Correct filter id needs split

abluchet · abluchet · commit 4bf98637c470 · 2017-11-23T17:34:45.000+01:00
diff --git a/src/Api/IriConverterInterface.php b/src/Api/IriConverterInterface.php
@@ -85,4 +85,12 @@ public function getItemIriFromResourceClass(string $resourceClass, array $identi
      * @return string
      */
     public function getSubresourceIriFromResourceClass(string $resourceClass, array $identifiers, int $referenceType = UrlGeneratorInterface::ABS_PATH): string;
+
+    /**
+     * Gets identifiers from a given IRI.
+     *
+     * @throws InvalidArgumentException
+     * @throws RuntimeException
+     */
+    public function getIdentifiersFromIri(string $iri, array $context = []): array;
 }
diff --git a/src/Bridge/Doctrine/Orm/Filter/SearchFilter.php b/src/Bridge/Doctrine/Orm/Filter/SearchFilter.php
@@ -18,7 +18,9 @@
 use ApiPlatform\Core\Bridge\Doctrine\Orm\Util\QueryNameGeneratorInterface;
 use ApiPlatform\Core\Exception\InvalidArgumentException;
 use Doctrine\Common\Persistence\ManagerRegistry;
+use Doctrine\Common\Persistence\Mapping\ClassMetadata;
 use Doctrine\DBAL\Types\Type;
+use Doctrine\ORM\Mapping\MappingException;
 use Doctrine\ORM\QueryBuilder;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\HttpFoundation\RequestStack;
@@ -138,7 +140,7 @@ public function getDescription(string $resourceClass): array
      *
      * @return string
      */
-    private function getType(string $doctrineType): string
+    private function getType(string $doctrineType = null): string
     {
         switch ($doctrineType) {
             case Type::TARRAY:
@@ -207,8 +209,16 @@ protected function filterProperty(string $property, $value, QueryBuilder $queryB
         $caseSensitive = true;
 
         if ($metadata->hasField($field)) {
-            if ('id' === $field) {
-                $values = array_map([$this, 'getIdFromValue'], $values);
+            if ($metadata->isIdentifier($field)) {
+                $values = $this->getValueIdentifiers($values, $field);
+            }
+
+            if (!$this->hasValidValues($values, $field, $metadata)) {
+                $this->logger->notice('Invalid filter ignored', [
+                    'exception' => new InvalidArgumentException(sprintf('Values for field "%s" are not valid according to the doctrine type.', $field)),
+                ]);
+
+                return;
             }
 
             $strategy = $this->properties[$property] ?? self::STRATEGY_EXACT;
@@ -246,14 +256,33 @@ protected function filterProperty(string $property, $value, QueryBuilder $queryB
             return;
         }
 
-        $values = array_map([$this, 'getIdFromValue'], $values);
+        $values = $this->getValueIdentifiers($values, $field);
+
+        if (!$this->hasValidValues($values, $field, $metadata)) {
+            $this->logger->notice('Invalid filter ignored', [
+                'exception' => new InvalidArgumentException(sprintf('Values for field "%s" are not valid according to the doctrine type.', $field)),
+            ]);
+
+            return;
+        }
 
         $association = $field;
         $valueParameter = $queryNameGenerator->generateParameterName($association);
 
         if ($metadata->isCollectionValuedAssociation($association)) {
             $associationAlias = QueryBuilderHelper::addJoinOnce($queryBuilder, $queryNameGenerator, $alias, $association);
-            $associationField = 'id';
+            $targetClass = $metadata->getAssociationTargetClass($association);
+            $associationMetadata = $this->getClassMetadata($targetClass);
+
+            try {
+                $associationField = $associationMetadata->getSingleIdentifierFieldName();
+            } catch (MappingException $e) {
+                $this->logger->notice('Invalid filter ignored', [
+                    'exception' => new InvalidArgumentException(sprintf('"%s" association has a composite identifier which is not supported.', $association)),
+                ]);
+
+                return;
+            }
         } else {
             $associationAlias = $alias;
             $associationField = $field;
@@ -347,10 +376,14 @@ protected function createWrapCase(bool $caseSensitive): \Closure
      *
      * @param string $value
      *
+     * @deprecated The "getValueIdentifiers" method should be used instead. Indeed this method has a hard-coded `id` property.
+     *
      * @return mixed
      */
     protected function getIdFromValue(string $value)
     {
+        @trigger_error(sprintf('The method "%s"::"%s" is deprecated since API Platform 2.2 and will be removed in API Platform 3. Please use "getValueIdentifiers" instead.', __CLASS__, __METHOD__), E_USER_DEPRECATED);
+
         try {
             if ($item = $this->iriConverter->getItemFromIri($value, ['fetch_data' => false])) {
                 return $this->propertyAccessor->getValue($item, 'id');
@@ -362,6 +395,42 @@ protected function getIdFromValue(string $value)
         return $value;
     }
 
+    /**
+     * Transforms IRI to raw identifiers if possible.
+     */
+    protected function getValueIdentifiers(array $values, string $field): array
+    {
+        foreach ($values as $key => $value) {
+            if (is_numeric($value)) {
+                continue;
+            }
+
+            try {
+                $identifiers = $this->iriConverter->getIdentifiersFromIri($value, ['fetch_data' => false]);
+                $values[$key] = $identifiers[$field] ?? reset($identifiers); //an assumption is being made for composite identifiers
+            } catch (InvalidArgumentException $e) {
+                // Do nothing, return the raw value
+            }
+        }
+
+        return $values;
+    }
+
+    /**
+     * When the field should be an integer, check that the given value is a valid one.
+     */
+    protected function hasValidValues(array $values, string $field, ClassMetadata $metadata): bool
+    {
+        foreach ($values as $key => $value) {
+            $type = $metadata->getTypeOfField($field);
+            if (Type::INTEGER === $type && null !== $value && false === filter_var($value, FILTER_VALIDATE_INT)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
     /**
      * Normalize the values array.
      *
diff --git a/src/Bridge/Symfony/Routing/IriConverter.php b/src/Bridge/Symfony/Routing/IriConverter.php
@@ -86,6 +86,14 @@ public function getItemFromIri(string $iri, array $context = [])
         throw new ItemNotFoundException(sprintf('Item not found for "%s".', $iri));
     }
 
+    /**
+     * {@inheritdoc}
+     */
+    public function getIdentifiersFromIri(string $iri, array $context = []): array
+    {
+        return $this->identifiersExtractor->getIdentifiersFromItem($this->getItemFromIri($iri, $context));
+    }
+
     /**
      * {@inheritdoc}
      */
diff --git a/tests/Bridge/Doctrine/Orm/Filter/SearchFilterTest.php b/tests/Bridge/Doctrine/Orm/Filter/SearchFilterTest.php
@@ -68,15 +68,11 @@ protected function setUp()
         $manager = DoctrineTestHelper::createTestEntityManager();
         $this->managerRegistry = self::$kernel->getContainer()->get('doctrine');
 
-        $relatedDummyProphecy = $this->prophesize(RelatedDummy::class);
-
         $iriConverterProphecy = $this->prophesize(IriConverterInterface::class);
 
-        $iriConverterProphecy->getItemFromIri(Argument::type('string'), ['fetch_data' => false])->will(function ($args) use ($relatedDummyProphecy) {
+        $iriConverterProphecy->getIdentifiersFromIri(Argument::type('string'), ['fetch_data' => false])->will(function ($args) {
             if (false !== strpos($args[0], '/related_dummies')) {
-                $relatedDummyProphecy->getId()->shouldBeCalled()->willReturn(1);
-
-                return $relatedDummyProphecy->reveal();
+                return ['id' => 1];
             }
 
             throw new InvalidArgumentException();
@@ -746,7 +742,7 @@ public function testDoubleJoin()
 
     public function testTripleJoin()
     {
-        $request = Request::create('/api/dummies', 'GET', ['relatedDummy.symfony' => 'foo', 'relatedDummy.thirdLevel.level' => 'bar']);
+        $request = Request::create('/api/dummies', 'GET', ['relatedDummy.symfony' => 'foo', 'relatedDummy.thirdLevel.level' => '2']);
         $requestStack = new RequestStack();
         $requestStack->push($request);
         $queryBuilder = $this->repository->createQueryBuilder('o');
@@ -770,7 +766,7 @@ public function testTripleJoin()
 
     public function testJoinLeft()
     {
-        $request = Request::create('/api/dummies', 'GET', ['relatedDummy.symfony' => 'foo', 'relatedDummy.thirdLevel.level' => 'bar']);
+        $request = Request::create('/api/dummies', 'GET', ['relatedDummy.symfony' => 'foo', 'relatedDummy.thirdLevel.level' => '3']);
         $requestStack = new RequestStack();
         $requestStack->push($request);
         $queryBuilder = $this->repository->createQueryBuilder('o');
diff --git a/tests/Bridge/Symfony/Routing/IriConverterTest.php b/tests/Bridge/Symfony/Routing/IriConverterTest.php
@@ -21,8 +21,11 @@
 use ApiPlatform\Core\DataProvider\ItemDataProviderInterface;
 use ApiPlatform\Core\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
 use ApiPlatform\Core\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
+use ApiPlatform\Core\Metadata\Property\PropertyMetadata;
+use ApiPlatform\Core\Metadata\Property\PropertyNameCollection;
 use ApiPlatform\Core\Tests\Fixtures\TestBundle\Entity\Dummy;
 use ApiPlatform\Core\Tests\Fixtures\TestBundle\Entity\RelatedDummy;
+use ApiPlatform\Core\Tests\Fixtures\TestBundle\Entity\User;
 use PHPUnit\Framework\TestCase;
 use Prophecy\Argument;
 use Symfony\Component\Routing\Exception\RouteNotFoundException;
@@ -164,7 +167,8 @@ public function testGetItemFromIri()
             null,
             new IdentifiersExtractor($propertyNameCollectionFactory, $propertyMetadataFactory)
         );
-        $converter->getItemFromIri('/users/3', ['fetch_data' => true]);
+
+        $this->assertEquals('foo', $converter->getItemFromIri('/users/3', ['fetch_data' => true]));
     }
 
     public function testGetIriFromResourceClass()
@@ -352,4 +356,43 @@ public function testNotAbleToGenerateGetItemIriFromResourceClass()
         );
         $converter->getItemIriFromResourceClass(Dummy::class, ['id' => 1]);
     }
+
+    public function testGetIdentifiersFromIri()
+    {
+        $propertyNameCollectionFactoryProphecy = $this->prophesize(PropertyNameCollectionFactoryInterface::class);
+        $propertyNameCollectionFactoryProphecy->create(Argument::type('string'))->willReturn(new PropertyNameCollection(['id']));
+
+        $propertyMetadataFactoryProphecy = $this->prophesize(PropertyMetadataFactoryInterface::class);
+        $propertyMetadataFactoryProphecy->create(Argument::type('string'), 'id')->willReturn((new PropertyMetadata())->withIdentifier(true));
+
+        $userProphecy = $this->prophesize(User::class);
+        $userProphecy->getId()->willReturn(3);
+
+        $itemDataProviderProphecy = $this->prophesize(ItemDataProviderInterface::class);
+        $itemDataProviderProphecy->getItem(User::class, 3, null, ['fetch_data' => false])
+            ->willReturn($userProphecy->reveal())
+            ->shouldBeCalledTimes(1);
+
+        $routeNameResolverProphecy = $this->prophesize(RouteNameResolverInterface::class);
+
+        $routerProphecy = $this->prophesize(RouterInterface::class);
+        $routerProphecy->match('/users/3')->willReturn([
+            '_api_resource_class' => User::class,
+            'id' => 3,
+        ])->shouldBeCalledTimes(1);
+
+        $propertyNameCollectionFactory = $propertyNameCollectionFactoryProphecy->reveal();
+        $propertyMetadataFactory = $propertyMetadataFactoryProphecy->reveal();
+
+        $converter = new IriConverter(
+            $propertyNameCollectionFactory,
+            $propertyMetadataFactory,
+            $itemDataProviderProphecy->reveal(),
+            $routeNameResolverProphecy->reveal(),
+            $routerProphecy->reveal(),
+            null,
+            new IdentifiersExtractor($propertyNameCollectionFactory, $propertyMetadataFactory)
+        );
+        $this->assertEquals(['id' => 3], $converter->getIdentifiersFromIri('/users/3', ['fetch_data' => false]));
+    }
 }
