mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added security to manufacturer and suppliers API endpoint

Browse source
This commit is contained in:
Jan Böhmer 2023-08-28 23:46:55 +02:00
parent 7b6ba37667
commit 17b49e7ae5
2 changed files with 29 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/Entity/Parts/Manufacturer.php
View file

@ -25,8 +25,12 @@ namespace App\Entity\Parts;
use ApiPlatform\Metadata\ApiFilter; use ApiPlatform\Metadata\ApiFilter;
use ApiPlatform\Metadata\ApiProperty; use ApiPlatform\Metadata\ApiProperty;
use ApiPlatform\Metadata\ApiResource; use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\Delete;
use ApiPlatform\Metadata\Get;
use ApiPlatform\Metadata\GetCollection; use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Link; use ApiPlatform\Metadata\Link;
use ApiPlatform\Metadata\Patch;
use ApiPlatform\Metadata\Post;
use ApiPlatform\Serializer\Filter\PropertyFilter; use ApiPlatform\Serializer\Filter\PropertyFilter;
use App\Entity\Attachments\Attachment; use App\Entity\Attachments\Attachment;
use App\Entity\Attachments\AttachmentTypeAttachment; use App\Entity\Attachments\AttachmentTypeAttachment;
@ -51,14 +55,24 @@ use Symfony\Component\Validator\Constraints as Assert;
#[ORM\Index(name: 'manufacturer_name', columns: ['name'])] #[ORM\Index(name: 'manufacturer_name', columns: ['name'])]
#[ORM\Index(name: 'manufacturer_idx_parent_name', columns: ['parent_id', 'name'])] #[ORM\Index(name: 'manufacturer_idx_parent_name', columns: ['parent_id', 'name'])]
#[ApiResource( #[ApiResource(
operations: [
new Get(security: 'is_granted("read", object)'),
new GetCollection(security: 'is_granted("@manufacturers.read")'),
new Post(securityPostDenormalize: 'is_granted("create", object)'),
new Patch(security: 'is_granted("edit", object)'),
new Delete(security: 'is_granted("delete", object)'),
],
normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'], normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'],
denormalizationContext: ['groups' => ['manufacturer:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'], denormalizationContext: ['groups' => ['manufacturer:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'],
)] )]
#[ApiResource( #[ApiResource(
uriTemplate: '/manufacturers/{id}/children.{_format}', uriTemplate: '/manufacturers/{id}/children.{_format}',
operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a manufacturer.'])], operations: [
new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a manufacturer.'],
security: 'is_granted("@manufacturers.read")')
],
uriVariables: [ uriVariables: [
'id' => new Link(fromClass: Manufacturer::class, fromProperty: 'children') 'id' => new Link(fromProperty: 'children', fromClass: Manufacturer::class)
], ],
normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'] normalizationContext: ['groups' => ['manufacturer:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read']
)] )]

14
src/Entity/Parts/Supplier.php
View file

@ -25,8 +25,12 @@ namespace App\Entity\Parts;
use ApiPlatform\Metadata\ApiFilter; use ApiPlatform\Metadata\ApiFilter;
use ApiPlatform\Metadata\ApiProperty; use ApiPlatform\Metadata\ApiProperty;
use ApiPlatform\Metadata\ApiResource; use ApiPlatform\Metadata\ApiResource;
use ApiPlatform\Metadata\Delete;
use ApiPlatform\Metadata\Get;
use ApiPlatform\Metadata\GetCollection; use ApiPlatform\Metadata\GetCollection;
use ApiPlatform\Metadata\Link; use ApiPlatform\Metadata\Link;
use ApiPlatform\Metadata\Patch;
use ApiPlatform\Metadata\Post;
use ApiPlatform\Serializer\Filter\PropertyFilter; use ApiPlatform\Serializer\Filter\PropertyFilter;
use App\Entity\Attachments\Attachment; use App\Entity\Attachments\Attachment;
use App\Entity\Attachments\AttachmentTypeAttachment; use App\Entity\Attachments\AttachmentTypeAttachment;
@ -56,12 +60,20 @@ use Symfony\Component\Validator\Constraints as Assert;
#[ORM\Index(name: 'supplier_idx_name', columns: ['name'])] #[ORM\Index(name: 'supplier_idx_name', columns: ['name'])]
#[ORM\Index(name: 'supplier_idx_parent_name', columns: ['parent_id', 'name'])] #[ORM\Index(name: 'supplier_idx_parent_name', columns: ['parent_id', 'name'])]
#[ApiResource( #[ApiResource(
operations: [
new Get(security: 'is_granted("read", object)'),
new GetCollection(security: 'is_granted("@suppliers.read")'),
new Post(securityPostDenormalize: 'is_granted("create", object)'),
new Patch(security: 'is_granted("edit", object)'),
new Delete(security: 'is_granted("delete", object)'),
],
normalizationContext: ['groups' => ['supplier:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'], normalizationContext: ['groups' => ['supplier:read', 'company:read', 'api:basic:read'], 'openapi_definition_name' => 'Read'],
denormalizationContext: ['groups' => ['supplier:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'], denormalizationContext: ['groups' => ['supplier:write', 'company:write', 'api:basic:write'], 'openapi_definition_name' => 'Write'],
)] )]
#[ApiResource( #[ApiResource(
uriTemplate: '/suppliers/{id}/children.{_format}', uriTemplate: '/suppliers/{id}/children.{_format}',
operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a supplier'])], operations: [new GetCollection(openapiContext: ['summary' => 'Retrieves the children elements of a supplier'],
security: 'is_granted("@manufacturers.read")')],
uriVariables: [ uriVariables: [
'id' => new Link(fromClass: Supplier::class, fromProperty: 'children') 'id' => new Link(fromClass: Supplier::class, fromProperty: 'children')
], ],