…just like how there's a QueryCollectionExtensionInterface for the collection endpoint, there's also a QueryItemExtensionInterface that's used whenever API Platform queries for a single item. You can create a totally separate class for this... but you can also combine them. Add a second…

…that clone is shallow, meaning that it clones scalar fields - like username - but any objects - like the DragonTreasure objects are not cloned. There's no way via API Platform to see what they originally looked like. So, we are going to solve this with validation…

…how can we hash the plainPassword property? Or, in simpler terms, how can we run code in API Platform after the data is deserialized but before it's saved to the database? The answer is: state processors. Let's dive into this powerful concept next.

…object. For some reason, during deserialization, our security expression is returning false! The reason is... arguably a bug: I have an issue open on API Platform. When you make a patch() request, our data provider first loads the object from the database. Despite this, when…

…the relationship CheeseListing.owner that was not configured to cascade persist operations for entity User. If you've been around Doctrine for awhile, you might recognize this strange error. Ignoring API Platform for a moment, it means that something created a totally new User object…

…you want to run a security check after deserialization. In that case, the object variable is the updated object. Phew! For us on API Platform 2.4, as soon as we change to previous_object... it should work! Try the test: Scroll up... all better…

…>setIsMe($this->security->getUser() === $data): Try the test now: We got it! What we just did is a really natural way to use entities in API Platform... but also have the flexibility to add custom fields that require a service to set their value.…

…your own. Creating custom filters is both fun and... weird! Let's go! Over in src/, how about in ApiPlatform, create a new PHP class called CheeseSearchFilter. As usual, this will need to implement an interface or extend some base class. In this case, we…

…in theory. Implementing it is pretty clean and it gives you a lot of flexibility. But it's also not a feature that is heavily used by the core API Platform devs. And I found some quirks... some of which are already fixed. I'll…

…yea... you're right. Run that test again: It fails! It says: Update is not allowed for this operation. This... is sort of a bug in API Platform. Well... it's not that simple - it's related to the idea that the id field is…

…groups... which is kinda nice. But we've positively destroyed our documentation. Can we have both automatic groups and good documentation? Yes! By leveraging something called a resource metadata factory: a wild, low-level, advanced feature of API Platform. Let's dig into that next.

…is Step 2 - creating the .env.local file with all of your production values, which will include things like API keys, your database connection details and more. Now, if your hosting platform allows you to store real environment variables directly inside of it, problem solved…

…Brent hatches another idea: having users share their chicken-laying progress on Facebook. Fortunately, Facebook uses OAuth 2.0 for their API, so we're already dangerous. And like a lot of sites, they even have a PHP library to help us work with it…

…the controller is actually an invokable class. This is a strategy for controllers that some people in the Symfony world are using - it's especially popular in ApiPlatform. The idea is that each controller class has only one controller method - called __invoke(). When a class…

…Samuel Rozé, I'm part of the Symfony core team, the ApiPlatform as well and I've created a bunch of open source things like ContinuousPipe and Tolerance. I don't have any time to present them but you should check these out, it's…

…a pure API... or a full web app, which is what we'll focus on in this tutorial. Though, if you are building an API, follow the first few tutorials in this series, then pop over to our API Platform tutorials. API Platform is a…

…2013"... we get a 404. API Platform sees that we returned null and it handled the 404 for us. We are now the proud parents of a fully functional state provider! Though we'll talk about this more soon - including topics like pagination. But next…

…because JSON-LD resources are supposed to have an @id. But since we don't really have a place where you can fetch individual Quest Treasures... API Platform gives us this fake one. Now, in theory, you could turn that off by saying #[ApiProperty()] with…

…So here's the deal: anytime that is_granted() is called - from anywhere, not just from API Platform - Symfony loops through a list of "voter" classes and tries to figure out which one knows how to make that decision. When we check for a role…

…to make Symfony use our state processor instead of the normal one from Doctrine, add #[AsDecorator]... and the id of the service is api_platform.doctrine.orm.state.persist_processor: Cool! Now, everything that uses that service in the system will be passed our service…