Symfony4 Restrict Properties in API Platform with Serialization Groups

I’m very young in web development with Symfony, I use the version 4.

I create the Entity and use JWT to authenticate the request. On the API result I get all the data.

Based on the page below I use group to show / hide property in my API project :

 * User
 * @ApiResource(
 *     normalizationContext={"groups"={"read"}},
 *     denormalizationContext={"groups"={"write"}}
 * )
 * @ORMTable(name="user")
 * @ORMEntity
class User implements UserInterface
     * @var int
     * @Groups({"admin:read"})
     * @ORMColumn(name="id_user", type="integer", nullable=false)
     * @ORMId
     * @ORMGeneratedValue(strategy="IDENTITY")
    private $idUser;

     * @var string|null
     * @Groups({"read", "write"})
     * @ORMColumn(name="name_user", type="string", length=80, nullable=true)
    private $nameUser;

With the creation of a Services I need to see the idUser if my role is ROLE_ADMIN but Symfony don’t execute and don’t enter in my AdminContextBuilder.

I replace the condition to be sure, but he don’t care, why ?

if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
// by
if (true) {

Here is what I add in my services.yaml

    decorates: 'api_platform.serializer.context_builder'
    arguments: [ '@AppSerializerAdminContextBuilder.inner' ]
    autoconfigure: false

Source: Symfony Questions

Was this helpful?

0 / 0

Leave a Reply 0

Your email address will not be published. Required fields are marked *