diff --git a/src/Entity/Parts/Manufacturer.php b/src/Entity/Parts/Manufacturer.php index 0eb9653a..7d5a0b4d 100644 --- a/src/Entity/Parts/Manufacturer.php +++ b/src/Entity/Parts/Manufacturer.php @@ -25,8 +25,12 @@ namespace App\Entity\Parts; use ApiPlatform\Metadata\ApiFilter; use ApiPlatform\Metadata\ApiProperty; use ApiPlatform\Metadata\ApiResource; +use ApiPlatform\Metadata\Delete; +use ApiPlatform\Metadata\Get; use ApiPlatform\Metadata\GetCollection; use ApiPlatform\Metadata\Link; +use ApiPlatform\Metadata\Patch; +use ApiPlatform\Metadata\Post; use ApiPlatform\Serializer\Filter\PropertyFilter; use App\Entity\Attachments\Attachment; use App\Entity\Attachments\AttachmentTypeAttachment; @@ -51,14 +55,24 @@ use Symfony\Component\Validator\Constraints as Assert; #[ORM\Index(name: 'manufacturer_name', columns: ['name'])] #[ORM\Index(name: 'manufacturer_idx_parent_name', columns: ['parent_id', 'name'])] #[ApiResource( + operations: [ + new Get(security: 'is_granted("read", object)'), + new GetCollection(security: 'is_granted("@manufacturers.read")'), + new Post(securityPostDenormalize: 'is_granted("create", object)'), + new Patch(security: 'is_granted("edit", object)'), + new Delete(security: 'is_granted("delete", object)'), + ], normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'], denormalizationContext: ['groups' => ['manufacturer:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'], )] #[ApiResource( uriTemplate: '/manufacturers/{id}/children.{_format}', - operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a manufacturer.'])], + operations: [ + new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a manufacturer.'], + security: 'is_granted("@manufacturers.read")') + ], uriVariables: [ - 'id' => new Link(fromClass: Manufacturer::class, fromProperty: 'children') + 'id' => new Link(fromProperty: 'children', fromClass: Manufacturer::class) ], normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'] )] diff --git a/src/Entity/Parts/Supplier.php b/src/Entity/Parts/Supplier.php index 94986435..fb0a731c 100644 --- a/src/Entity/Parts/Supplier.php +++ b/src/Entity/Parts/Supplier.php @@ -25,8 +25,12 @@ namespace App\Entity\Parts; use ApiPlatform\Metadata\ApiFilter; use ApiPlatform\Metadata\ApiProperty; use ApiPlatform\Metadata\ApiResource; +use ApiPlatform\Metadata\Delete; +use ApiPlatform\Metadata\Get; use ApiPlatform\Metadata\GetCollection; use ApiPlatform\Metadata\Link; +use ApiPlatform\Metadata\Patch; +use ApiPlatform\Metadata\Post; use ApiPlatform\Serializer\Filter\PropertyFilter; use App\Entity\Attachments\Attachment; use App\Entity\Attachments\AttachmentTypeAttachment; @@ -56,12 +60,20 @@ use Symfony\Component\Validator\Constraints as Assert; #[ORM\Index(name: 'supplier_idx_name', columns: ['name'])] #[ORM\Index(name: 'supplier_idx_parent_name', columns: ['parent_id', 'name'])] #[ApiResource( + operations: [ + new Get(security: 'is_granted("read", object)'), + new GetCollection(security: 'is_granted("@suppliers.read")'), + new Post(securityPostDenormalize: 'is_granted("create", object)'), + new Patch(security: 'is_granted("edit", object)'), + new Delete(security: 'is_granted("delete", object)'), + ], normalizationContext: ['groups' => ['supplier:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'], denormalizationContext: ['groups' => ['supplier:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'], )] #[ApiResource( uriTemplate: '/suppliers/{id}/children.{_format}', - operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a supplier'])], + operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a supplier'], + security: 'is_granted("@manufacturers.read")')], uriVariables: [ 'id' => new Link(fromClass: Supplier::class, fromProperty: 'children') ],