6067528200

Committed 04 Sep 2023 12:12AM UTC coverage: 36.875% (-21.9%) from 58.794%

Build # 6067528200

Build Type

Pull #5791

github

Committed by

web-flow

Commit Message

Merge 64157e578 into d09cfc9d2

Pull Request Pull Request #5791: fix: strip down any sql function name

Run Details

3096 of 3096 new or added lines in 205 files covered. (100.0%)

9926 of 26918 relevant lines covered (36.87%)

6.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

69.57

/src/Serializer/SerializerContextBuilder.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Serializer;

use ApiPlatform\Doctrine\Orm\State\Options;
use ApiPlatform\Metadata\CollectionOperationInterface;
use ApiPlatform\Metadata\Error as ErrorOperation;
use ApiPlatform\Metadata\Exception\RuntimeException;
use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Serializer\Encoder\CsvEncoder;
use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;

/**
 * {@inheritdoc}
 *
 * @author Kévin Dunglas <dunglas@gmail.com>
 */
final class SerializerContextBuilder implements SerializerContextBuilderInterface
{
    public function __construct(private readonly ?ResourceMetadataCollectionFactoryInterface $resourceMetadataFactory = null, private readonly bool $debug = false)
    {
    }

    /**
     * {@inheritdoc}
     */
    public function createFromRequest(Request $request, bool $normalization, array $attributes = null): array
    {
        if (null === $attributes && !$attributes = RequestAttributesExtractor::extractAttributes($request)) {
            throw new RuntimeException('Request attributes are not valid.');
        }

        if (!($operation = $attributes['operation'] ?? null)) {
            if (!$this->resourceMetadataFactory) {
                throw new RuntimeException('No operation');
            }

            $operation = $this->resourceMetadataFactory->create($attributes['resource_class'])->getOperation($attributes['operation_name'] ?? null);
        }

        $context = $normalization ? ($operation->getNormalizationContext() ?? []) : ($operation->getDenormalizationContext() ?? []);
        $context['operation_name'] = $operation->getName();
        $context['operation'] = $operation;
        $context['resource_class'] = $attributes['resource_class'];
        $context['skip_null_values'] ??= true;
        $context['iri_only'] ??= false;
        $context['request_uri'] = $request->getRequestUri();
        $context['uri'] = $request->getUri();
        $context['input'] = $operation->getInput();
        $context['output'] = $operation->getOutput();
        $context['skip_deprecated_exception_normalizers'] = true;

        // Special case as this is usually handled by our OperationContextTrait, here we want to force the IRI in the response
        if (!$operation instanceof CollectionOperationInterface && method_exists($operation, 'getItemUriTemplate') && $operation->getItemUriTemplate()) {
            $context['item_uri_template'] = $operation->getItemUriTemplate();
        }

        if ($types = $operation->getTypes()) {
            $context['types'] = $types;
        }

        // TODO: remove this as uri variables are available in the SerializerProcessor but correctly parsed
        if ($operation->getUriVariables()) {
            $context['uri_variables'] = [];

            foreach (array_keys($operation->getUriVariables()) as $parameterName) {
                $context['uri_variables'][$parameterName] = $request->attributes->get($parameterName);
            }
        }

        if (($options = $operation?->getStateOptions()) && $options instanceof Options && $options->getEntityClass()) {
            $context['force_resource_class'] = $operation->getClass();
        }

        if ($this->debug && isset($context['groups']) && $operation instanceof ErrorOperation) {
            if (!\is_array($context['groups'])) {
                $context['groups'] = (array) $context['groups'];
            }

            $context['groups'][] = 'trace';
        }

        if (!$normalization) {
            if (!isset($context['api_allow_update'])) {
                $context['api_allow_update'] = \in_array($method = $request->getMethod(), ['PUT', 'PATCH'], true);

                if ($context['api_allow_update'] && 'PATCH' === $method) {
                    $context['deep_object_to_populate'] ??= true;
                }
            }

            if ('csv' === (method_exists(Request::class, 'getContentTypeFormat') ? $request->getContentTypeFormat() : $request->getContentType())) {
                $context[CsvEncoder::AS_COLLECTION_KEY] = false;
            }
        }
        if ($operation->getCollectDenormalizationErrors() ?? false) {
            $context[DenormalizerInterface::COLLECT_DENORMALIZATION_ERRORS] = true;
        }

        // to keep the cache computation smaller, we have "operation_name" and "iri" anyways
        $context[AbstractObjectNormalizer::EXCLUDE_FROM_CACHE_KEY][] = 'root_operation';
        $context[AbstractObjectNormalizer::EXCLUDE_FROM_CACHE_KEY][] = 'operation';

        // JSON API see JsonApiProvider
        if ($included = $request->attributes->get('_api_included')) {
            $context['api_included'] = $included;
        }

        return $context;
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Serializer;
15
16	use ApiPlatform\Doctrine\Orm\State\Options;
17	use ApiPlatform\Metadata\CollectionOperationInterface;
18	use ApiPlatform\Metadata\Error as ErrorOperation;
19	use ApiPlatform\Metadata\Exception\RuntimeException;
20	use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
21	use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
22	use Symfony\Component\HttpFoundation\Request;
23	use Symfony\Component\Serializer\Encoder\CsvEncoder;
24	use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
25	use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
26
27	/**
28	* {@inheritdoc}
29	*
30	* @author Kévin Dunglas <dunglas@gmail.com>
31	*/
32	final class SerializerContextBuilder implements SerializerContextBuilderInterface
33	{
34	public function __construct(private readonly ?ResourceMetadataCollectionFactoryInterface $resourceMetadataFactory = null, private readonly bool $debug = false)
35	{
36	}	78✔
37
38	/**
39	* {@inheritdoc}
40	*/
41	public function createFromRequest(Request $request, bool $normalization, array $attributes = null): array
42	{
43	if (null === $attributes && !$attributes = RequestAttributesExtractor::extractAttributes($request)) {	78✔
44	throw new RuntimeException('Request attributes are not valid.');	×
45	}
46
47	if (!($operation = $attributes['operation'] ?? null)) {	78✔
48	if (!$this->resourceMetadataFactory) {	×
49	throw new RuntimeException('No operation');	×
50	}
51
52	$operation = $this->resourceMetadataFactory->create($attributes['resource_class'])->getOperation($attributes['operation_name'] ?? null);	×
53	}
54
55	$context = $normalization ? ($operation->getNormalizationContext() ?? []) : ($operation->getDenormalizationContext() ?? []);	78✔
56	$context['operation_name'] = $operation->getName();	78✔
57	$context['operation'] = $operation;	78✔
58	$context['resource_class'] = $attributes['resource_class'];	78✔
59	$context['skip_null_values'] ??= true;	78✔
60	$context['iri_only'] ??= false;	78✔
61	$context['request_uri'] = $request->getRequestUri();	78✔
62	$context['uri'] = $request->getUri();	78✔
63	$context['input'] = $operation->getInput();	78✔
64	$context['output'] = $operation->getOutput();	78✔
65	$context['skip_deprecated_exception_normalizers'] = true;	78✔
66
67	// Special case as this is usually handled by our OperationContextTrait, here we want to force the IRI in the response
68	if (!$operation instanceof CollectionOperationInterface && method_exists($operation, 'getItemUriTemplate') && $operation->getItemUriTemplate()) {	78✔
69	$context['item_uri_template'] = $operation->getItemUriTemplate();	×
70	}
71
72	if ($types = $operation->getTypes()) {	78✔
73	$context['types'] = $types;	×
74	}
75
76	// TODO: remove this as uri variables are available in the SerializerProcessor but correctly parsed
77	if ($operation->getUriVariables()) {	78✔
78	$context['uri_variables'] = [];	12✔
79
80	foreach (array_keys($operation->getUriVariables()) as $parameterName) {	12✔
81	$context['uri_variables'][$parameterName] = $request->attributes->get($parameterName);	12✔
82	}
83	}
84
85	if (($options = $operation?->getStateOptions()) && $options instanceof Options && $options->getEntityClass()) {	78✔
86	$context['force_resource_class'] = $operation->getClass();	×
87	}
88
89	if ($this->debug && isset($context['groups']) && $operation instanceof ErrorOperation) {	78✔
90	if (!\is_array($context['groups'])) {	×
91	$context['groups'] = (array) $context['groups'];	×
92	}
93
94	$context['groups'][] = 'trace';	×
95	}
96
97	if (!$normalization) {	78✔
98	if (!isset($context['api_allow_update'])) {	15✔
99	$context['api_allow_update'] = \in_array($method = $request->getMethod(), ['PUT', 'PATCH'], true);	15✔
100
101	if ($context['api_allow_update'] && 'PATCH' === $method) {	15✔
102	$context['deep_object_to_populate'] ??= true;	×
103	}
104	}
105
106	if ('csv' === (method_exists(Request::class, 'getContentTypeFormat') ? $request->getContentTypeFormat() : $request->getContentType())) {	15✔
107	$context[CsvEncoder::AS_COLLECTION_KEY] = false;	×
108	}
109	}
110	if ($operation->getCollectDenormalizationErrors() ?? false) {	78✔
111	$context[DenormalizerInterface::COLLECT_DENORMALIZATION_ERRORS] = true;	×
112	}
113
114	// to keep the cache computation smaller, we have "operation_name" and "iri" anyways
115	$context[AbstractObjectNormalizer::EXCLUDE_FROM_CACHE_KEY][] = 'root_operation';	78✔
116	$context[AbstractObjectNormalizer::EXCLUDE_FROM_CACHE_KEY][] = 'operation';	78✔
117
118	// JSON API see JsonApiProvider
119	if ($included = $request->attributes->get('_api_included')) {	78✔
120	$context['api_included'] = $included;	×
121	}
122
123	return $context;	78✔
124	}
125	}

api-platform / core / 6067528200

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous