core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon api-platform

Read security access within OpenAPI

Open soyuka opened this issue 3 years ago • 1 comments

#[Put(security: "is_granted('ROLE_ADMIN') or object.owner == user")]

How to disable the PUT operation if not is_granted('ROLE_ADMIN') on the OpenAPI specification ?

Ideas:

  • [ ] Add an openapi security configuration (because object is not available)
  • [ ] Hack around the object.owner with a proxy ?

Implementation:

Create a new Normalizer that removes stuff from the open api doc (like https://github.com/api-platform/core/blob/main/src/OpenApi/Serializer/OpenApiNormalizer.php) or decorate the OpenApiFactory in a new factory. Do not add this to the current OpenApiFactory.

soyuka avatar Sep 16 '22 09:09 soyuka

also https://github.com/api-platform/core/issues/2719

soyuka avatar Oct 17 '23 10:10 soyuka