Tom
Reputation: 2873
security with method not working
I'm trying to set up security on my entities in API Platform and found that I can call a method instead of the property example used in the docs (found this in some example somewhere on the web):
* attributes={"access_control"="is_granted('ROLE_USER') and object.belongsTo(user)"},
This is necessary in my case as I keep the user account data seperate from the user profile data and the entity in question is linked to the profile, not the user entity.
This works like charm on an individual getter (/api/data/{id}) but fails with a server 500 error on the list (/api/data):
"hydra:description": "Unable to call method \"belongsTo\" of object \"ApiPlatform\Core\Bridge\Doctrine\Orm\Paginator\".",
Wondering what is going wrong and how to fix it.
the "belongsTo()" method is fairly simple:
public function belongsTo(User $user) {
return $user == $this->owner->user;
}
Upvotes: 2
Views: 485
Answers (1)
Related Questions
- Making a web API secure?
- How do I secure data access in my new API?
- Protect a public API
- API Platform access_control : Cannot access private property
- StatusCode: 405, ReasonPhrase: 'Method Not Allowed'
- How to correctly secure my api and provide authentification?
- Method Not Allowed using Cisco REST API
- Are there any major loopholes with having my handler bypass security for certain API methods?
- Secure API Authentication method
- Spring method security does not work for me