ... line 52 | |
| private Collection $dragonTreasures; | |
| // ... lines 54 - 170 | |
| } |
This means that if we're saving a User object, it should magically persist any $dragonTreasures inside. And if we try it now... it works! That's awesome! And apparently, our new treasure id is 43.
Let's open up a new browser tab and navigate to that URL... plus .json... actually, let's do .jsonld. Beautiful! We see that the owner is set to the new user that we just created.
How was owner Set? Again: The Smart Methods
But... hold your horses! We didn't send the owner field in the treasure data... so how did that field get set? Well, first, it does make sense that we didn't send an owner field for the new DragonTreasure... since the user that will own it didn't even exist yet! Ok, then, but who did set the owner?
Behind the scenes, the serializer creates a new User object first. Then, it creates a new DragonTreasure object. Finally, it sees that the new DragonTreasure is not assigned to the User yet, and it calls addDragonTreasure(). When it does that, the code down here sets the owner: just like we saw before. So our well-written code is taking care of all of those details for us.
| // ... lines 1 - 22 | |
| class User implements UserInterface, PasswordAuthenticatedUserInterface | |
| { | |
| // ... lines 25 - 149 | |
| public function addDragonTreasure(DragonTreasure $treasure): self | |
| { | |
| if (!$this->dragonTreasures->contains($treasure)) { | |
| $this->dragonTreasures->add($treasure); | |
| $treasure->setOwner($this); | |
| } | |
| return $this; | |
| } | |
| // ... lines 159 - 170 | |
| } |
Adding the Valid Constraint
Anyways, you might remember from before that as soon as we allow a relation field to send embedded data... we need to add one tiny thing. I won't do it, but if we sent an empty name field, it would create a DragonTreasure... with an empty name, even though, over here, if we scroll up to the name property, it's required! Remember: when the system validates the User object, it will stop at $dragonTreasures. It won't also validate those objects. If you do want to validate them, add #[Assert\Valid].
| // ... lines 1 - 22 | |
| class User implements UserInterface, PasswordAuthenticatedUserInterface | |
| { | |
| // ... lines 25 - 52 | |
| private Collection $dragonTreasures; | |
| // ... lines 55 - 171 | |
| } |
Now that I have this, to prove that it's working, hit "Execute" and... awesome! We get a 422 status code telling us that name shouldn't be empty. I'll go put that back.
Sending Embedded Objects and IRI Strings at the Same Time
We now know that we can send IRI strings or embedded objects for a relation property - assuming we've setup the serialization groups to allow that. And, we can even mix them.
Let's say that we want to create a new DragonTreasure object, but we're also going to steal, borrow, a treasure from another dragon. This is totally allowed. Watch! When we hit "Execute"... we get a 201 status code. This returns treasure ids 44 (that's the new one) and 7, which is the one we just stole.
Okay, we only have one more chapter about handling relationships. Let's see how we can remove a treasure from a user to delete that treasure. That's next.
14 Comments
Help me with
"hydra:description": "The total number of joined relations has exceeded the specified maximum. Raise the limit if necessary with the \"api_platform.eager_loading.max_joins\" configuration key (https://api-platform.com/docs/core/performance/#eager-loading), or limit the maximum serialization depth using the \"enable_max_depth\" option of the Symfony serializer (https://symfony.com/doc/current/components/serializer.html#handling-serialization-depth).",
Hey @GM
That's an unexpected error. Did you change the default config? Did you download the course code from this page?
Cheers!
Do I get it right that i'ts not possible to update an embedded resource?
I tried to call patch with this:
but instead it removed the old one and created the new one completly ignoring @id. As there was no video on updating related entities I get you can only add, assign, delete embedded objects?
Hey @Fireball!
Sorry for the slow reply! I think you’re correct and I think it’s by design.
If you think of the dragonTreasures property like any other property, like an array of “favorite sports”, it starts to make sense. You are updating a user by setting a new value for the dragonTreasures property. For simple values like a string, it’s obvious what should happen to the old value: it’s replaced. For array properties, it’s the same (the new value replaces the old value), but it’s less obvious that this should be the case. Actually, I believe that different PATCH content types can be used to control this behavior, though this is theoretical as API Platform, I believe, doesn’t support any wilder PATCH types.
tl;dr Pretty sure you’re right: this is just an explanation into the “why”. Hopefully it’s at least interesting ;).
Cheers!
Hi! Great work on the courses!
Regarding the coding challenge for this video, asking us which of the options are not required to make the code work, I would argue that this
is not necessarily required for the code to work, it's just good practice to have it. Did I understand it wrong?
Thank you!
Hey @Iulian-L
That's a very good point. Technically you're correct, if we remove validations, the code will still run and will work but only if you submit valid data. If you submit invalid data it will eventually fail when trying to save it into the database, so in my opinion and from the point of view of the feature, validations are required. What do you think?
Cheers!
On the latest version of API Platform (3.2) it looks like Virtual Properties don't seem to work correctly when creating embedded objects. I've added group "user:write" to the "name" and "value" properties in DragonTreasure and they show up in the API Docs correctly and update as expected, however after adding that group to the "setTextDescription" virtual property (with the SerializedName set to "description") it doesn't show up in the docs for the nested object which means a null value error is thrown for the "description" column even if it's added to the payload.
Not sure if it's a bug or configuration issue.
Edit: After further testing it looks like there's just some general weirdness going on with the description property; deleting the virtual property and moving the write groups to it still doesn't allow any User endpoints to update the field. Also adding the "user:read" group to the property doesn't allow the User Get endpoints to see the description. It doesn't make any sense; adding all other fields works exactly as expected so what's so wrong with "description" that it can't be exposed in the nested object?
Edit 2: Turns out that the "description" field is only recognised as writable by if the only group set on the property is "user:write". This makes absolutely no sense and would greatly appreciate any insight into why this would be the case.
Hey @opalint!
So using
#[Groups(['user:write'])]works, right? But#[Groups(['user:write', 'foo:bar'])]suddenly does not work? That, indeed, does not make sense. As soon as you have even 1 group, adding additional groups should only make the field MORE readable or MORE writable... not less-so (unless I'm completely mis-thinking at the moment). So if this is what you are experiencing, that is not the behavior I would expect either and I can't explain it :/Cheers!
Hello,
Is it allowed to update embedded objects in ManyToMany relation?
For now if I do it. There is new object created and swapped to relation. Im not sure if it's correct result, or I'm doing something wrong.
I think same thing happen to me in OneToMany relation. even I add "@id": it's creating new object with new Id and remove old one.
I think there is some different in PUT and PATCH working, seems like PUT works fine for it.
Hey @Lukasz-W!
You're right that
ManyToManyshould work the same asOneToMany: setting the "many" side of the relationship is really the same for both of these cases.Hmm, yea, that should not be happening.
It's possible. So, you have no problems with
PUT? Things work as expected? But as soon as you change toPATCHit always creates a new object? That's possible - but it would be surprising. The logic for that is in the normalizer - https://github.com/api-platform/core/blob/main/src/JsonLd/Serializer/ItemNormalizer.php#L143-L151 - which doesn't, generally-speaking, operate differently based on which operation is being used.So.... I'm not sure what's going on here to be honest - it looks like the wrong behavior...
Cheers!
Oh it's looks like api platform known error
https://github.com/api-platform/core/issues/4293
Adding PatchAwareItemNormalizer seems to fix the problem.
Thanks for answer :)
Ah, good find! So this is a "this is how PATCH is meant to work" situation... which is probably not what you want, but at least we know now!
Hi!
How can you prevent from stealing while allowing to edit collections like you did here?
For now, I prevent writing in collections like this (when there is ownership-like stuff) and manage to handle it in opposite side.
Cheers
Hey @Jeremy!
First, good job spotting this potential issue! Honestly, what you said is the safest and simplest way. We CAN prevent stealing, but it adds complexity (both to the code and... just to my brain, lol). We talk about how to prevent stealing in the next tutorial - https://symfonycasts.com/screencast/api-platform-security/unit-of-work-validator
Cheers!
"Houston: no signs of life"
Start the conversation!