Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(state): add security to parameters #6435

Merged
merged 2 commits into from
Jul 4, 2024

Conversation

emmanuel-averty
Copy link
Contributor

@emmanuel-averty emmanuel-averty commented Jun 25, 2024

Q A
Branch? main
License MIT

This PR adds a security property to Parameter, and the corresponding state provider to manage it.

TODO

  • should I move securityMessage and securityObject from Link to Parameter ?
  • set the correct value for SecurityProvider decoration priority
  • should I move security property after extraProperties in Parameter constructor to avoid BC break ?
  • tests
  • docs PR

@emmanuel-averty
Copy link
Contributor Author

emmanuel-averty commented Jun 27, 2024

  • a un-granted security should lead to a 403

@emmanuel-averty emmanuel-averty force-pushed the feat/parameter-security branch from d275e1e to 5aca019 Compare July 1, 2024 12:50
src/Metadata/Parameter.php Outdated Show resolved Hide resolved
src/State/Provider/SecurityParameterProvider.php Outdated Show resolved Hide resolved
tests/Functional/Parameters/SecurityTests.php Show resolved Hide resolved
@emmanuel-averty emmanuel-averty force-pushed the feat/parameter-security branch from 5aca019 to ae0e201 Compare July 2, 2024 07:30
@emmanuel-averty emmanuel-averty marked this pull request as ready for review July 2, 2024 07:58
Comment on lines 51 to 57
$apiValues = $parameter->getExtraProperties()['_api_values'] ?? [];
if (!isset($apiValues[$parameter->getKey()])) {
continue;
}

$key = $this->getParameterFlattenKey($parameter->getKey(), $this->extractParameterValues($parameter, $request, $context));
$value = $parameter->getExtraProperties()['_api_values'][$key][0] ?? null;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
$apiValues = $parameter->getExtraProperties()['_api_values'] ?? [];
if (!isset($apiValues[$parameter->getKey()])) {
continue;
}
$key = $this->getParameterFlattenKey($parameter->getKey(), $this->extractParameterValues($parameter, $request, $context));
$value = $parameter->getExtraProperties()['_api_values'][$key][0] ?? null;
$key = $this->getParameterFlattenKey($parameter->getKey(), $this->extractParameterValues($parameter, $request, $context));
$value = $parameter->getExtraProperties()['_api_values'][$key] ?? null;

@soyuka soyuka changed the base branch from main to 3.4 July 4, 2024 07:51
@emmanuel-averty emmanuel-averty force-pushed the feat/parameter-security branch from 1f5beca to 97a2aa2 Compare July 4, 2024 09:12
@soyuka soyuka merged commit 0b985ae into api-platform:3.4 Jul 4, 2024
75 of 77 checks passed
soyuka pushed a commit to soyuka/core that referenced this pull request Jul 7, 2024
* fix(state): add security to parameters

* chore(state): fix style
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants