Example Doctrine filter usage, flagging the issue on the priority for… #228
Conversation
… the filter to work as expected More information on Doctrine filters can be found at http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/filters.html Using a great tutorial on implementing a "UserAware" Doctrine filter in Symfony (http://blog.michaelperrin.fr/2014/12/05/doctrine-filters/), this information not only allows an API Platform dev to implement a Doctrine filter, but also sail around the issue where having a too low priority makes the Pagination go off, as discussed in api-platform/core#1185.
|
|
||
| public function onKernelRequest(): void | ||
| { | ||
| if (!$user = $this->getUser()) { |
There was a problem hiding this comment.
This one looks tricky. If a user is anonymous, shouldn't an exception be thrown instead? It looks like the current implementation can cause security concerns with some firewall setups.
There was a problem hiding this comment.
Ok, I see your point - I actually kept the logic here mainly to filtering while security would be handled on the firewall level. It's up to the implementation to decide what needs to happen exactly when dealing with an anonymous user; skipping the filter is indeed most likely not desirable...
Perhaps filtering on id "-1" is an option, instead of returning? Feels quite like a hack though.
What do you think?
There was a problem hiding this comment.
In my projects I add something like WHERE 1=2 but it's definitely a trick. Throwing an exception telling that the security must be enabled looks good enough for a doc entry to me.
|
Thank you very much for this doc entry @djoos. It's really appreciated. I made some cosmetic / CS changes in new commits. |
|
Thanks @djoos |
…the filter to work as expected
More information on Doctrine filters can be found at http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/reference/filters.html
Using a great tutorial on implementing a "UserAware" Doctrine filter in Symfony (http://blog.michaelperrin.fr/2014/12/05/doctrine-filters/), this information not only allows an API Platform dev to implement a Doctrine filter, but also sail around the issue where having a too low priority makes the Pagination go off, as discussed in api-platform/core#1185.
Please let me know if any changes are needed to get this merged. Thanks in advance!
Kind regards,
David