ProcessorInterface multiple ProcessorInterfaces (persist & remove) && Security within State Providers #2704
Replies: 2 comments 1 reply
-
Hi! There are a few ways to set a processor (or a provider) on every operations. A. use a metadata factory This uses the B. set the default value in your
C. Decorating our processor (or replacing it) When using this pattern you can choose whether you call our processor or not: #[AsDecorator('api_platform.doctrine.orm.state.remove_processor')]
class AuditRemoveProcessor implements ProcessorInterface {
public function __construct(
#[AutowireDecorated]
private ProcessorInterface $removeProcessor,
) {}
public function process() {
// use your own logic or call $this->removeProcessor->process()
}
} When using Symfony I'd really recommend not to call any logic in the I usually don't use the class AuditRemoveProcessor implements ProcessorInterface {
public function __construct(
#[Autowire('api_platform.doctrine.orm.state.remove_processor')]
private ProcessorInterface $removeProcessor,
) {}
public function process() {
// use your own logic or call $this->removeProcessor->process()
}
} |
Beta Was this translation helpful? Give feedback.
-
If you use Symfony there's a whole security option, you can throw absolutely any exceptions you want. To configure Exception to HTTP responses there are several ways:
# config/packages/api_platform.yaml
api_platform:
# ...
exception_to_status:
# The 4 following handlers are registered by default, keep those lines to prevent unexpected side effects
Symfony\Component\Serializer\Exception\ExceptionInterface: 400 # Use a raw status code (recommended)
ApiPlatform\Exception\InvalidArgumentException: !php/const Symfony\Component\HttpFoundation\Response::HTTP_BAD_REQUEST
ApiPlatform\ParameterValidator\Exception\ValidationExceptionInterface: 400
Doctrine\ORM\OptimisticLockException: 409 See https://api-platform.com/docs/core/errors/
|
Beta Was this translation helpful? Give feedback.
-
Hi,
I am considering using API Platform to wire up around 100 Doctrine Entities. I am currently working on a POC and have the following questions:
Instead of deleting entries over the REST interface we change a boolean field in the DB and audit the action (when and by whom ). As I need to change fields, instead of removing the entry I require the persistProcessor. I achieved this, using the following constructor. Anyhow it's not fully clear, if this is the "correct" way to do so. (I understood that I could wire up each Operation manually, but as we have the same mechanis for all Entities a global is enough)
2) Security within the State Provider Level
In the DOC it is mentiond that filtering collections must be done directly at the state provider level; what's the "correct" way to "throw" an "access error in within the process routine of a State Provider? Is there a defined exception to use? I didn't find any example or is there a better/clearer way?
Thanks in advance an pl. apologize, if github is the wrong place for such questions and if so, pl. relink me to the correct place.
Best regards from Bavaria
.\ichael
Beta Was this translation helpful? Give feedback.
All reactions