You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Additionally some places use ROLE_API_ACCESS check to distinguish between admin user and admin user in api context, which imo should be removed and left to firewall to handle or otherwise role name should be parameterized or moved to checker class, which can be overridden easily.
Another case is that serialization groups like admin:product:read were split into admin:product:index and admin:product:show recently, but usage for them is not updated, so normalizer like this
Use section resolver to determine current section.
If existing main request based section resolver has some performance penalty, consider APIP context uri section resolver as alternative.
If collection/item operation check still needed, make APIP route name checker to determine current operation type, e.g. collection or item (Though operation type should be specified on context directly without need to parse route naming) for places where both section + operation type should be used.
Apply serialization normalizer based on serialization group
Add section to namespace at DataProvider/Serializer/etc, where classes are section specific, example:
Hello @diimpp, your proposal is valid. However, due to conflicting priorities, we will consider implementing the solution for your proposal in the Sylius 2.0 release. 🕺
1
Currently
ApiBundle
uses mix of techniques to determine current api section:Examples
Sylius/src/Sylius/Bundle/ApiBundle/Serializer/ProductVariantNormalizer.php
Lines 93 to 96 in 9dfbb6d
Sylius/src/Sylius/Bundle/ApiBundle/Serializer/ProductNormalizer.php
Lines 67 to 76 in 9dfbb6d
Sylius/src/Sylius/Bundle/ApiBundle/DataProvider/ProductItemDataProvider.php
Lines 38 to 47 in 9dfbb6d
2
Additionally some places use
ROLE_API_ACCESS
check to distinguish between admin user and admin user in api context, which imo should be removed and left to firewall to handle or otherwise role name should be parameterized or moved to checker class, which can be overridden easily.Sylius/src/Sylius/Bundle/ApiBundle/DataProvider/ProductItemDataProvider.php
Lines 38 to 40 in 9dfbb6d
3
Another case is that serialization groups like
admin:product:read
were split intoadmin:product:index
andadmin:product:show
recently, but usage for them is not updated, so normalizer like thisSylius/src/Sylius/Bundle/ApiBundle/Serializer/ProductNormalizer.php
Lines 46 to 53 in 9dfbb6d
is specific to
admin:product:show
, but will be executed atindex
as well.Solution is to apply serialization normalizer based on serialization group, which can look like,
Proposal:
ROLE_API_ACCESS
check entirely.section resolver
to determine current section.section resolver
has some performance penalty, consider APIP context uri section resolver as alternative.The text was updated successfully, but these errors were encountered: