You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: core/subresources.md
+60-7Lines changed: 60 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,17 +5,23 @@ In API Platform you can declare as many `ApiResource` as you want on a PHP class
5
5
creating Subresources.
6
6
7
7
Subresources work well by implementing your own state [providers](./state-providers.md)
8
-
or [processors](./state-processors.md). In API Platform we provide a working Doctrine layer for
9
-
subresources providing you add the correct configuration for URI Variables.
8
+
or [processors](./state-processors.md). In API Platform, we provide functional Doctrine and Eloquent layers for
9
+
subresources, as long as the correct configuration for URI variables is added.
10
10
11
11
## URI Variables Configuration
12
12
13
-
URI Variables are configured via the `uriVariables` node on an `ApiResource`. It's an array indexed by the variables present in your URI, `/companies/{companyId}/employees/{id}` has two uri variables `companyId` and `id`. For each of these, we need to create a `Link` between the previous and the next node, in this example the link between a Company and an Employee.
13
+
URI Variables are configured via the `uriVariables` node on an `ApiResource`. It's an array indexed by the variables
14
+
present in your URI, `/companies/{companyId}/employees/{id}` has two uri variables `companyId` and `id`.
15
+
For each of these, we need to create a `Link` between the previous and the next node, in this example the link between a
16
+
Company and an Employee.
14
17
15
-
If you're using the Doctrine implementation, queries are automatically built using the provided links.
18
+
If you're using the Doctrine or the Eloquent implementation, queries are automatically built using the provided links.
16
19
17
20
### Answer to a Question
18
21
22
+
> [!NOTE]
23
+
> In Symfony we use the term “entities”, while the following documentation is mostly for Laravel “models”.
24
+
19
25
For this example we have two classes, a Question and an Answer. We want to find the Answer to
20
26
the Question about the Universe using the following URI: `/question/42/answer`.
21
27
@@ -82,6 +88,7 @@ class Question
82
88
```
83
89
84
90
```yaml
91
+
# The YAML syntax is only supported for Symfony
85
92
# api/config/api_platform/resources.yaml
86
93
resources:
87
94
App\Entity\Answer: ~
@@ -90,6 +97,7 @@ resources:
90
97
91
98
```xml
92
99
<?xml version="1.0" encoding="UTF-8" ?>
100
+
<!--The XML syntax is only supported for Symfony-->
> In Symfony we use the term “entities”, while the following documentation is mostly for Laravel “models”.
243
+
229
244
Note that in this example, we declared an association using Doctrine only between Employee and Company using a ManyToOne. There is no inverse association hence the use of `toProperty` in the URI Variables definition.
230
245
231
246
The following declares a few subresources:
@@ -253,7 +268,8 @@ use Doctrine\ORM\Mapping as ORM;
253
268
uriVariables: [
254
269
'companyId' => new Link(fromClass: Company::class, toProperty: 'company'),
255
270
'id' => new Link(fromClass: Employee::class),
256
-
],
271
+
],In Laravel
272
+
257
273
operations: [ new Get() ]
258
274
)]
259
275
#[ApiResource(
@@ -310,7 +326,7 @@ class Company
310
326
}
311
327
```
312
328
313
-
We did not define any Doctrine annotation here and if we want things to work properly with GraphQL, we need to map the `employees` field as a Link to the class `Employee` using the property `company`.
329
+
We did not define any Doctrine or Eloquent annotation here and if we want things to work properly with GraphQL, we need to map the `employees` field as a Link to the class `Employee` using the property `company`.
314
330
315
331
As a general rule, if the property we want to create a link from is in the `fromClass`, use `fromProperty`, if not, use `toProperty`.
316
332
@@ -335,12 +351,15 @@ class Company {
335
351
336
352
## Security
337
353
338
-
In order to use Symfony's built-in security system on subresources the security option of the `Link` attribute can be used.
354
+
In order to use Symfony's or the Laravel built-in security system on subresources the security option of the `Link` attribute can be used.
355
+
356
+
### Symfony example for security
339
357
340
358
To restrict the access to a subresource based on the parent object simply use the Symfony expression language as you would do normally, with the exception that the name defined in `toProperty` or `fromProperty` is used to access the object.
341
359
342
360
Alternatively you can also use the `securityObjectName` to set a custom name.
343
361
362
+
344
363
```php
345
364
<?php
346
365
#[ApiResource(
@@ -358,10 +377,44 @@ class Company {
358
377
}
359
378
```
360
379
380
+
### Laravel example for security
381
+
382
+
With Laravel, we can use the following code:
383
+
384
+
```php
385
+
<?php
386
+
#[ApiResource(
387
+
uriTemplate: '/employees/{employeeId}/company',
388
+
uriVariables: [
389
+
'employeeId' => new Link(fromClass: Employee::class, toProperty: 'company', security: Gate::allows('some_voter', $company)),
390
+
],
391
+
operations: [
392
+
new Get()
393
+
]
394
+
)]
395
+
396
+
class Company {
397
+
// ...
398
+
}
399
+
```
400
+
361
401
This is currently an experimental feature disabled by default. To enable it please set `enable_link_security` to true:
362
402
403
+
### Symfony configuration to disable link security
404
+
363
405
```yaml
364
406
# api/config/packages/api_platform.yaml
365
407
api_platform:
366
408
enable_link_security: true
367
409
```
410
+
411
+
### Laravel configuration to disable link security
0 commit comments