feat(subresource): Link Security #5290
Conversation
KDederichs
force-pushed
the
feature/link_security
branch
2 times, most recently
from
e39959e to
ed0413f
Compare
|
Hello I need to find time to really understand the need behind that, why don't you put the security on the top level? Also, not a huge fan of the work done in the |
|
The issue with toplevel is: For example lets say you got an an Order that has some transactions (/orders/{id}/transactions) : Sure you could define your own custom provider for it but IMO it's something that should be doable with subresources, since that's basically the usecase. |
… to and from property and add optional object name
KDederichs
force-pushed
the
feature/link_security
branch
from
076f8e2 to
d074632
Compare
# Conflicts: # tests/Fixtures/TestBundle/Document/SecuredDummy.php # tests/Fixtures/TestBundle/Entity/SecuredDummy.php
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Not stale, still a thing I'd like to see added in some way |
|
@KDederichs This seems like a very interesting enhancement. Are you still working on this? What do you believe is missing to get this mergeable and is there anything that could be supported with? |
|
@usu I'd still like it done because I think it's a valid use case. I'm just not sure why it wasn't merged back then, maybe the team doesn't like it or wants some changes? Dunno. |
|
Too much work, forgot that PR sorry! I think it's a valid use case. Only thing is that implementation in the ReadListener that I don't like. Please take a look at what we did in the CreateProvider. I think it's the same logic where we try to find another resource. When doing so, its needed that the user can specify an operation to get no? |
|
Hmm yeah I'll try to get it out of there into it's own thing. Edit: Or do you just not like the way I did it there and the place itself is fine? |
# Conflicts: # features/authorization/deny.feature # src/Symfony/EventListener/ReadListener.php # tests/Fixtures/TestBundle/Entity/SecuredDummy.php
|
@soyuka Let me know how you like it now |
|
@soyuka Is this ready to be merged? Would be awesome to see this in the 3.3 release. |
|
@soyuka Was wondering what the general status of this is |
|
let me review this |
This reverts commit 16f14c8.
|
Can you add a configuration option and load the |
KDederichs
force-pushed
the
feature/link_security
branch
5 times, most recently
from
9bce0bc to
16b9558
Compare
There was a problem hiding this comment.
Love it! you also need to add your configuration at https://github.com/api-platform/core/blob/main/src/Symfony/Bundle/DependencyInjection/Configuration.php
KDederichs
force-pushed
the
feature/link_security
branch
from
16b9558 to
207c8c5
Compare
…extract link security into their own providers
KDederichs
force-pushed
the
feature/link_security
branch
from
207c8c5 to
896b383
Compare
src/Symfony/Bundle/DependencyInjection/ApiPlatformExtension.php
Outdated
Show resolved
Hide resolved
KDederichs
force-pushed
the
feature/link_security
branch
from
ec17cb3 to
0d315f7
Compare
|
thanks! please also add a documentation entry on |
|
@soyuka There's a docs PR already, the only thing that's missing there is the enable_link_security flag I guess :) |
|
I'm looking for YAML configuration of this feature. The docs provide an example using attributes only. Adding the |
|
There's no YAML/XML config for this. |
Here's an idea how Link Security (as described in the issue) might work.
There's still an open issue with choosing the right provider programmatically and mapping the uri variables automatically but I wanted to ask if that's going in the right direction first before investing more work (and making tests)