Question: how to add custom filter unrelated to a query parameter #53
Description
I have the following scenario: I'm using t3api in a project where some API consumers have more right than others. Each record has a kind of visibility flag, which may indicate either that the record is public or that is has restricted access. Access to the API requires a valid FE user, identified using an API key passed in the HTTP headers.
A FE user may be allowed to access restricted records of any table. So what I'm trying to do is to add a filter that would set a condition on the records depending on the FE user rights: namely, if the user is not allowed to access restricted records, then such records should not be fetched from the repository and returned.
I have tried various strategies without success so far, in part due to the documentation being missing on topics like security. My latest try is to use a custom filter, which I add to the operation by adding a custom operation for collections, extending and overriding \SourceBroker\T3api\OperationHandler\CollectionGetOperationHandler. This nearly works, but my custom filter gets removed by this call (in \SourceBroker\T3api\Domain\Repository\CommonRepository::findFiltered()):
$apiFilters = $this->filterAndSortApiFiltersByQueryParams($apiFilters, $queryParams);
because the flag that I want to check is not a query parameter. I understand the logic of dropping filters that are related to a query parameter when said parameter is not defined, but is there a way to preserve a filter, without relating it to a query parameter?
Or is there another way to achieve what I'm trying to do?
Thanks in advance for any help.