6148660584

Committed 11 Sep 2023 03:40PM UTC coverage: 37.077% (-0.1%) from 37.185%

Build # 6148660584

Build Type

push

github

Committed by

soyuka

Commit Message

chore(symfony): security after validate when validator installed

Run Details

10090 of 27214 relevant lines covered (37.08%)

19.39 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

45.21

/src/JsonApi/Serializer/ItemNormalizer.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\JsonApi\Serializer;

use ApiPlatform\Api\IriConverterInterface;
use ApiPlatform\Api\ResourceClassResolverInterface;
use ApiPlatform\Api\UrlGeneratorInterface;
use ApiPlatform\Exception\ItemNotFoundException;
use ApiPlatform\Metadata\ApiProperty;
use ApiPlatform\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
use ApiPlatform\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
use ApiPlatform\Metadata\Util\ClassInfoTrait;
use ApiPlatform\Serializer\AbstractItemNormalizer;
use ApiPlatform\Serializer\CacheKeyTrait;
use ApiPlatform\Serializer\ContextTrait;
use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
use Symfony\Component\ErrorHandler\Exception\FlattenException;
use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
use Symfony\Component\Serializer\Exception\LogicException;
use Symfony\Component\Serializer\Exception\NotNormalizableValueException;
use Symfony\Component\Serializer\Exception\RuntimeException;
use Symfony\Component\Serializer\Exception\UnexpectedValueException;
use Symfony\Component\Serializer\Mapping\Factory\ClassMetadataFactoryInterface;
use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
use Symfony\Component\Serializer\Normalizer\NormalizerInterface;

/**
 * Converts between objects and array.
 *
 * @author Kévin Dunglas <dunglas@gmail.com>
 * @author Amrouche Hamza <hamza.simperfit@gmail.com>
 * @author Baptiste Meyer <baptiste.meyer@gmail.com>
 */
final class ItemNormalizer extends AbstractItemNormalizer
{
    use CacheKeyTrait;
    use ClassInfoTrait;
    use ContextTrait;

    public const FORMAT = 'jsonapi';

    private array $componentsCache = [];

    public function __construct(PropertyNameCollectionFactoryInterface $propertyNameCollectionFactory, PropertyMetadataFactoryInterface $propertyMetadataFactory, IriConverterInterface $iriConverter, ResourceClassResolverInterface $resourceClassResolver, PropertyAccessorInterface $propertyAccessor = null, NameConverterInterface $nameConverter = null, ClassMetadataFactoryInterface $classMetadataFactory = null, array $defaultContext = [], ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null, ResourceAccessCheckerInterface $resourceAccessChecker = null)
    {
        parent::__construct($propertyNameCollectionFactory, $propertyMetadataFactory, $iriConverter, $resourceClassResolver, $propertyAccessor, $nameConverter, $classMetadataFactory, $defaultContext, $resourceMetadataCollectionFactory, $resourceAccessChecker);
    }

    /**
     * {@inheritdoc}
     */
    public function supportsNormalization(mixed $data, string $format = null, array $context = []): bool
    {
        return self::FORMAT === $format && parent::supportsNormalization($data, $format, $context) && !($data instanceof \Exception || $data instanceof FlattenException);
    }

    public function getSupportedTypes($format): array
    {
        return self::FORMAT === $format ? parent::getSupportedTypes($format) : [];
    }

    /**
     * {@inheritdoc}
     */
    public function normalize(mixed $object, string $format = null, array $context = []): array|string|int|float|bool|\ArrayObject|null
    {
        $resourceClass = $this->getObjectClass($object);
        if ($this->getOutputClass($context)) {
            return parent::normalize($object, $format, $context);
        }

        if ($this->resourceClassResolver->isResourceClass($resourceClass)) {
            $resourceClass = $this->resourceClassResolver->getResourceClass($object, $context['resource_class'] ?? null);
        }

        if (($operation = $context['operation'] ?? null) && method_exists($operation, 'getItemUriTemplate')) {
            $context['item_uri_template'] = $operation->getItemUriTemplate();
        }

        $context = $this->initContext($resourceClass, $context);
        $iri = $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $context['operation'] ?? null, $context);
        $context['iri'] = $iri;
        $context['api_normalize'] = true;

        if (!isset($context['cache_key'])) {
            $context['cache_key'] = $this->getCacheKey($format, $context);
        }

        $data = parent::normalize($object, $format, $context);
        if (!\is_array($data)) {
            return $data;
        }

        // Get and populate relations
        ['relationships' => $allRelationshipsData, 'links' => $links] = $this->getComponents($object, $format, $context);
        $populatedRelationContext = $context;
        $relationshipsData = $this->getPopulatedRelations($object, $format, $populatedRelationContext, $allRelationshipsData);

        // Do not include primary resources
        $context['api_included_resources'] = [$context['iri']];

        $includedResourcesData = $this->getRelatedResources($object, $format, $context, $allRelationshipsData);

        $resourceData = [
            'id' => $context['iri'],
            'type' => $this->getResourceShortName($resourceClass),
        ];

        if ($data) {
            $resourceData['attributes'] = $data;
        }

        if ($relationshipsData) {
            $resourceData['relationships'] = $relationshipsData;
        }

        $document = [];

        if ($links) {
            $document['links'] = $links;
        }

        $document['data'] = $resourceData;

        if ($includedResourcesData) {
            $document['included'] = $includedResourcesData;
        }

        return $document;
    }

    /**
     * {@inheritdoc}
     */
    public function supportsDenormalization(mixed $data, string $type, string $format = null, array $context = []): bool
    {
        return self::FORMAT === $format && parent::supportsDenormalization($data, $type, $format, $context);
    }

    /**
     * {@inheritdoc}
     *
     * @throws NotNormalizableValueException
     */
    public function denormalize(mixed $data, string $class, string $format = null, array $context = []): mixed
    {
        // Avoid issues with proxies if we populated the object
        if (!isset($context[self::OBJECT_TO_POPULATE]) && isset($data['data']['id'])) {
            if (true !== ($context['api_allow_update'] ?? true)) {
                throw new NotNormalizableValueException('Update is not allowed for this operation.');
            }

            $context[self::OBJECT_TO_POPULATE] = $this->iriConverter->getResourceFromIri(
                $data['data']['id'],
                $context + ['fetch_data' => false]
            );
        }

        // Merge attributes and relationships, into format expected by the parent normalizer
        $dataToDenormalize = array_merge(
            $data['data']['attributes'] ?? [],
            $data['data']['relationships'] ?? []
        );

        return parent::denormalize(
            $dataToDenormalize,
            $class,
            $format,
            $context
        );
    }

    /**
     * {@inheritdoc}
     */
    protected function getAttributes(object $object, string $format = null, array $context = []): array
    {
        return $this->getComponents($object, $format, $context)['attributes'];
    }

    /**
     * {@inheritdoc}
     */
    protected function setAttributeValue(object $object, string $attribute, mixed $value, string $format = null, array $context = []): void
    {
        parent::setAttributeValue($object, $attribute, \is_array($value) && \array_key_exists('data', $value) ? $value['data'] : $value, $format, $context);
    }

    /**
     * {@inheritdoc}
     *
     * @see http://jsonapi.org/format/#document-resource-object-linkage
     *
     * @throws RuntimeException
     * @throws UnexpectedValueException
     */
    protected function denormalizeRelation(string $attributeName, ApiProperty $propertyMetadata, string $className, mixed $value, ?string $format, array $context): object
    {
        if (!\is_array($value) || !isset($value['id'], $value['type'])) {
            throw new UnexpectedValueException('Only resource linkage supported currently, see: http://jsonapi.org/format/#document-resource-object-linkage.');
        }

        try {
            return $this->iriConverter->getResourceFromIri($value['id'], $context + ['fetch_data' => true]);
        } catch (ItemNotFoundException $e) {
            throw new RuntimeException($e->getMessage(), $e->getCode(), $e);
        }
    }

    /**
     * {@inheritdoc}
     *
     * @see http://jsonapi.org/format/#document-resource-object-linkage
     */
    protected function normalizeRelation(ApiProperty $propertyMetadata, ?object $relatedObject, string $resourceClass, ?string $format, array $context): \ArrayObject|array|string|null
    {
        if (null !== $relatedObject) {
            $iri = $this->iriConverter->getIriFromResource($relatedObject);
            $context['iri'] = $iri;

            if (isset($context['resources'])) {
                $context['resources'][$iri] = $iri;
            }
        }

        if (null === $relatedObject || isset($context['api_included'])) {
            if (!$this->serializer instanceof NormalizerInterface) {
                throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class));
            }

            $normalizedRelatedObject = $this->serializer->normalize($relatedObject, $format, $context);
            if (!\is_string($normalizedRelatedObject) && !\is_array($normalizedRelatedObject) && !$normalizedRelatedObject instanceof \ArrayObject && null !== $normalizedRelatedObject) {
                throw new UnexpectedValueException('Expected normalized relation to be an IRI, array, \ArrayObject or null');
            }

            return $normalizedRelatedObject;
        }

        return [
            'data' => [
                'type' => $this->getResourceShortName($resourceClass),
                'id' => $iri,
            ],
        ];
    }

    /**
     * {@inheritdoc}
     */
    protected function isAllowedAttribute(object|string $classOrObject, string $attribute, string $format = null, array $context = []): bool
    {
        return preg_match('/^\\w[-\\w_]*$/', $attribute) && parent::isAllowedAttribute($classOrObject, $attribute, $format, $context);
    }

    /**
     * Gets JSON API components of the resource: attributes, relationships, meta and links.
     */
    private function getComponents(object $object, ?string $format, array $context): array
    {
        $cacheKey = $this->getObjectClass($object).'-'.$context['cache_key'];

        if (isset($this->componentsCache[$cacheKey])) {
            return $this->componentsCache[$cacheKey];
        }

        $attributes = parent::getAttributes($object, $format, $context);

        $options = $this->getFactoryOptions($context);

        $components = [
            'links' => [],
            'relationships' => [],
            'attributes' => [],
            'meta' => [],
        ];

        foreach ($attributes as $attribute) {
            $propertyMetadata = $this
                ->propertyMetadataFactory
                ->create($context['resource_class'], $attribute, $options);

            $types = $propertyMetadata->getBuiltinTypes() ?? [];

            // prevent declaring $attribute as attribute if it's already declared as relationship
            $isRelationship = false;

            foreach ($types as $type) {
                $isOne = $isMany = false;

                if ($type->isCollection()) {
                    $collectionValueType = $type->getCollectionValueTypes()[0] ?? null;
                    $isMany = $collectionValueType && ($className = $collectionValueType->getClassName()) && $this->resourceClassResolver->isResourceClass($className);
                } else {
                    $isOne = ($className = $type->getClassName()) && $this->resourceClassResolver->isResourceClass($className);
                }

                if (!isset($className) || !$isOne && !$isMany) {
                    // don't declare it as an attribute too quick: maybe the next type is a valid resource
                    continue;
                }

                $relation = [
                    'name' => $attribute,
                    'type' => $this->getResourceShortName($className),
                    'cardinality' => $isOne ? 'one' : 'many',
                ];

                // if we specify the uriTemplate, generates its value for link definition
                // @see ApiPlatform\Serializer\AbstractItemNormalizer:getAttributeValue logic for intentional duplicate content
                if ($itemUriTemplate = $propertyMetadata->getUriTemplate()) {
                    $attributeValue = $this->propertyAccessor->getValue($object, $attribute);
                    $resourceClass = $this->resourceClassResolver->getResourceClass($attributeValue, $className);
                    $childContext = $this->createChildContext($context, $attribute, $format);
                    unset($childContext['iri'], $childContext['uri_variables'], $childContext['resource_class'], $childContext['operation']);

                    $operation = $this->resourceMetadataCollectionFactory->create($resourceClass)->getOperation(
                        operationName: $itemUriTemplate,
                        httpOperation: true
                    );

                    $components['links'][$attribute] = $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $operation, $childContext);
                }

                $components['relationships'][] = $relation;
                $isRelationship = true;
            }

            // if all types are not relationships, declare it as an attribute
            if (!$isRelationship) {
                $components['attributes'][] = $attribute;
            }
        }

        if (false !== $context['cache_key']) {
            $this->componentsCache[$cacheKey] = $components;
        }

        return $components;
    }

    /**
     * Populates relationships keys.
     *
     * @throws UnexpectedValueException
     */
    private function getPopulatedRelations(object $object, ?string $format, array $context, array $relationships): array
    {
        $data = [];

        if (!isset($context['resource_class'])) {
            return $data;
        }

        unset($context['api_included']);
        foreach ($relationships as $relationshipDataArray) {
            $relationshipName = $relationshipDataArray['name'];

            $attributeValue = $this->getAttributeValue($object, $relationshipName, $format, $context);

            if ($this->nameConverter) {
                $relationshipName = $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context);
            }

            if (!$attributeValue) {
                continue;
            }

            $data[$relationshipName] = [
                'data' => [],
            ];

            // Many to one relationship
            if ('one' === $relationshipDataArray['cardinality']) {
                unset($attributeValue['data']['attributes']);
                $data[$relationshipName] = $attributeValue;

                continue;
            }

            // Many to many relationship
            foreach ($attributeValue as $attributeValueElement) {
                if (!isset($attributeValueElement['data'])) {
                    throw new UnexpectedValueException(sprintf('The JSON API attribute \'%s\' must contain a "data" key.', $relationshipName));
                }
                unset($attributeValueElement['data']['attributes']);
                $data[$relationshipName]['data'][] = $attributeValueElement['data'];
            }
        }

        return $data;
    }

    /**
     * Populates included keys.
     */
    private function getRelatedResources(object $object, ?string $format, array $context, array $relationships): array
    {
        if (!isset($context['api_included'])) {
            return [];
        }

        $included = [];
        foreach ($relationships as $relationshipDataArray) {
            $relationshipName = $relationshipDataArray['name'];

            if (!$this->shouldIncludeRelation($relationshipName, $context)) {
                continue;
            }

            $relationContext = $context;
            $relationContext['api_included'] = $this->getIncludedNestedResources($relationshipName, $context);

            $attributeValue = $this->getAttributeValue($object, $relationshipName, $format, $relationContext);

            if (!$attributeValue) {
                continue;
            }

            // Many to many relationship
            $attributeValues = $attributeValue;
            // Many to one relationship
            if ('one' === $relationshipDataArray['cardinality']) {
                $attributeValues = [$attributeValue];
            }

            foreach ($attributeValues as $attributeValueElement) {
                if (isset($attributeValueElement['data'])) {
                    $this->addIncluded($attributeValueElement['data'], $included, $context);
                    if (isset($attributeValueElement['included']) && \is_array($attributeValueElement['included'])) {
                        foreach ($attributeValueElement['included'] as $include) {
                            $this->addIncluded($include, $included, $context);
                        }
                    }
                }
            }
        }

        return $included;
    }

    /**
     * Add data to included array if it's not already included.
     */
    private function addIncluded(array $data, array &$included, array &$context): void
    {
        if (isset($data['id']) && !\in_array($data['id'], $context['api_included_resources'], true)) {
            $included[] = $data;
            // Track already included resources
            $context['api_included_resources'][] = $data['id'];
        }
    }

    /**
     * Figures out if the relationship is in the api_included hash or has included nested resources (path).
     */
    private function shouldIncludeRelation(string $relationshipName, array $context): bool
    {
        $normalizedName = $this->nameConverter ? $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context) : $relationshipName;

        return \in_array($normalizedName, $context['api_included'], true) || \count($this->getIncludedNestedResources($relationshipName, $context)) > 0;
    }

    /**
     * Returns the names of the nested resources from a path relationship.
     */
    private function getIncludedNestedResources(string $relationshipName, array $context): array
    {
        $normalizedName = $this->nameConverter ? $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context) : $relationshipName;

        $filtered = array_filter($context['api_included'] ?? [], static fn (string $included): bool => str_starts_with($included, $normalizedName.'.'));

        return array_map(static fn (string $nested): string => substr($nested, strpos($nested, '.') + 1), $filtered);
    }

    // TODO: this code is similar to the one used in JsonLd
    private function getResourceShortName(string $resourceClass): string
    {
        if ($this->resourceClassResolver->isResourceClass($resourceClass)) {
            $resourceMetadata = $this->resourceMetadataCollectionFactory->create($resourceClass);

            return $resourceMetadata->getOperation()->getShortName();
        }

        return (new \ReflectionClass($resourceClass))->getShortName();
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\JsonApi\Serializer;
15
16	use ApiPlatform\Api\IriConverterInterface;
17	use ApiPlatform\Api\ResourceClassResolverInterface;
18	use ApiPlatform\Api\UrlGeneratorInterface;
19	use ApiPlatform\Exception\ItemNotFoundException;
20	use ApiPlatform\Metadata\ApiProperty;
21	use ApiPlatform\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
22	use ApiPlatform\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
23	use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
24	use ApiPlatform\Metadata\Util\ClassInfoTrait;
25	use ApiPlatform\Serializer\AbstractItemNormalizer;
26	use ApiPlatform\Serializer\CacheKeyTrait;
27	use ApiPlatform\Serializer\ContextTrait;
28	use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
29	use Symfony\Component\ErrorHandler\Exception\FlattenException;
30	use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
31	use Symfony\Component\Serializer\Exception\LogicException;
32	use Symfony\Component\Serializer\Exception\NotNormalizableValueException;
33	use Symfony\Component\Serializer\Exception\RuntimeException;
34	use Symfony\Component\Serializer\Exception\UnexpectedValueException;
35	use Symfony\Component\Serializer\Mapping\Factory\ClassMetadataFactoryInterface;
36	use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
37	use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
38
39	/**
40	* Converts between objects and array.
41	*
42	* @author Kévin Dunglas <dunglas@gmail.com>
43	* @author Amrouche Hamza <hamza.simperfit@gmail.com>
44	* @author Baptiste Meyer <baptiste.meyer@gmail.com>
45	*/
46	final class ItemNormalizer extends AbstractItemNormalizer
47	{
48	use CacheKeyTrait;
49	use ClassInfoTrait;
50	use ContextTrait;
51
52	public const FORMAT = 'jsonapi';
53
54	private array $componentsCache = [];
55
56	public function __construct(PropertyNameCollectionFactoryInterface $propertyNameCollectionFactory, PropertyMetadataFactoryInterface $propertyMetadataFactory, IriConverterInterface $iriConverter, ResourceClassResolverInterface $resourceClassResolver, PropertyAccessorInterface $propertyAccessor = null, NameConverterInterface $nameConverter = null, ClassMetadataFactoryInterface $classMetadataFactory = null, array $defaultContext = [], ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null, ResourceAccessCheckerInterface $resourceAccessChecker = null)
57	{
58	parent::__construct($propertyNameCollectionFactory, $propertyMetadataFactory, $iriConverter, $resourceClassResolver, $propertyAccessor, $nameConverter, $classMetadataFactory, $defaultContext, $resourceMetadataCollectionFactory, $resourceAccessChecker);	105✔
59	}
60
61	/**
62	* {@inheritdoc}
63	*/
64	public function supportsNormalization(mixed $data, string $format = null, array $context = []): bool
65	{
66	return self::FORMAT === $format && parent::supportsNormalization($data, $format, $context) && !($data instanceof \Exception \|\| $data instanceof FlattenException);	×
67	}
68
69	public function getSupportedTypes($format): array
70	{
71	return self::FORMAT === $format ? parent::getSupportedTypes($format) : [];	51✔
72	}
73
74	/**
75	* {@inheritdoc}
76	*/
77	public function normalize(mixed $object, string $format = null, array $context = []): array\|string\|int\|float\|bool\|\ArrayObject\|null
78	{
79	$resourceClass = $this->getObjectClass($object);	9✔
80	if ($this->getOutputClass($context)) {	9✔
81	return parent::normalize($object, $format, $context);	×
82	}
83
84	if ($this->resourceClassResolver->isResourceClass($resourceClass)) {	9✔
85	$resourceClass = $this->resourceClassResolver->getResourceClass($object, $context['resource_class'] ?? null);	9✔
86	}
87
88	if (($operation = $context['operation'] ?? null) && method_exists($operation, 'getItemUriTemplate')) {	9✔
89	$context['item_uri_template'] = $operation->getItemUriTemplate();	×
90	}
91
92	$context = $this->initContext($resourceClass, $context);	9✔
93	$iri = $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $context['operation'] ?? null, $context);	9✔
94	$context['iri'] = $iri;	9✔
95	$context['api_normalize'] = true;	9✔
96
97	if (!isset($context['cache_key'])) {	9✔
98	$context['cache_key'] = $this->getCacheKey($format, $context);	9✔
99	}
100
101	$data = parent::normalize($object, $format, $context);	9✔
102	if (!\is_array($data)) {	6✔
103	return $data;	3✔
104	}
105
106	// Get and populate relations
107	['relationships' => $allRelationshipsData, 'links' => $links] = $this->getComponents($object, $format, $context);	3✔
108	$populatedRelationContext = $context;	3✔
109	$relationshipsData = $this->getPopulatedRelations($object, $format, $populatedRelationContext, $allRelationshipsData);	3✔
110
111	// Do not include primary resources
112	$context['api_included_resources'] = [$context['iri']];	3✔
113
114	$includedResourcesData = $this->getRelatedResources($object, $format, $context, $allRelationshipsData);	3✔
115
116	$resourceData = [	3✔
117	'id' => $context['iri'],	3✔
118	'type' => $this->getResourceShortName($resourceClass),	3✔
119	];	3✔
120
121	if ($data) {	3✔
122	$resourceData['attributes'] = $data;	3✔
123	}
124
125	if ($relationshipsData) {	3✔
126	$resourceData['relationships'] = $relationshipsData;	×
127	}
128
129	$document = [];	3✔
130
131	if ($links) {	3✔
132	$document['links'] = $links;	×
133	}
134
135	$document['data'] = $resourceData;	3✔
136
137	if ($includedResourcesData) {	3✔
138	$document['included'] = $includedResourcesData;	×
139	}
140
141	return $document;	3✔
142	}
143
144	/**
145	* {@inheritdoc}
146	*/
147	public function supportsDenormalization(mixed $data, string $type, string $format = null, array $context = []): bool
148	{
149	return self::FORMAT === $format && parent::supportsDenormalization($data, $type, $format, $context);	×
150	}
151
152	/**
153	* {@inheritdoc}
154	*
155	* @throws NotNormalizableValueException
156	*/
157	public function denormalize(mixed $data, string $class, string $format = null, array $context = []): mixed
158	{
159	// Avoid issues with proxies if we populated the object
160	if (!isset($context[self::OBJECT_TO_POPULATE]) && isset($data['data']['id'])) {	15✔
161	if (true !== ($context['api_allow_update'] ?? true)) {	3✔
162	throw new NotNormalizableValueException('Update is not allowed for this operation.');	3✔
163	}
164
165	$context[self::OBJECT_TO_POPULATE] = $this->iriConverter->getResourceFromIri(	×
166	$data['data']['id'],	×
167	$context + ['fetch_data' => false]	×
168	);	×
169	}
170
171	// Merge attributes and relationships, into format expected by the parent normalizer
172	$dataToDenormalize = array_merge(	12✔
173	$data['data']['attributes'] ?? [],	12✔
174	$data['data']['relationships'] ?? []	12✔
175	);	12✔
176
177	return parent::denormalize(	12✔
178	$dataToDenormalize,	12✔
179	$class,	12✔
180	$format,	12✔
181	$context	12✔
182	);	12✔
183	}
184
185	/**
186	* {@inheritdoc}
187	*/
188	protected function getAttributes(object $object, string $format = null, array $context = []): array
189	{
190	return $this->getComponents($object, $format, $context)['attributes'];	6✔
191	}
192
193	/**
194	* {@inheritdoc}
195	*/
196	protected function setAttributeValue(object $object, string $attribute, mixed $value, string $format = null, array $context = []): void
197	{
198	parent::setAttributeValue($object, $attribute, \is_array($value) && \array_key_exists('data', $value) ? $value['data'] : $value, $format, $context);	12✔
199	}
200
201	/**
202	* {@inheritdoc}
203	*
204	* @see http://jsonapi.org/format/#document-resource-object-linkage
205	*
206	* @throws RuntimeException
207	* @throws UnexpectedValueException
208	*/
209	protected function denormalizeRelation(string $attributeName, ApiProperty $propertyMetadata, string $className, mixed $value, ?string $format, array $context): object
210	{
211	if (!\is_array($value) \|\| !isset($value['id'], $value['type'])) {	6✔
212	throw new UnexpectedValueException('Only resource linkage supported currently, see: http://jsonapi.org/format/#document-resource-object-linkage.');	3✔
213	}
214
215	try {
216	return $this->iriConverter->getResourceFromIri($value['id'], $context + ['fetch_data' => true]);	3✔
217	} catch (ItemNotFoundException $e) {	×
218	throw new RuntimeException($e->getMessage(), $e->getCode(), $e);	×
219	}
220	}
221
222	/**
223	* {@inheritdoc}
224	*
225	* @see http://jsonapi.org/format/#document-resource-object-linkage
226	*/
227	protected function normalizeRelation(ApiProperty $propertyMetadata, ?object $relatedObject, string $resourceClass, ?string $format, array $context): \ArrayObject\|array\|string\|null
228	{
229	if (null !== $relatedObject) {	×
230	$iri = $this->iriConverter->getIriFromResource($relatedObject);	×
231	$context['iri'] = $iri;	×
232
233	if (isset($context['resources'])) {	×
234	$context['resources'][$iri] = $iri;	×
235	}
236	}
237
238	if (null === $relatedObject \|\| isset($context['api_included'])) {	×
239	if (!$this->serializer instanceof NormalizerInterface) {	×
240	throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class));	×
241	}
242
243	$normalizedRelatedObject = $this->serializer->normalize($relatedObject, $format, $context);	×
244	if (!\is_string($normalizedRelatedObject) && !\is_array($normalizedRelatedObject) && !$normalizedRelatedObject instanceof \ArrayObject && null !== $normalizedRelatedObject) {	×
245	throw new UnexpectedValueException('Expected normalized relation to be an IRI, array, \ArrayObject or null');	×
246	}
247
248	return $normalizedRelatedObject;	×
249	}
250
251	return [	×
252	'data' => [	×
253	'type' => $this->getResourceShortName($resourceClass),	×
254	'id' => $iri,	×
255	],	×
256	];	×
257	}
258
259	/**
260	* {@inheritdoc}
261	*/
262	protected function isAllowedAttribute(object\|string $classOrObject, string $attribute, string $format = null, array $context = []): bool
263	{
264	return preg_match('/^\\w[-\\w_]*$/', $attribute) && parent::isAllowedAttribute($classOrObject, $attribute, $format, $context);	18✔
265	}
266
267	/**
268	* Gets JSON API components of the resource: attributes, relationships, meta and links.
269	*/
270	private function getComponents(object $object, ?string $format, array $context): array
271	{
272	$cacheKey = $this->getObjectClass($object).'-'.$context['cache_key'];	6✔
273
274	if (isset($this->componentsCache[$cacheKey])) {	6✔
275	return $this->componentsCache[$cacheKey];	3✔
276	}
277
278	$attributes = parent::getAttributes($object, $format, $context);	6✔
279
280	$options = $this->getFactoryOptions($context);	6✔
281
282	$components = [	6✔
283	'links' => [],	6✔
284	'relationships' => [],	6✔
285	'attributes' => [],	6✔
286	'meta' => [],	6✔
287	];	6✔
288
289	foreach ($attributes as $attribute) {	6✔
290	$propertyMetadata = $this	6✔
291	->propertyMetadataFactory	6✔
292	->create($context['resource_class'], $attribute, $options);	6✔
293
294	$types = $propertyMetadata->getBuiltinTypes() ?? [];	6✔
295
296	// prevent declaring $attribute as attribute if it's already declared as relationship
297	$isRelationship = false;	6✔
298
299	foreach ($types as $type) {	6✔
300	$isOne = $isMany = false;	×
301
302	if ($type->isCollection()) {	×
303	$collectionValueType = $type->getCollectionValueTypes()[0] ?? null;	×
304	$isMany = $collectionValueType && ($className = $collectionValueType->getClassName()) && $this->resourceClassResolver->isResourceClass($className);	×
305	} else {
306	$isOne = ($className = $type->getClassName()) && $this->resourceClassResolver->isResourceClass($className);	×
307	}
308
309	if (!isset($className) \|\| !$isOne && !$isMany) {	×
310	// don't declare it as an attribute too quick: maybe the next type is a valid resource
311	continue;	×
312	}
313
314	$relation = [	×
315	'name' => $attribute,	×
316	'type' => $this->getResourceShortName($className),	×
317	'cardinality' => $isOne ? 'one' : 'many',	×
318	];	×
319
320	// if we specify the uriTemplate, generates its value for link definition
321	// @see ApiPlatform\Serializer\AbstractItemNormalizer:getAttributeValue logic for intentional duplicate content
322	if ($itemUriTemplate = $propertyMetadata->getUriTemplate()) {	×
323	$attributeValue = $this->propertyAccessor->getValue($object, $attribute);	×
324	$resourceClass = $this->resourceClassResolver->getResourceClass($attributeValue, $className);	×
325	$childContext = $this->createChildContext($context, $attribute, $format);	×
326	unset($childContext['iri'], $childContext['uri_variables'], $childContext['resource_class'], $childContext['operation']);	×
327
328	$operation = $this->resourceMetadataCollectionFactory->create($resourceClass)->getOperation(	×
329	operationName: $itemUriTemplate,	×
330	httpOperation: true	×
331	);	×
332
333	$components['links'][$attribute] = $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_PATH, $operation, $childContext);	×
334	}
335
336	$components['relationships'][] = $relation;	×
337	$isRelationship = true;	×
338	}
339
340	// if all types are not relationships, declare it as an attribute
341	if (!$isRelationship) {	6✔
342	$components['attributes'][] = $attribute;	6✔
343	}
344	}
345
346	if (false !== $context['cache_key']) {	6✔
347	$this->componentsCache[$cacheKey] = $components;	6✔
348	}
349
350	return $components;	6✔
351	}
352
353	/**
354	* Populates relationships keys.
355	*
356	* @throws UnexpectedValueException
357	*/
358	private function getPopulatedRelations(object $object, ?string $format, array $context, array $relationships): array
359	{
360	$data = [];	3✔
361
362	if (!isset($context['resource_class'])) {	3✔
363	return $data;	×
364	}
365
366	unset($context['api_included']);	3✔
367	foreach ($relationships as $relationshipDataArray) {	3✔
368	$relationshipName = $relationshipDataArray['name'];	×
369
370	$attributeValue = $this->getAttributeValue($object, $relationshipName, $format, $context);	×
371
372	if ($this->nameConverter) {	×
373	$relationshipName = $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context);	×
374	}
375
376	if (!$attributeValue) {	×
377	continue;	×
378	}
379
380	$data[$relationshipName] = [	×
381	'data' => [],	×
382	];	×
383
384	// Many to one relationship
385	if ('one' === $relationshipDataArray['cardinality']) {	×
386	unset($attributeValue['data']['attributes']);	×
387	$data[$relationshipName] = $attributeValue;	×
388
389	continue;	×
390	}
391
392	// Many to many relationship
393	foreach ($attributeValue as $attributeValueElement) {	×
394	if (!isset($attributeValueElement['data'])) {	×
395	throw new UnexpectedValueException(sprintf('The JSON API attribute \'%s\' must contain a "data" key.', $relationshipName));	×
396	}
397	unset($attributeValueElement['data']['attributes']);	×
398	$data[$relationshipName]['data'][] = $attributeValueElement['data'];	×
399	}
400	}
401
402	return $data;	3✔
403	}
404
405	/**
406	* Populates included keys.
407	*/
408	private function getRelatedResources(object $object, ?string $format, array $context, array $relationships): array
409	{
410	if (!isset($context['api_included'])) {	3✔
411	return [];	3✔
412	}
413
414	$included = [];	×
415	foreach ($relationships as $relationshipDataArray) {	×
416	$relationshipName = $relationshipDataArray['name'];	×
417
418	if (!$this->shouldIncludeRelation($relationshipName, $context)) {	×
419	continue;	×
420	}
421
422	$relationContext = $context;	×
423	$relationContext['api_included'] = $this->getIncludedNestedResources($relationshipName, $context);	×
424
425	$attributeValue = $this->getAttributeValue($object, $relationshipName, $format, $relationContext);	×
426
427	if (!$attributeValue) {	×
428	continue;	×
429	}
430
431	// Many to many relationship
432	$attributeValues = $attributeValue;	×
433	// Many to one relationship
434	if ('one' === $relationshipDataArray['cardinality']) {	×
435	$attributeValues = [$attributeValue];	×
436	}
437
438	foreach ($attributeValues as $attributeValueElement) {	×
439	if (isset($attributeValueElement['data'])) {	×
440	$this->addIncluded($attributeValueElement['data'], $included, $context);	×
441	if (isset($attributeValueElement['included']) && \is_array($attributeValueElement['included'])) {	×
442	foreach ($attributeValueElement['included'] as $include) {	×
443	$this->addIncluded($include, $included, $context);	×
444	}
445	}
446	}
447	}
448	}
449
450	return $included;	×
451	}
452
453	/**
454	* Add data to included array if it's not already included.
455	*/
456	private function addIncluded(array $data, array &$included, array &$context): void
457	{
458	if (isset($data['id']) && !\in_array($data['id'], $context['api_included_resources'], true)) {	×
459	$included[] = $data;	×
460	// Track already included resources
461	$context['api_included_resources'][] = $data['id'];	×
462	}
463	}
464
465	/**
466	* Figures out if the relationship is in the api_included hash or has included nested resources (path).
467	*/
468	private function shouldIncludeRelation(string $relationshipName, array $context): bool
469	{
470	$normalizedName = $this->nameConverter ? $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context) : $relationshipName;	×
471
472	return \in_array($normalizedName, $context['api_included'], true) \|\| \count($this->getIncludedNestedResources($relationshipName, $context)) > 0;	×
473	}
474
475	/**
476	* Returns the names of the nested resources from a path relationship.
477	*/
478	private function getIncludedNestedResources(string $relationshipName, array $context): array
479	{
480	$normalizedName = $this->nameConverter ? $this->nameConverter->normalize($relationshipName, $context['resource_class'], self::FORMAT, $context) : $relationshipName;	×
481
482	$filtered = array_filter($context['api_included'] ?? [], static fn (string $included): bool => str_starts_with($included, $normalizedName.'.'));	×
483
484	return array_map(static fn (string $nested): string => substr($nested, strpos($nested, '.') + 1), $filtered);	×
485	}
486
487	// TODO: this code is similar to the one used in JsonLd
488	private function getResourceShortName(string $resourceClass): string
489	{
490	if ($this->resourceClassResolver->isResourceClass($resourceClass)) {	3✔
491	$resourceMetadata = $this->resourceMetadataCollectionFactory->create($resourceClass);	3✔
492
493	return $resourceMetadata->getOperation()->getShortName();	3✔
494	}
495
496	return (new \ReflectionClass($resourceClass))->getShortName();	×
497	}
498	}

api-platform / core / 6148660584

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous