You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
> In Symfony we use the term “entities”, while the following documentation is mostly for Laravel “models”.
242
+
231
243
Note that in this example, we declared an association using Doctrine only between Employee and Company using a ManyToOne. There is no inverse association hence the use of `toProperty` in the URI Variables definition.
232
244
233
245
The following declares a few subresources: - `/companies/{companyId}/employees/{id}` - get an employee belonging to a company - `/companies/{companyId}/employees` - get the company employee's
@@ -253,7 +265,8 @@ use Doctrine\ORM\Mapping as ORM;
253
265
uriVariables: [
254
266
'companyId' => new Link(fromClass: Company::class, toProperty: 'company'),
255
267
'id' => new Link(fromClass: Employee::class),
256
-
],
268
+
],In Laravel
269
+
257
270
operations: [ new Get() ]
258
271
)]
259
272
#[ApiResource(
@@ -310,7 +323,7 @@ class Company
310
323
}
311
324
```
312
325
313
-
We did not define any Doctrine annotation here and if we want things to work properly with GraphQL, we need to map the `employees` field as a Link to the class `Employee` using the property `company`.
326
+
We did not define any Doctrine or Eloquent annotation here and if we want things to work properly with GraphQL, we need to map the `employees` field as a Link to the class `Employee` using the property `company`.
314
327
315
328
As a general rule, if the property we want to create a link from is in the `fromClass`, use `fromProperty`, if not, use `toProperty`.
316
329
@@ -335,12 +348,15 @@ class Company {
335
348
336
349
## Security
337
350
338
-
In order to use Symfony's built-in security system on subresources the security option of the `Link` attribute can be used.
351
+
In order to use Symfony's or the Laravel built-in security system on subresources the security option of the `Link` attribute can be used.
352
+
353
+
### Symfony example for security
339
354
340
355
To restrict the access to a subresource based on the parent object simply use the Symfony expression language as you would do normally, with the exception that the name defined in `toProperty` or `fromProperty` is used to access the object.
341
356
342
357
Alternatively you can also use the `securityObjectName` to set a custom name.
343
358
359
+
344
360
```php
345
361
<?php
346
362
#[ApiResource(
@@ -358,10 +374,44 @@ class Company {
358
374
}
359
375
```
360
376
377
+
### Laravel example for security
378
+
379
+
With Laravel, we can use the following code:
380
+
381
+
```php
382
+
<?php
383
+
#[ApiResource(
384
+
uriTemplate: '/employees/{employeeId}/company',
385
+
uriVariables: [
386
+
'employeeId' => new Link(fromClass: Employee::class, toProperty: 'company', security: Gate::allows('some_voter', $company)),
387
+
],
388
+
operations: [
389
+
new Get()
390
+
]
391
+
)]
392
+
393
+
class Company {
394
+
// ...
395
+
}
396
+
```
397
+
361
398
This is currently an experimental feature disabled by default. To enable it please set `enable_link_security` to true:
362
399
400
+
### Symfony configuration to disable link security
401
+
363
402
```yaml
364
403
# api/config/packages/api_platform.yaml
365
404
api_platform:
366
405
enable_link_security: true
367
406
```
407
+
408
+
### Laravel configuration to disable link security
0 commit comments