Docuemtn filters/parameters etc.

soyuka · soyuka · commit 334f481d2f8d · 2025-06-29T14:57:44.000+02:00
diff --git a/core/filters.md b/core/filters.md
@@ -23,6 +23,114 @@ For the **specific filters documentation**, please refer to the following pages,
 
 You can declare parameters on a Resource or an Operation through the `parameters` property.
 
+The `ParameterProvider` is at the heart of parameter handling in API Platform. When a request comes in, this provider iterates through all the parameters defined for the operation. For each parameter, it performs the following steps:
+
+1.  **Value Extraction**: It retrieves the parameter's value from the request. For `QueryParameter`, it looks in the query string, and for `HeaderParameter`, it checks the request headers.
+2.  **Default Value**: If the parameter is not present in the request, the provider checks if a default value is defined in the parameter's schema. If so, it uses the default value.
+3.  **Value Setting**: The extracted or default value is then set on the `Parameter` object.
+4.  **Custom Provider**: If the parameter has a custom provider defined (via the `provider` option), the `ParameterProvider` will invoke it. This allows for custom logic to be executed, such as modifying the `Operation` object based on the parameter's value.
+
+### Strict Parameter Validation
+
+API Platform supports strict parameter validation. When enabled on an `HttpOperation` (by setting `strictQueryParameterValidation` to `true`), the `ParameterProvider` will check if the request contains any query parameters that are not explicitly defined for the operation. If it finds any unknown parameters, it will throw a `ParameterNotSupportedException`, effectively rejecting the request. This helps to ensure that clients are only using the parameters that are supported by the API.
+
+### Path Parameters as Links
+
+In API Platform, path parameters are not just simple placeholders in the URL; they are powerful constructs represented by `ApiPlatform\Metadata\Link` objects. These `Link` objects allow you to define the relationship between the path parameter and the resource being requested. This is especially useful for fetching related resources and for filtering collections based on path parameters.
+
+For example, consider a URL like `/companies/{companyId}/employees`. The `{companyId}` path parameter can be configured as a `Link` to filter the `Employee` collection and return only the employees belonging to the specified company.
+
+Here's how you can configure a path parameter as a `Link`:
+
+```php
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\GetCollection;
+use ApiPlatform\Metadata\Link;
+use App\Entity\Company;
+
+#[ApiResource(
+    operations: [
+        new GetCollection(
+            uriTemplate: '/companies/{companyId}/employees',
+            uriVariables: [
+                'companyId' => new Link(toProperty: 'company', fromClass: Company::class)
+            ]
+        )
+    ]
+)]
+class Employee
+{
+    // ...
+}
+```
+
+In this example, the `companyId` path parameter is linked to the `company` property of the `Employee` resource. When a request is made to `/companies/1/employees`, API Platform will automatically filter the `Employee` collection to return only the employees where the `company` property is the `Company` with an ID of 1.
+
+This filtering is made possible by the `ApiPlatform\Doctrine\Orm\Extension\ParameterExtension`. This extension inspects the `Link` objects defined for an operation and, if a `toProperty` is specified, it automatically adds a `WHERE` clause to the Doctrine query to filter the results.
+
+You can also use IRIs (Internationalized Resource Identifiers) in your path parameters. For example, you could have a URL like `/employees/by-company/{companyIri}`. In this case, you would configure the `Link` to use the IRI to fetch the related company.
+
+Here's an example of how to use an IRI as a path parameter:
+
+```php
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\Link;
+use App\Entity\Dummy;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            uriTemplate: '/with_parameters_iris/{dummyIri}',
+            uriVariables: [
+                'dummyIri' => new Link(fromClass: Dummy::class)
+            ]
+        )
+    ]
+)]
+class WithParameters
+{
+    // ...
+}
+```
+
+In this example, a GET request to `/with_parameters_iris/dummies/1` would fetch the `Dummy` entity with ID 1 and use it as the `dummyIri` parameter.
+
+You can also use path parameters to filter collections of resources. For example, you could have a URL like `/with_parameters_links?dummy=1`. This would fetch a collection of resources, filtered by the `dummy` parameter.
+
+Here's an example of how to use a path parameter to filter a collection:
+
+```php
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\GetCollection;
+use ApiPlatform\Metadata\Link;
+use App\Entity\Dummy;
+
+#[ApiResource(
+    operations: [
+        new GetCollection(
+            uriTemplate: '/with_parameters_links',
+            uriVariables: [
+                'dummy' => new Link(fromClass: Dummy::class)
+            ]
+        )
+    ]
+)]
+class WithParameters
+{
+    // ...
+}
+```
+
+In this example, a GET request to `/with_parameters_links?dummy=1` would fetch a collection of `WithParameters` resources, filtered by the `dummy` parameter with the value `1`.
+
+
 ```php
 namespace App\ApiResource;
 
@@ -176,6 +284,13 @@ class Book {
 
 A parameter is quite close to its documentation, and you can specify the JSON Schema and/or the OpenAPI documentation:
 
+The documentation for parameters is generated automatically based on their definitions. This is made possible by two key interfaces:
+
+*   **`JsonSchemaFilterInterface`**: Filters implementing this interface can provide a JSON Schema for the parameters they handle. This schema is used to generate the Hydra documentation.
+*   **`OpenApiParameterFilterInterface`**: Filters implementing this interface can provide an array of OpenAPI `Parameter` objects. This is used to generate the OpenAPI (Swagger) documentation.
+
+By implementing these interfaces in your custom filters, you can ensure that your parameters are accurately and automatically documented in both Hydra and OpenAPI.
+
 ```php
 namespace App\ApiResource;
 
diff --git a/core/parameters.md b/core/parameters.md
@@ -0,0 +1,248 @@
+# Using Parameters
+
+API Platform provides a powerful and flexible parameter system that allows you to control various aspects of your API, from filtering and pagination to serialization and security. This guide will walk you through the different types of parameters available and how to use them effectively.
+
+## Query Parameters
+
+Query parameters are the most common type of parameter. They are passed in the URL's query string (e.g., `?page=2`). You can define query parameters on a resource or on a specific operation using the `#[QueryParameter]` attribute.
+
+Here's an example of how to define a query parameter for pagination:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\GetCollection;
+use ApiPlatform\Metadata\QueryParameter;
+
+#[ApiResource(
+    operations: [
+        new GetCollection(
+            parameters: [
+                'page' => new QueryParameter(description: 'The page number.', schema: ['type' => 'integer', 'default' => 1])
+            ]
+        )
+    ]
+)]
+class Book
+{
+    // ...
+}
+```
+
+In this example, we've defined a `page` query parameter for the `GetCollection` operation. The parameter has a description, a schema that specifies its type and default value.
+
+## Header Parameters
+
+Header parameters are passed in the request headers (e.g., `Authorization: Bearer <token>`). You can define header parameters using the `#[HeaderParameter]` attribute.
+
+Here's an example of how to define a header parameter for an API key:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\HeaderParameter;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            parameters: [
+                'API_KEY' => new HeaderParameter(description: 'Your API key.', required: true, schema: ['type' => 'string'])
+            ]
+        )
+    ]
+)]
+class Book
+{
+    // ...
+}
+```
+
+In this example, we've defined an `API_KEY` header parameter for the `Get` operation. The parameter is required and has a schema that specifies its type.
+
+## Path Parameters as Links
+
+Path parameters are the dynamic parts of the URL (e.g., the `{id}` in `/books/{id}`). In API Platform, path parameters are represented by `ApiPlatform\Metadata\Link` objects. These objects allow you to define the relationship between the path parameter and the resource being requested.
+
+This is particularly useful for fetching related resources and for filtering collections based on path parameters.
+
+Here's an example of how to use a path parameter to fetch a collection of books by a specific author:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\GetCollection;
+use ApiPlatform\Metadata\Link;
+use App\Entity\Author;
+
+#[ApiResource(
+    operations: [
+        new GetCollection(
+            uriTemplate: '/authors/{authorId}/books',
+            uriVariables: [
+                'authorId' => new Link(toProperty: 'author', fromClass: Author::class)
+            ]
+        )
+    ]
+)]
+class Book
+{
+    public int $id;
+    public string $title;
+    public Author $author;
+}
+```
+
+In this example, the `authorId` path parameter is linked to the `author` property of the `Book` resource. When a request is made to `/authors/1/books`, API Platform will automatically filter the `Book` collection to return only the books where the `author` property is the `Author` with an ID of 1.
+
+This filtering is made possible by the `ApiPlatform\Doctrine\Orm\Extension\ParameterExtension`. This extension inspects the `Link` objects defined for an operation and, if a `toProperty` is specified, it automatically adds a `WHERE` clause to the Doctrine query to filter the results.
+
+## Parameter Validation
+
+API Platform automatically validates parameters based on their schema definition. For example, if you define a parameter with `['type' => 'integer']`, API Platform will ensure that the value passed in the request is a valid integer.
+
+You can also use [Symfony's validation constraints](https://symfony.com/doc/current/validation.html) to define more complex validation rules.
+
+Here's an example of how to use validation constraints on a parameter:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\QueryParameter;
+use Symfony\Component\Validator\Constraints as Assert;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            parameters: [
+                'rating' => new QueryParameter(
+                    description: 'The rating of the book.',
+                    schema: ['type' => 'integer'],
+                    constraints: [
+                        new Assert\Range(min: 1, max: 5)
+                    ]
+                )
+            ]
+        )
+    ]
+)]
+class Book
+{
+    // ...
+}
+```
+
+In this example, we've added a `Range` constraint to the `rating` parameter, ensuring that its value is between 1 and 5.
+
+## Parameter Security
+
+You can secure your parameters using the `security` option. This allows you to restrict access to parameters based on the user's roles or other conditions.
+
+Here's an example of how to secure a parameter:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\QueryParameter;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            parameters: [
+                'show_unpublished' => new QueryParameter(
+                    description: 'Whether to show unpublished books.',
+                    schema: ['type' => 'boolean'],
+                    security: "is_granted('ROLE_ADMIN')"
+                )
+            ]
+        )
+    ]
+)]
+class Book
+{
+    // ...
+}
+```
+
+In this example, the `show_unpublished` parameter can only be used by users with the `ROLE_ADMIN` role.
+
+## Custom Parameter Providers
+
+For more advanced use cases, you can create your own custom parameter providers. A parameter provider is a class that implements the `ApiPlatform\State\ParameterProviderInterface`. This interface has a `provide` method that allows you to implement your own logic for handling a parameter.
+
+Here's an example of a custom parameter provider that modifies the serialization context based on a query parameter:
+
+```php
+<?php
+// src/Parameter/GroupsParameterProvider.php
+
+namespace App\Parameter;
+
+use ApiPlatform\State\ParameterProviderInterface;
+use ApiPlatform\Metadata\Parameter;
+use ApiPlatform\Metadata\HttpOperation;
+
+class GroupsParameterProvider implements ParameterProviderInterface
+{
+    public function provide(Parameter $parameter, array $uriVariables = [], array $context = []): HttpOperation
+    {
+        $request = $context['request'];
+        return $context['operation']->withNormalizationContext(['groups' => $request->query->all('groups')]);
+    }
+}
+```
+
+You can then use this provider on a parameter:
+
+```php
+<?php
+// api/src/ApiResource/Book.php
+
+namespace App\ApiResource;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\QueryParameter;
+use App\Parameter\GroupsParameterProvider;
+
+#[ApiResource(
+    operations: [
+        new Get(
+            parameters: [
+                'groups' => new QueryParameter(
+                    description: 'The serialization groups to use.',
+                    provider: GroupsParameterProvider::class
+                )
+            ]
+        )
+    ]
+)]
+class Book
+{
+    // ...
+}
+```
+
+In this example, when the `groups` parameter is present in the request, the `GroupsParameterProvider` will be invoked, and it will modify the serialization context to use the specified groups.
