Nemo64 · June 24, 2022 11:51
diff --git a/api_platform.yaml b/api_platform.yaml
 api_platform:
    
    # [...] leave the default configuration
    
    defaults:

        # only use pagination if explicitly requested
        # otherwise, you'll just ignore it and have a broken application once you have more than 10 items
        pagination_enabled: true

        # i assume all endpoints require _some_ authentication
        # overwrite it per resource if necessary
        security: 'is_granted("IS_AUTHENTICATED_FULLY")'

        # I just define default serialization groups here
        # feel free to overwrite them on an entity level if necessary
        normalization_context: { groups: [ read ] }
        denormalization_context: { groups: [ write ] }

        # you usually expect the newest items to come first from an api response
        # since sorting by id does not cost anything in mysql, I just sort by id descending
        order: {"id": "desc"}

        # add default security checks to all item operations
        # (also drop the PATCH operation that I never use or test)
        itemOperations:
            get:
                security: 'is_granted("read", object)'
            put:
                security: 'is_granted("read", object)'
                security_post_denormalize: 'is_granted("write", object)'
            delete:
                security: 'is_granted("write", object)'

        # Collection operations are a bit complicated when it comes to ApiPlatform security
        # There can't be an "object" (since it would be too compute heavy) so it needs to be solved differently
        # more here: https://medium.marco.zone/doctrine-symfony-centralized-access-control-d1f4717734e5
        collectionOperations:
            get:
            post:
                security_post_denormalize: 'is_granted("write", object)'
diff --git a/install.sh b/install.sh
 composer require \
  doctrine/orm \
  doctrine/doctrine-bundle \
  doctrine/doctrine-migrations-bundle \
  symfony/validator \
  api-platform/core \
  damienharper/auditor-bundle \
  phpdocumentor/reflection-docblock \
  symfony/twig-bundle

 composer require --dev \
  symfony/maker-bundle \
  roave/security-advisories:dev-latest
	api_platform:

	# [...] leave the default configuration

	defaults:

	# only use pagination if explicitly requested
	# otherwise, you'll just ignore it and have a broken application once you have more than 10 items
	pagination_enabled: true

	# i assume all endpoints require _some_ authentication
	# overwrite it per resource if necessary
	security: 'is_granted("IS_AUTHENTICATED_FULLY")'

	# I just define default serialization groups here
	# feel free to overwrite them on an entity level if necessary
	normalization_context: { groups: [ read ] }
	denormalization_context: { groups: [ write ] }

	# you usually expect the newest items to come first from an api response
	# since sorting by id does not cost anything in mysql, I just sort by id descending
	order: {"id": "desc"}

	# add default security checks to all item operations
	# (also drop the PATCH operation that I never use or test)
	itemOperations:
	get:
	security: 'is_granted("read", object)'
	put:
	security: 'is_granted("read", object)'
	security_post_denormalize: 'is_granted("write", object)'
	delete:
	security: 'is_granted("write", object)'

	# Collection operations are a bit complicated when it comes to ApiPlatform security
	# There can't be an "object" (since it would be too compute heavy) so it needs to be solved differently
	# more here: https://medium.marco.zone/doctrine-symfony-centralized-access-control-d1f4717734e5
	collectionOperations:
	get:
	post:
	security_post_denormalize: 'is_granted("write", object)'
	composer require \
	doctrine/orm \
	doctrine/doctrine-bundle \
	doctrine/doctrine-migrations-bundle \
	symfony/validator \
	api-platform/core \
	damienharper/auditor-bundle \
	phpdocumentor/reflection-docblock \
	symfony/twig-bundle

	composer require --dev \
	symfony/maker-bundle \
	roave/security-advisories:dev-latest