14635100171

Committed 24 Apr 2025 06:39AM UTC coverage: 8.271% (+0.02%) from 8.252%

Build # 14635100171

Build Type

Pull #6904

github

Committed by

web-flow

Commit Message

Merge c9cefd82e into a3e5e53ea

Pull Request Pull Request #6904: feat(graphql): added support for graphql subscriptions to work for actions

Run Details

0 of 73 new or added lines in 3 files covered. (0.0%)

1999 existing lines in 144 files now uncovered.

13129 of 158728 relevant lines covered (8.27%)

13.6 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.62

/src/Serializer/Filter/PropertyFilter.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Serializer\Filter;

use ApiPlatform\Metadata\JsonSchemaFilterInterface;
use ApiPlatform\Metadata\OpenApiParameterFilterInterface;
use ApiPlatform\Metadata\Parameter as MetadataParameter;
use ApiPlatform\Metadata\QueryParameter;
use ApiPlatform\OpenApi\Model\Parameter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;

/**
 * The property filter adds the possibility to select the properties to serialize (sparse fieldsets).
 *
 * Note: We strongly recommend using [Vulcain](https://vulcain.rocks/) instead of this filter. Vulcain is faster, allows a better hit rate, and is supported out of the box in the API Platform distribution.
 *
 * Syntax: `?properties[]=<property>&properties[<relation>][]=<property>`.
 *
 * You can add as many properties as you need.
 *
 * Three arguments are available to configure the filter:
 * - `parameterName` is the query parameter name (default: `properties`)
 * - `overrideDefaultProperties` allows to override the default serialization properties (default: `false`)
 * - `whitelist` properties whitelist to avoid uncontrolled data exposure (default: `null` to allow all properties)
 *
 * <div data-code-selector>
 *
 * ```php
 * <?php
 * // api/src/Entity/Book.php
 * use ApiPlatform\Metadata\ApiFilter;
 * use ApiPlatform\Metadata\ApiResource;
 * use ApiPlatform\Serializer\Filter\PropertyFilter;
 *
 * #[ApiResource]
 * #[ApiFilter(PropertyFilter::class, arguments: ['parameterName' => 'properties', 'overrideDefaultProperties' => false, 'whitelist' => ['allowed_property']])]
 * class Book
 * {
 *     // ...
 * }
 * ```
 *
 * ```yaml
 * # config/services.yaml
 * services:
 *     book.property_filter:
 *         parent: 'api_platform.serializer.property_filter'
 *         arguments: [ $parameterName: 'properties', $overrideDefaultGroups: false, $whitelist: ['allowed_property'] ]
 *         tags:  [ 'api_platform.filter' ]
 *         # The following are mandatory only if a _defaults section is defined with inverted values.
 *         # You may want to isolate filters in a dedicated file to avoid adding the following lines (by adding them in the defaults section)
 *         autowire: false
 *         autoconfigure: false
 *         public: false
 *
 * # api/config/api_platform/resources.yaml
 * resources:
 *     App\Entity\Book:
 *         - operations:
 *               ApiPlatform\Metadata\GetCollection:
 *                   filters: ['book.property_filter']
 * ```
 *
 * ```xml
 * <?xml version="1.0" encoding="UTF-8" ?>
 * <!-- api/config/services.xml -->
 * <?xml version="1.0" encoding="UTF-8" ?>
 * <container
 *         xmlns="http://symfony.com/schema/dic/services"
 *         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 *         xsi:schemaLocation="http://symfony.com/schema/dic/services
 *         https://symfony.com/schema/dic/services/services-1.0.xsd">
 *     <services>
 *         <service id="book.property_filter" parent="api_platform.serializer.property_filter">
 *             <argument key="parameterName">properties</argument>
 *             <argument key="overrideDefaultGroups">false</argument>
 *             <argument key="whitelist" type="collection">
 *                 <argument>allowed_property</argument>
 *             </argument>
 *             <tag name="api_platform.filter"/>
 *         </service>
 *     </services>
 * </container>
 * <!-- api/config/api_platform/resources.xml -->
 * <resources
 *         xmlns="https://api-platform.com/schema/metadata/resources-3.0"
 *         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 *         xsi:schemaLocation="https://api-platform.com/schema/metadata/resources-3.0
 *         https://api-platform.com/schema/metadata/resources-3.0.xsd">
 *     <resource class="App\Entity\Book">
 *         <operations>
 *             <operation class="ApiPlatform\Metadata\GetCollection">
 *                 <filters>
 *                     <filter>book.property_filter</filter>
 *                 </filters>
 *             </operation>
 *         </operations>
 *     </resource>
 * </resources>
 * ```
 *
 * </div>
 *
 * Given that the collection endpoint is `/books`, you can filter the serialization properties with the following query: `/books?properties[]=title&properties[]=author`. If you want to include some properties of the nested "author" document, use: `/books?properties[]=title&properties[author][]=name`.
 *
 * @author Baptiste Meyer <baptiste.meyer@gmail.com>
 */
final class PropertyFilter implements FilterInterface, OpenApiParameterFilterInterface, JsonSchemaFilterInterface
{
    private ?array $whitelist;

    public function __construct(private readonly string $parameterName = 'properties', private readonly bool $overrideDefaultProperties = false, ?array $whitelist = null, private readonly ?NameConverterInterface $nameConverter = null)
    {
        $this->whitelist = null === $whitelist ? null : $this->formatWhitelist($whitelist);
    }

    /**
     * {@inheritdoc}
     */
    public function apply(Request $request, bool $normalization, array $attributes, array &$context): void
    {
        // TODO: ideally we should return the new context, not mutate the context given in our arguments which is the serializer context
        // this would allow to use `Parameter::filterContext` properly, for now let's retrieve it like this:
        /** @var MetadataParameter|null */
        $parameter = $request->attributes->get('_api_parameter', null);
        $parameterName = $this->parameterName;
        $whitelist = $this->whitelist;
        $overrideDefaultProperties = $this->overrideDefaultProperties;

        if ($parameter) {
            $parameterName = $parameter->getKey();
            $whitelist = $parameter->getFilterContext()['whitelist'] ?? $this->whitelist;
            $overrideDefaultProperties = $parameter->getFilterContext()['override_default_properties'] ?? $this->overrideDefaultProperties;
        }

        if (null !== $propertyAttribute = $request->attributes->get('_api_filter_property')) {
            $properties = $propertyAttribute;
        } elseif (\array_key_exists($parameterName, $commonAttribute = $request->attributes->get('_api_filters', []))) {
            $properties = $commonAttribute[$parameterName];
        } else {
            $properties = $request->query->all()[$parameterName] ?? null;
        }

        if (!\is_array($properties)) {
            return;
        }

        // TODO: when refactoring this eventually, note that the ParameterResourceMetadataCollectionFactory already does that and caches this behavior in our Parameter metadata
        $properties = $this->denormalizeProperties($properties);

        if (null !== $whitelist) {
            $properties = $this->getProperties($properties, $whitelist);
        }

        if (!$overrideDefaultProperties && isset($context[AbstractNormalizer::ATTRIBUTES])) {
            $properties = array_merge_recursive((array) $context[AbstractNormalizer::ATTRIBUTES], $properties);
        }

        $context[AbstractNormalizer::ATTRIBUTES] = $properties;
    }

    /**
     * {@inheritdoc}
     */
    public function getDescription(string $resourceClass): array
    {
        $example = \sprintf(
            '%1$s[]={propertyName}&%1$s[]={anotherPropertyName}&%1$s[{nestedPropertyParent}][]={nestedProperty}',
            $this->parameterName
        );

        return [
            "$this->parameterName[]" => [
                'type' => 'string',
                'is_collection' => true,
                'required' => false,
                'description' => 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example,
                'openapi' => new Parameter(
                    in: 'query',
                    name: "$this->parameterName[]",
                    description: 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example,
                    schema: [
                        'type' => 'array',
                        'items' => [
                            'type' => 'string',
                        ],
                    ]
                ),
            ],
        ];
    }

    /**
     * Generate an array of whitelist properties to match the format that properties
     * will have in the request.
     *
     * @param array $whitelist the whitelist to format
     *
     * @return array An array containing the whitelist ready to match request parameters
     */
    private function formatWhitelist(array $whitelist): array
    {
        if (array_values($whitelist) === $whitelist) {
            return $whitelist;
        }
        foreach ($whitelist as $name => $value) {
            if (null === $value) {
                unset($whitelist[$name]);
                $whitelist[] = $name;
            }
        }

        return $whitelist;
    }

    private function getProperties(array $properties, ?array $whitelist = null): array
    {
        $whitelist ??= $this->whitelist;
        $result = [];

        foreach ($properties as $key => $value) {
            if (is_numeric($key)) {
                if (\in_array($propertyName = $this->denormalizePropertyName($value), $whitelist, true)) {
                    $result[] = $propertyName;
                }

                continue;
            }

            if (\is_array($value) && isset($whitelist[$key]) && $recursiveResult = $this->getProperties($value, $whitelist[$key])) {
                $result[$this->denormalizePropertyName($key)] = $recursiveResult;
            }
        }

        return $result;
    }

    private function denormalizeProperties(array $properties): array
    {
        if (null === $this->nameConverter || !$properties) {
            return $properties;
        }

        $result = [];
        foreach ($properties as $key => $value) {
            $result[$this->denormalizePropertyName((string) $key)] = \is_array($value) ? $this->denormalizeProperties($value) : $this->denormalizePropertyName($value);
        }

        return $result;
    }

    private function denormalizePropertyName($property): string
    {
        return null !== $this->nameConverter ? $this->nameConverter->denormalize($property) : $property;
    }

    public function getSchema(MetadataParameter $parameter): array
    {
        return [
            'type' => 'array',
            'items' => [
                'type' => 'string',
            ],
        ];
    }

    public function getOpenApiParameters(MetadataParameter $parameter): Parameter|array|null
    {
        $example = \sprintf(
            '%1$s[]={propertyName}&%1$s[]={anotherPropertyName}',
            $parameter->getKey()
        );

        return new Parameter(
            name: $parameter->getKey().'[]',
            in: $parameter instanceof QueryParameter ? 'query' : 'header',
            description: 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example
        );
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Serializer\Filter;
15
16	use ApiPlatform\Metadata\JsonSchemaFilterInterface;
17	use ApiPlatform\Metadata\OpenApiParameterFilterInterface;
18	use ApiPlatform\Metadata\Parameter as MetadataParameter;
19	use ApiPlatform\Metadata\QueryParameter;
20	use ApiPlatform\OpenApi\Model\Parameter;
21	use Symfony\Component\HttpFoundation\Request;
22	use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
23	use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
24
25	/**
26	* The property filter adds the possibility to select the properties to serialize (sparse fieldsets).
27	*
28	* Note: We strongly recommend using [Vulcain](https://vulcain.rocks/) instead of this filter. Vulcain is faster, allows a better hit rate, and is supported out of the box in the API Platform distribution.
29	*
30	* Syntax: `?properties[]=<property>&properties[<relation>][]=<property>`.
31	*
32	* You can add as many properties as you need.
33	*
34	* Three arguments are available to configure the filter:
35	* - `parameterName` is the query parameter name (default: `properties`)
36	* - `overrideDefaultProperties` allows to override the default serialization properties (default: `false`)
37	* - `whitelist` properties whitelist to avoid uncontrolled data exposure (default: `null` to allow all properties)
38	*
39	* <div data-code-selector>
40	*
41	* ```php
42	* <?php
43	* // api/src/Entity/Book.php
44	* use ApiPlatform\Metadata\ApiFilter;
45	* use ApiPlatform\Metadata\ApiResource;
46	* use ApiPlatform\Serializer\Filter\PropertyFilter;
47	*
48	* #[ApiResource]
49	* #[ApiFilter(PropertyFilter::class, arguments: ['parameterName' => 'properties', 'overrideDefaultProperties' => false, 'whitelist' => ['allowed_property']])]
50	* class Book
51	* {
52	* // ...
53	* }
54	* ```
55	*
56	* ```yaml
57	* # config/services.yaml
58	* services:
59	* book.property_filter:
60	* parent: 'api_platform.serializer.property_filter'
61	* arguments: [ $parameterName: 'properties', $overrideDefaultGroups: false, $whitelist: ['allowed_property'] ]
62	* tags: [ 'api_platform.filter' ]
63	* # The following are mandatory only if a _defaults section is defined with inverted values.
64	* # You may want to isolate filters in a dedicated file to avoid adding the following lines (by adding them in the defaults section)
65	* autowire: false
66	* autoconfigure: false
67	* public: false
68	*
69	* # api/config/api_platform/resources.yaml
70	* resources:
71	* App\Entity\Book:
72	* - operations:
73	* ApiPlatform\Metadata\GetCollection:
74	* filters: ['book.property_filter']
75	* ```
76	*
77	* ```xml
78	* <?xml version="1.0" encoding="UTF-8" ?>
79	* <!-- api/config/services.xml -->
80	* <?xml version="1.0" encoding="UTF-8" ?>
81	* <container
82	* xmlns="http://symfony.com/schema/dic/services"
83	* xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
84	* xsi:schemaLocation="http://symfony.com/schema/dic/services
85	* https://symfony.com/schema/dic/services/services-1.0.xsd">
86	* <services>
87	* <service id="book.property_filter" parent="api_platform.serializer.property_filter">
88	* <argument key="parameterName">properties</argument>
89	* <argument key="overrideDefaultGroups">false</argument>
90	* <argument key="whitelist" type="collection">
91	* <argument>allowed_property</argument>
92	* </argument>
93	* <tag name="api_platform.filter"/>
94	* </service>
95	* </services>
96	* </container>
97	* <!-- api/config/api_platform/resources.xml -->
98	* <resources
99	* xmlns="https://api-platform.com/schema/metadata/resources-3.0"
100	* xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
101	* xsi:schemaLocation="https://api-platform.com/schema/metadata/resources-3.0
102	* https://api-platform.com/schema/metadata/resources-3.0.xsd">
103	* <resource class="App\Entity\Book">
104	* <operations>
105	* <operation class="ApiPlatform\Metadata\GetCollection">
106	* <filters>
107	* <filter>book.property_filter</filter>
108	* </filters>
109	* </operation>
110	* </operations>
111	* </resource>
112	* </resources>
113	* ```
114	*
115	* </div>
116	*
117	* Given that the collection endpoint is `/books`, you can filter the serialization properties with the following query: `/books?properties[]=title&properties[]=author`. If you want to include some properties of the nested "author" document, use: `/books?properties[]=title&properties[author][]=name`.
118	*
119	* @author Baptiste Meyer <baptiste.meyer@gmail.com>
120	*/
121	final class PropertyFilter implements FilterInterface, OpenApiParameterFilterInterface, JsonSchemaFilterInterface
122	{
123	private ?array $whitelist;
124
125	public function __construct(private readonly string $parameterName = 'properties', private readonly bool $overrideDefaultProperties = false, ?array $whitelist = null, private readonly ?NameConverterInterface $nameConverter = null)
126	{
127	$this->whitelist = null === $whitelist ? null : $this->formatWhitelist($whitelist);	333✔
128	}
129
130	/**
131	* {@inheritdoc}
132	*/
133	public function apply(Request $request, bool $normalization, array $attributes, array &$context): void
134	{
135	// TODO: ideally we should return the new context, not mutate the context given in our arguments which is the serializer context
136	// this would allow to use `Parameter::filterContext` properly, for now let's retrieve it like this:
137	/** @var MetadataParameter\|null */
138	$parameter = $request->attributes->get('_api_parameter', null);	180✔
139	$parameterName = $this->parameterName;	180✔
140	$whitelist = $this->whitelist;	180✔
141	$overrideDefaultProperties = $this->overrideDefaultProperties;	180✔
142
143	if ($parameter) {	180✔
144	$parameterName = $parameter->getKey();	2✔
145	$whitelist = $parameter->getFilterContext()['whitelist'] ?? $this->whitelist;	2✔
146	$overrideDefaultProperties = $parameter->getFilterContext()['override_default_properties'] ?? $this->overrideDefaultProperties;	2✔
147	}
148
149	if (null !== $propertyAttribute = $request->attributes->get('_api_filter_property')) {	180✔
UNCOV 150	$properties = $propertyAttribute;	3✔
151	} elseif (\array_key_exists($parameterName, $commonAttribute = $request->attributes->get('_api_filters', []))) {	177✔
152	$properties = $commonAttribute[$parameterName];	×
153	} else {
154	$properties = $request->query->all()[$parameterName] ?? null;	177✔
155	}
156
157	if (!\is_array($properties)) {	180✔
158	return;	171✔
159	}
160
161	// TODO: when refactoring this eventually, note that the ParameterResourceMetadataCollectionFactory already does that and caches this behavior in our Parameter metadata
162	$properties = $this->denormalizeProperties($properties);	20✔
163
164	if (null !== $whitelist) {	20✔
UNCOV 165	$properties = $this->getProperties($properties, $whitelist);	6✔
166	}
167
168	if (!$overrideDefaultProperties && isset($context[AbstractNormalizer::ATTRIBUTES])) {	20✔
UNCOV 169	$properties = array_merge_recursive((array) $context[AbstractNormalizer::ATTRIBUTES], $properties);	3✔
170	}
171
172	$context[AbstractNormalizer::ATTRIBUTES] = $properties;	20✔
173	}
174
175	/**
176	* {@inheritdoc}
177	*/
178	public function getDescription(string $resourceClass): array
179	{
180	$example = \sprintf(	233✔
181	'%1$s[]={propertyName}&%1$s[]={anotherPropertyName}&%1$s[{nestedPropertyParent}][]={nestedProperty}',	233✔
182	$this->parameterName	233✔
183	);	233✔
184
185	return [	233✔
186	"$this->parameterName[]" => [	233✔
187	'type' => 'string',	233✔
188	'is_collection' => true,	233✔
189	'required' => false,	233✔
190	'description' => 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example,	233✔
191	'openapi' => new Parameter(	233✔
192	in: 'query',	233✔
193	name: "$this->parameterName[]",	233✔
194	description: 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example,	233✔
195	schema: [	233✔
196	'type' => 'array',	233✔
197	'items' => [	233✔
198	'type' => 'string',	233✔
199	],	233✔
200	]	233✔
201	),	233✔
202	],	233✔
203	];	233✔
204	}
205
206	/**
207	* Generate an array of whitelist properties to match the format that properties
208	* will have in the request.
209	*
210	* @param array $whitelist the whitelist to format
211	*
212	* @return array An array containing the whitelist ready to match request parameters
213	*/
214	private function formatWhitelist(array $whitelist): array
215	{
UNCOV 216	if (array_values($whitelist) === $whitelist) {	167✔
UNCOV 217	return $whitelist;	167✔
218	}
UNCOV 219	foreach ($whitelist as $name => $value) {	167✔
UNCOV 220	if (null === $value) {	167✔
UNCOV 221	unset($whitelist[$name]);	167✔
UNCOV 222	$whitelist[] = $name;	167✔
223	}
224	}
225
UNCOV 226	return $whitelist;	167✔
227	}
228
229	private function getProperties(array $properties, ?array $whitelist = null): array
230	{
UNCOV 231	$whitelist ??= $this->whitelist;	6✔
UNCOV 232	$result = [];	6✔
233
UNCOV 234	foreach ($properties as $key => $value) {	6✔
UNCOV 235	if (is_numeric($key)) {	6✔
UNCOV 236	if (\in_array($propertyName = $this->denormalizePropertyName($value), $whitelist, true)) {	6✔
UNCOV 237	$result[] = $propertyName;	3✔
238	}
239
UNCOV 240	continue;	6✔
241	}
242
UNCOV 243	if (\is_array($value) && isset($whitelist[$key]) && $recursiveResult = $this->getProperties($value, $whitelist[$key])) {	3✔
UNCOV 244	$result[$this->denormalizePropertyName($key)] = $recursiveResult;	1✔
245	}
246	}
247
UNCOV 248	return $result;	6✔
249	}
250
251	private function denormalizeProperties(array $properties): array
252	{
253	if (null === $this->nameConverter \|\| !$properties) {	20✔
254	return $properties;	×
255	}
256
257	$result = [];	20✔
258	foreach ($properties as $key => $value) {	20✔
259	$result[$this->denormalizePropertyName((string) $key)] = \is_array($value) ? $this->denormalizeProperties($value) : $this->denormalizePropertyName($value);	20✔
260	}
261
262	return $result;	20✔
263	}
264
265	private function denormalizePropertyName($property): string
266	{
267	return null !== $this->nameConverter ? $this->nameConverter->denormalize($property) : $property;	20✔
268	}
269
270	public function getSchema(MetadataParameter $parameter): array
271	{
272	return [	3✔
273	'type' => 'array',	3✔
274	'items' => [	3✔
275	'type' => 'string',	3✔
276	],	3✔
277	];	3✔
278	}
279
280	public function getOpenApiParameters(MetadataParameter $parameter): Parameter\|array\|null
281	{
282	$example = \sprintf(	3✔
283	'%1$s[]={propertyName}&%1$s[]={anotherPropertyName}',	3✔
284	$parameter->getKey()	3✔
285	);	3✔
286
287	return new Parameter(	3✔
288	name: $parameter->getKey().'[]',	3✔
289	in: $parameter instanceof QueryParameter ? 'query' : 'header',	3✔
290	description: 'Allows you to reduce the response to contain only the properties you need. If your desired property is nested, you can address it using nested arrays. Example: '.$example	3✔
291	);	3✔
292	}
293	}

api-platform / core / 14635100171

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous