Chapters

28 Chapters | 2:51:42 |

01

Installing API Platform

7:29
02

Creating your First ApiResource

5:44
03

Swagger UI: Interactive Docs

6:41
04

The Powerful OpenAPI Spec

5:24
05

JSON-LD: Giving Meaning to your Data

7:21
06

Hydra: Describing API Classes, Operations & More

4:06
07

API Debugging with the Profiler

5:12
08

Operations / Endpoints

6:38
09

The Serializer

9:08
10

Serialization Groups: Choosing Fields

7:28
11

Serialization Tricks

5:15
12

Pagination & Foundry Fixtures

5:44
13

Filters: Searching Results

5:14
14

PropertyFilter: Sparse Fieldsets

6:55
15

More Formats: HAL & CSV

7:10
16

Validation

5:29
17

Creating a User Entity

4:06
18

User API Resource

5:51
19

Relating Resources

7:08
20

Relations & Iris

3:40
21

Embedded Relations

5:58
22

Embedded Write

7:29
23

Adding Items to a Collection Property

4:04
24

Creating Embedded Objects

5:34
25

Removing Items from a Collection

3:49
26

Filtering on Relations

3:51
27

Subresources

9:54
28

React Admin

9:20

> APIs > API Platform 3 Part 1: Mythically Good RESTful APIs

Buy Access to Course

22.

Embedded Write

Autoplay

Keep on Learning!

If you liked what you've learned so far, dive in! Subscribe to get
access to this tutorial plus video, code and script downloads.

Start your All-Access Pass

Buy just this tutorial for $12.00

Previous Challenge

Next Chapter

With a Subscription, click any sentence in the script to jump to that part of the video!

I'm going to try out the GET one treasure endpoint... using a real id. Perfect. Because of the changes we just made, the owner field is embedded.

What about changing the owner? Piece of crumb cake: as long as the field is writable... which ours is. Right now the owner is id 1. Use the PUT endpoint to update id 2. For the payload, set owner to /api/users/3.

And... execute! Bah! Syntax error. JSON is crabby. Remove the comma, try again and... yes! The owner comes back as the IRI /api/users/3.

Sending Embedded Data to Update

But now I want to do something wild! This treasure is owned by user 3. Let's go get their details. Open the GET one user endpoint, try it out, enter 3 and... there it is! The username is burnout400.

Here's the goal: while updating a DragonTreasure - so while using the PUT endpoint to /api/treasures/{id} - instead of changing from one owner to another, I want to change the existing owner's username. Something like this: instead of setting owner to the IRI string, set it to an object with username assigned to something new.

Would that work? Let's experiment! Hit Execute and it does not. It says:

Nested documents for attribute owner are not allowed, use IRI instead.

Allowing Writable Properties to be Embedded

So, at first glance, it looks like this isn't allowed: it looks like you can only use an IRI string here. But actually, this is allowed. The problem is that the username field is not writable via this operation.

Let's think about this. We're updating a DragonTreasure. This means that API Platform is using the treasure:write serialization group. That group is above the owner property, which is why we can change the owner.

            Copy Code

                            Show All Lines

                        215 lines
            |
            src/Entity/DragonTreasure.php
        
                Show Lines

                                                    // ... lines 1 - 25
                            
            #[ApiResource(
        
                Show Lines

                                                    // ... lines 27 - 49
                            
                denormalizationContext: [
        
                    'groups' => ['treasure:write'],
        
                ],
        
                Show Lines

                                                    // ... line 53
                            
            )]
        
                Show Lines

                                                    // ... line 55
                            
            class DragonTreasure
        
            {
        
                Show Lines

                                                    // ... lines 58 - 99
                            
                #[Groups(['treasure:read', 'treasure:write'])]
        
                private ?User $owner = null;
        
                Show Lines

                                                    // ... lines 102 - 213
                            
            }

But if we want to be able to change the owner's username, then we also need to go into User and add that group here.

            Copy Code

                            Show All Lines

                        172 lines
            |
            src/Entity/User.php
        
                Show Lines

                                                    // ... lines 1 - 22
                            
            class User implements UserInterface, PasswordAuthenticatedUserInterface
        
            {
        
                Show Lines

                                                    // ... lines 25 - 46
                            
                #[Groups(['user:read', 'user:write', 'treasure:item:get', 'treasure:write'])]
        
                Show Lines

                                                    // ... line 48
                            
                private ?string $username = null;
        
                Show Lines

                                                    // ... lines 50 - 170
                            
            }

This works exactly like embedded fields when we read them. Basically, since at least one field in User has the treasure:write group, we are now allowed to send an object to the owner field.

New vs Existing Objects in Embedded Data

Watch: fire it up again. It works... almost. We get a 500 error:

A new entity was found through the relationship DragonTreasure.owner, but was not configured to cascade persist.

Woh. This means that the serializer saw our data, created a new User object and then set the username onto it. Doctrine failed because we never told it to persist the new User object.

Though... that's not the point: the point is that we don't want a new User! We want to grab the existing owner and update its username.

By the way, to make this example more realistic, let's also add a name to the payload so we can pretend that we're actually updating the treasure... and decide to also update the username of the owner while we're in the neighborhood.

Anyways: how do we tell the serializer to use the existing owner instead of creating a new one? By adding an @id field set to the IRI of the user: /api/users/3.

That's it! When the serializer sees an object, if it does not have an @id, it creates a new object. If it does have an @id, it finds that object and then sets any data onto it.

So, moment of truth. When we try it... of course, another syntax error. Get it together Ryan! After fixing that... perfect! A 200 status code! Though... we can't really see if it updated the username here... since it just shows the owner.

Use the GET one User endpoint... find user 3... and check that sweet data! It did change the username.

Ok, so I realize that this example may not have been the most realistic, but being able to update related objects does have plenty of real use-cases.

Cascading the Persist to Create a new Object

Looking back at that PUT request, what if we did want to allow a new User object to be created and saved? Is that possible? It is!

First, we would need to add a cascade: ['persist'] to the treasure.owner ORM\Column attribute. This is something we'll see later. And second, we would need to make sure to expose all of the required fields as writable. Right now only username is writable... so we couldn't send password or email.

The Valid Constraint

Before we keep going, we are missing one small, but important, detail. Let's try this update one more time with the @id. But set username to an empty string.

Remember, the username field has a NotBlank above it, so this should fail validation. And yet, when we try it, we get a 200 status code! And if we go to the GET one user endpoint... yeah, the username is now empty! That's... a problem.

How did that happen? Because of how Symfony's validation system works.

The top-level entity - the object that we're modifying directly - is DragonTreasure. So the validation system looks at DragonTreasure and it executes all of the validation constraints. However, when it gets to an object like the owner property, it stops. It does not continue to validate that object as well.

If you want that to happen, you need to add a constraint to this called Assert\Valid.

            Copy Code

                            Show All Lines

                        216 lines
            |
            src/Entity/DragonTreasure.php
        
                Show Lines

                                                    // ... lines 1 - 55
                            
            class DragonTreasure
        
            {
        
                Show Lines

                                                    // ... lines 58 - 100
                            
                #[Assert\Valid]
        
                private ?User $owner = null;
        
                Show Lines

                                                    // ... lines 103 - 214
                            
            }

Now... on our PUT endpoint... if we try this again, yep! 422: owner.username, this value should not be blank.

Being able to update an embedded object is really neat & powerful. But the cost of this is making your API more and more complex. So while you can choose to do this - and you should if it's what you want - you might also choose to force the API client to update the treasure first... and then make a second request to update the user's username... instead of allowing them to do it all fancy at the same time.

Next: let's look at this relationship from the other side. When we're updating a User, could we also update the treasures that belong to that user? Let's find out!

25 Comments

Sort By

automatix 1 year ago

Hi Ryan,

Thank you so much for yet another fantastic course!

While coding along with the course, I'm now struggling with changing the owner's username. Multiple issues / questions to that:

The #[Assert\NotBlank()] annotation prevents updating the User object without providing the description. Which is actually correct. But how does this work for you? I checked out the code: My User#description's annotations appear to be identical to yours.
I tried to remove the annotation, and that ended up in a DB error, since PUT replaces the object, which means: It removes the current one and creates another one. Which is a correct behaviour as well. But also here: How does it work for you? :)
Why do you use PUT and not PATCH in this case?

Best,
Ilya

| Reply |

Victor SFCASTS automatix 1 year ago edited

Hey Automatix,

Hm, I don't see the User object has a description field in this video. Are you talking about a different video? Could you link me?

1) But it depends on what you update. If you update User object - that makes sense you have validation error if your User#description field has #[Assert\NotBlank()]. But if you update a different object that has relation to User - that may require #[Assert\Valid()] constant on the $user property, as it's mentioned in this video for $owner property.

2) yes, it may end up into a DB error if your field is not nullable in the DB. To make it work, you should set the field to an empty string at least and then it should not be a DB error. It depends on which behavior you want. Also, sometimes, it may depend on the DB SQL server or DB server version.

3) Mostly because PUT and PATCH operations in the ApiPlatform that is used in this video works identical, i.e. no difference. Since ApiPlatform v4 they indeed work different, so if you don't want to set all the fields that are not specified in the PUT request to NULL on the request - use PATCH or specify the field explicitly :) See the note in this section https://symfonycasts.com/screencast/api-platform/operations#put-vs-patch for more details.

I hope that helps!

Cheers!

| Reply |

raebbar 1 year ago

Hi,

I'm trying to figure out how to prevent existing embedded entities from being updated in a POST request. However, new entities should be able to be created.

To stay with the example from the cast.

If I create a new DragonTreasure via POST then

It should be possible to create a new user.
POST /api/treasures
```
{
  "owner": {
 "username": "new username"
  }
}
```
It should be possible to reference an existing user via IRI.
POST /api/treasures
```
{
  "owner": '/api/users/1'
}
```

It should NOT be allowed to update an existing user.
POST /api/treasures

{
  "owner": {
 "@id": "/api/users/1",
 "username": "updated username"
  }
}

I haven't yet found a good way to differentiate between creating and updating a nested entity without implementing various things myself.

What is the correct way in API Platform to implement this?

| Reply |

weaverryan SFCASTS raebbar 1 year ago

Hey @rabbar!

I can see that you understand the mechanism of how this all works well! To summarize:

When creating a DragonTreasure, you want to allow creating a new User, but not update an existing user.

Is that accurate? If so, I think it makes sense. But in Api Platform's eyes, these are all just valid ways to change data. I'm not entirely sure how to handle this. The closest I got was to allow updating, but to add a validation check that the API client does or doesn't have permission to update this user. This is not exactly the same, but it's related and can maybe offer some inspiration: https://symfonycasts.com/screencast/api-platform-extending/simpler-validator

Let me know if you have any luck, I'd love to know!

Cheers!

| Reply |

raebbar weaverryan 1 year ago

"When creating a DragonTreasure, you want to allow creating a new User, but not update an existing user."
Is that accurate?

Yes.
I followed your advice with the validator. It works so far.

<?php
declare(strict_types=1);

namespace App\Validator;

use Symfony\Component\Validator\Constraint;

#[\Attribute(\Attribute::TARGET_PROPERTY | \Attribute::TARGET_METHOD)]
class DenyNestedEntityUpdateOnPost extends Constraint
{
    public string $message = 'You must not update a nested entity within a POST request.';
}

<?php
declare(strict_types=1);

namespace App\Validator;

use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;

class DenyNestedEntityUpdateOnPostValidator extends ConstraintValidator
{
    public function __construct(private EntityManagerInterface $entityManager, private RequestStack $requestStack)
    {
    }

    public function validate(mixed $value, Constraint $constraint): void
    {
        assert($constraint instanceof DenyNestedEntityUpdateOnPost);        

        if (null === $value || '' === $value) {
            return;
        }

        $request = $this->requestStack->getCurrentRequest();
        if (!$request || !$request->isMethod('POST')) {
            return;
        }
        
        // meant to be used above a relation field (single or collection)
        assert(is_object($value) || $value instanceof Collection);

        $unitOfWork = $this->entityManager->getUnitOfWork();
        
        $entities = $value instanceof Collection ? $value : new ArrayCollection([$value]);
        foreach ($entities as $entity) {
            
            // Check if the entity has changed
            if ($originalData = $unitOfWork->getOriginalEntityData($entity)) {
                $classMeta = $this->entityManager->getClassMetadata($entity::class);
                foreach ($classMeta->reflFields as $name => $refProp) {
                    if (!$classMeta->isCollectionValuedAssociation($name)) {
                        if ($refProp->getValue($entity) !== $originalData[$name]) {
                            $this->context->buildViolation($constraint->message)->addViolation();
                            break 2;
                        }
                    }
                }
            }
        }
    }
}

class DragonTreasure
{
    // [...]

    #[DenyNestedEntityUpdateOnPost]
    #[ORM\ManyToOne(cascade: ['persist'])]
    #[ORM\ManyToOne(inversedBy: 'dragonTreasures')]
    #[ORM\JoinColumn(nullable: false)]
    #[Groups(['treasure:read', 'treasure:write'])]
    private ?User $owner = null;
    
    // [...]
}

I have left out the checking of relation collections for now because it doesn't play a role in my case and would only make things unnecessarily complicated.

| Reply |

mjk 1 year ago edited

hi,

why does the other way (from user perspective) not working?

PATCH /api/users/1

{
  "username": "new",
  "dragonTreasures": [
    {
      "@id": "/api/treasures/1",
      "name": "trasures are good"      
    }
  ]
}

Result:

{
  "@context": "/api/contexts/ConstraintViolationList",
  "@type": "ConstraintViolationList",
  "hydra:title": "An error occurred",
  "hydra:description": "dragonTreasures[7].description: This value should not be blank.",
  "violations": [
    {
      "propertyPath": "dragonTreasures[7].description",
      "message": "This value should not be blank.",
      "code": "c1051bb4-d103-4f74-8988-acbcafc7fdc3"
    }
  ]
}

Does it only work for OneToMany Relations?

| Reply |

weaverryan SFCASTS mjk 1 year ago edited

Hey @mjk!

Sorry for my very slow reply! I can see what you want to do and it makes sense. This may be related and help: https://github.com/api-platform/core/issues/5559#issuecomment-1518595331 - let me know if it does!

Cheers!

| Reply |

sujal_k 1 year ago edited

At 4:06 Timestamp,
I think in my code , sending the data same as below also works , without passing @id as mentioned in the video, and one more thing Is that it seems not working when I'm using PUT, but when using PATCH, it works, could you please explain why ?

{
  "owner": {
    "username": "UpdateUsername21-Again Data"
  }
}

| Reply |

creativx007 2 years ago

Good morning everyone,

First of all, thank you for the great tutorial :)

I'm trying to change the username via the Treasure entity in the User entity.

PUT https://dev.symfonycast-api-start.wip/api/treasures/2

{
    "owner": {
        "@id":"/api/users/3",
        "username":"my Changed username"
    }
}

It shows as an error that in Treasure the name and description fields cannot be empty. I thought PUT only changed the fields that were passed in the payload?

| Reply |

opalint creativx007 2 years ago

Historically API Platform would essentially treat PUT operations as PATCH operations and be used for partially updating resources. I believe in latest versions of API Platform the PUT operation now actually acts like a true PUT, where where all non-specified fields are removed (set to null) and PATCH is the method you should use if you want to partially update a resource by specifying only the fields you want to change.

tldr; when these videos use PUT you should use PATCH instead.

2 | Reply |

MolloKhan SFCASTS creativx007 2 years ago edited

Hey @creativx007

As @opalint mentioned, ApiPlatform changed how they used to treat PUT operations, we have a little warning note in this chapter https://symfonycasts.com/screencast/api-platform/serializer?playAt=269#adding-a-virtual-textdescription-field

1 | Reply |

Oleguer-C 2 years ago

Hello!
I'm having issues with a case like the one in this chapter, but with a special feature.
I have a Contract entity that has a OneToMany relationship with Condition.
There are several entities that inherit from Condition: CityCondition, DataCondition, etc.
When I try to post a Contract embedding, for example, CityCondition, it gives an error because it's trying to instantiate the abstract class Condition, even though I'm specifying through IRI that it's a CityCondition.
Any ideas? Is this not allowed, or am I missing something?
Thanks!

Posted JSON

{
  "condition": [
    {
      "@type": "CityCondition",
      "city": "CityName"
    }
  ],
  "days": 10,
  "owner": "/api/users/7"
}

Error:

  "@id": "/api/errors/500",
  "@type": "hydra:Error",
  "title": "An error occurred",
  "detail": "Cannot instantiate abstract class App\\Entity\\Condition\\Condition",
  "status": 500,
  "type": "/errors/500",

| Reply |

weaverryan SFCASTS Oleguer-C 2 years ago

Hey @Oleguer-C!

Hmmm. I don't have any experience with Doctrine inheritance and the serializer. To debug this, I'd first try to get a stacktrace of where this error comes from. Then maybe we can work backwards from the source to see if / how you could tell the serializer that you want a CityCondition object specifically (passing the @type was a good idea... but apparently isn't enough!).

Cheers!

| Reply |

Oleguer-C weaverryan 2 years ago

Thank you very much!
After managing to decorate the AbstractItemNormalizer class to use the '@type' field, I realized that it actually works by default, and the problem was that I hadn't configured the 'typeProperty' field in the 'DiscriminatorMap' annotation on the abstract class.
I'm attaching the result in case it can be useful to someone.
Cheers!

#[DiscriminatorMap(typeProperty: '@type', mapping: [
    'City' => CityCondition::class,
    'Date' => DateCondition::class,
    'DateRange' => DateRangeCondition::class,
    'MaxTemperature' => MaxTemperatureCondition::class,
    'MinTemperature' => MinTemperatureCondition::class,
    'WeekDay' => WeekDayCondition::class
])]

| Reply |

weaverryan SFCASTS Oleguer-C 2 years ago

Fantastic! Thank you for sharing that!

| Reply |

triemli 2 years ago edited

Hi guys but what's about the case when we have one-one relation, for example User-Profile.
We create a user with a profile, But the profile scope requires iri of the user /api/user/??? It works only if I have IRI user id. All relations has cascade: ['persist'] idea how to solve it?

{
  "username": "userOne",
  "profile": {
       "info": "info about the user in profile",
     "user": "/api/user/???"
   }
}

| Reply |

sadikoff triemli 2 years ago

Hey,

IIRC if you are persisting a new object you don't need to set back relation to it, I mean you User payload should be like

{
  "username": "userOne",
  "profile": {
       "info": "info about the user in profile",
   }
}

That should be enough to create related objects at once.

Cheers!

| Reply |

seshy 2 years ago edited

Hey. Cool series.

I noticed a small issue

After successful update of username, property nameof Treasure remained the same.

{
  "name": "Brand new treasure!",
  "owner": {
    "@id": "/api/users/3",
    "username": "Tom"
  }
}

I can say even more. PUT request

{
  "name": "Brand new treasure111!"
}

has response code:200, but nameis not changed.

| Reply |

seshy seshy 2 years ago HIGHLIGHTED

For some reason I was missing setName in DragonTreasure
Mystery solved ))

2 | Reply |

Joris-Mak seshy 1 year ago

oh heck yeah, thanks! Was having the same thing and it was stumping me.
Since I was dealing with PATCH instead of PUT because of the recent api-platform changes I was looking into that direction.

but setName() was removed when we set it in the constructor. The tutorial made it - on purpose - only settable once during creation. You get no error when you do try to change it later though.

Again, thanks, was pulling my hear out!
(Didn't even try it yet but the moment I read your comment the lightbulb went off in my head :wink:)

| Reply |

Victor SFCASTS Joris-Mak 1 year ago

Hey Joris-Mak,

Thanks for mentioning that was a useful comment for you!

Cheers!

| Reply |

sadikoff seshy 2 years ago

Hey @seshy,

Awesome news! Such things happens sometimes! Keep going!

Cheers!

| Reply |

Szymon 2 years ago

When I want to change username and name of treasure I receive error:
"hydra:description": "name: Describe your loot in 50 chars or less\ncoolFactor: This value should be less than or equal to 10.",

I know that is setted #[Assert\NotBlank] but it's just the same like you have code?

| Reply |

weaverryan SFCASTS Szymon 2 years ago

Hey @Szymon!

It looks like the data on that treasure is STARTING invalid - like the coolFactor in the database is somehow already greater than 10. And so, even though you’re not changing that field, it fails validation. I think for the treasure’s name I may have a bug on the fixtures that randomly sets a name that’s longer than 50 - so that is likely the cause of that error. I might (?) have some problem also with coolFactor!

So, just a data error on the database - and probably my fault. On production, thanks to validation, that data would never be able to get into this invalid state.

Cheers!

1 | Reply |

CarlosReyes weaverryan 2 years ago

Yeah, that is the reason, changing the getDefaults() in DragonTreasureFactory.php to something like:

`protected function getDefaults(): array

{
    return [
        'coolFactor' => self::faker()->numberBetween(1, 10),
        'description' => self::faker()->text(255),
        'isPublished' => self::faker()->boolean(),
        'name' => self::faker()->text(50),
        'plunderedAt' => \DateTimeImmutable::createFromMutable(self::faker()->dateTime()),
        'value' => self::faker()->randomNumber(),
        'owner' => UserFactory::new(),
    ];
}`

will fix it.

Regards!

1 | Reply |

Symfony 6.2 API Platform 3.0

What PHP libraries does this tutorial use?

// composer.json
{
    "require": {
        "php": ">=8.2",
        "ext-ctype": "*",
        "ext-iconv": "*",
        "api-platform/core": "^3.0", // v3.0.8
        "doctrine/annotations": "^1.0", // 1.14.2
        "doctrine/doctrine-bundle": "^2.8", // 2.8.0
        "doctrine/doctrine-migrations-bundle": "^3.2", // 3.2.2
        "doctrine/orm": "^2.14", // 2.14.0
        "nelmio/cors-bundle": "^2.2", // 2.2.0
        "nesbot/carbon": "^2.64", // 2.64.1
        "phpdocumentor/reflection-docblock": "^5.3", // 5.3.0
        "phpstan/phpdoc-parser": "^1.15", // 1.15.3
        "symfony/asset": "6.2.*", // v6.2.0
        "symfony/console": "6.2.*", // v6.2.3
        "symfony/dotenv": "6.2.*", // v6.2.0
        "symfony/expression-language": "6.2.*", // v6.2.2
        "symfony/flex": "^2", // v2.2.4
        "symfony/framework-bundle": "6.2.*", // v6.2.3
        "symfony/property-access": "6.2.*", // v6.2.3
        "symfony/property-info": "6.2.*", // v6.2.3
        "symfony/runtime": "6.2.*", // v6.2.0
        "symfony/security-bundle": "6.2.*", // v6.2.3
        "symfony/serializer": "6.2.*", // v6.2.3
        "symfony/twig-bundle": "6.2.*", // v6.2.3
        "symfony/ux-react": "^2.6", // v2.6.1
        "symfony/validator": "6.2.*", // v6.2.3
        "symfony/webpack-encore-bundle": "^1.16", // v1.16.0
        "symfony/yaml": "6.2.*" // v6.2.2
    },
    "require-dev": {
        "doctrine/doctrine-fixtures-bundle": "^3.4", // 3.4.2
        "symfony/debug-bundle": "6.2.*", // v6.2.1
        "symfony/maker-bundle": "^1.48", // v1.48.0
        "symfony/monolog-bundle": "^3.0", // v3.8.0
        "symfony/stopwatch": "6.2.*", // v6.2.0
        "symfony/web-profiler-bundle": "6.2.*", // v6.2.4
        "zenstruck/foundry": "^1.26" // v1.26.0
    }
}

Previous Challenge

Next Chapter

Embedded Write

Share this awesome video!

Keep on Learning!

Sending Embedded Data to Update

Allowing Writable Properties to be Embedded

New vs Existing Objects in Embedded Data

Cascading the Persist to Create a new Object

The Valid Constraint

25 Comments

Delete comment?

What PHP libraries does this tutorial use?

Show Lines	// ... lines 1 - 25
	#[ApiResource(
Show Lines	// ... lines 27 - 49
	denormalizationContext: [
	'groups' => ['treasure:write'],
	],
Show Lines	// ... line 53
	)]
Show Lines	// ... line 55
	class DragonTreasure
	{
Show Lines	// ... lines 58 - 99
	#[Groups(['treasure:read', 'treasure:write'])]
	private ?User $owner = null;
Show Lines	// ... lines 102 - 213
	}

Show Lines	// ... lines 1 - 22
	class User implements UserInterface, PasswordAuthenticatedUserInterface
	{
Show Lines	// ... lines 25 - 46
	#[Groups(['user:read', 'user:write', 'treasure:item:get', 'treasure:write'])]
Show Lines	// ... line 48
	private ?string $username = null;
Show Lines	// ... lines 50 - 170
	}

Show Lines	// ... lines 1 - 55
	class DragonTreasure
	{
Show Lines	// ... lines 58 - 100
	#[Assert\Valid]
	private ?User $owner = null;
Show Lines	// ... lines 103 - 214
	}