vendor/api-platform/core/src/Serializer/AbstractItemNormalizer.php line 470

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the API Platform project.
  5. *
  6. * (c) Kévin Dunglas <dunglas@gmail.com>
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. declare(strict_types=1);
  14. namespace ApiPlatform\Serializer;
  16. use ApiPlatform\Api\IriConverterInterface;
  17. use ApiPlatform\Api\UrlGeneratorInterface;
  18. use ApiPlatform\Core\Api\IriConverterInterface as LegacyIriConverterInterface;
  19. use ApiPlatform\Core\Bridge\Symfony\Messenger\DataTransformer as MessengerDataTransformer;
  20. use ApiPlatform\Core\DataProvider\ItemDataProviderInterface;
  21. use ApiPlatform\Core\DataTransformer\DataTransformerInitializerInterface;
  22. use ApiPlatform\Core\DataTransformer\DataTransformerInterface;
  23. use ApiPlatform\Core\Metadata\Property\Factory\PropertyMetadataFactoryInterface as LegacyPropertyMetadataFactoryInterface;
  24. use ApiPlatform\Core\Metadata\Property\PropertyMetadata;
  25. use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
  26. use ApiPlatform\Exception\InvalidArgumentException;
  27. use ApiPlatform\Exception\InvalidValueException;
  28. use ApiPlatform\Exception\ItemNotFoundException;
  29. use ApiPlatform\Metadata\ApiProperty;
  30. use ApiPlatform\Metadata\CollectionOperationInterface;
  31. use ApiPlatform\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
  32. use ApiPlatform\Metadata\Property\Factory\PropertyNameCollectionFactoryInterface;
  33. use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
  34. use ApiPlatform\Symfony\Security\ResourceAccessCheckerInterface;
  35. use ApiPlatform\Util\ClassInfoTrait;
  36. use Symfony\Component\PropertyAccess\Exception\NoSuchPropertyException;
  37. use Symfony\Component\PropertyAccess\PropertyAccess;
  38. use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
  39. use Symfony\Component\PropertyInfo\Type;
  40. use Symfony\Component\Serializer\Encoder\CsvEncoder;
  41. use Symfony\Component\Serializer\Encoder\XmlEncoder;
  42. use Symfony\Component\Serializer\Exception\LogicException;
  43. use Symfony\Component\Serializer\Exception\MissingConstructorArgumentsException;
  44. use Symfony\Component\Serializer\Exception\NotNormalizableValueException;
  45. use Symfony\Component\Serializer\Exception\RuntimeException;
  46. use Symfony\Component\Serializer\Exception\UnexpectedValueException;
  47. use Symfony\Component\Serializer\Mapping\Factory\ClassMetadataFactoryInterface;
  48. use Symfony\Component\Serializer\NameConverter\AdvancedNameConverterInterface;
  49. use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
  50. use Symfony\Component\Serializer\Normalizer\AbstractObjectNormalizer;
  51. use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
  52. use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
  54. /**
  55. * Base item normalizer.
  56. *
  57. * @author Kévin Dunglas <dunglas@gmail.com>
  58. */
  59. abstract class AbstractItemNormalizer extends AbstractObjectNormalizer
  60. {
  61. use ClassInfoTrait;
  62. use ContextTrait;
  63. use InputOutputMetadataTrait;
  65. public const IS_TRANSFORMED_TO_SAME_CLASS = 'is_transformed_to_same_class';
  67. /**
  68. * @var PropertyNameCollectionFactoryInterface
  69. */
  70. protected $propertyNameCollectionFactory;
  71. /**
  72. * @var LegacyPropertyMetadataFactoryInterface|PropertyMetadataFactoryInterface
  73. */
  74. protected $propertyMetadataFactory;
  75. protected $resourceMetadataFactory;
  76. /**
  77. * @var LegacyIriConverterInterface|IriConverterInterface
  78. */
  79. protected $iriConverter;
  80. protected $resourceClassResolver;
  81. protected $resourceAccessChecker;
  82. protected $propertyAccessor;
  83. protected $itemDataProvider;
  84. protected $allowPlainIdentifiers;
  85. protected $dataTransformers = [];
  86. protected $localCache = [];
  88. public function __construct(PropertyNameCollectionFactoryInterface $propertyNameCollectionFactory, $propertyMetadataFactory, $iriConverter, $resourceClassResolver, PropertyAccessorInterface $propertyAccessor = null, NameConverterInterface $nameConverter = null, ClassMetadataFactoryInterface $classMetadataFactory = null, ItemDataProviderInterface $itemDataProvider = null, bool $allowPlainIdentifiers = false, array $defaultContext = [], iterable $dataTransformers = [], $resourceMetadataFactory = null, ResourceAccessCheckerInterface $resourceAccessChecker = null)
  89. {
  90. if (!isset($defaultContext['circular_reference_handler'])) {
  91. $defaultContext['circular_reference_handler'] = function ($object) {
  92. return $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getIriFromItem($object) : $this->iriConverter->getIriFromResource($object);
  93. };
  94. }
  95. if (!interface_exists(AdvancedNameConverterInterface::class) && method_exists($this, 'setCircularReferenceHandler')) {
  96. $this->setCircularReferenceHandler($defaultContext['circular_reference_handler']);
  97. }
  99. parent::__construct($classMetadataFactory, $nameConverter, null, null, \Closure::fromCallable([$this, 'getObjectClass']), $defaultContext);
  101. $this->propertyNameCollectionFactory = $propertyNameCollectionFactory;
  102. $this->propertyMetadataFactory = $propertyMetadataFactory;
  104. if ($iriConverter instanceof LegacyIriConverterInterface) {
  105. trigger_deprecation('api-platform/core', '2.7', sprintf('Use an implementation of "%s" instead of "%s".', IriConverterInterface::class, LegacyIriConverterInterface::class));
  106. }
  108. $this->iriConverter = $iriConverter;
  109. $this->resourceClassResolver = $resourceClassResolver;
  110. $this->propertyAccessor = $propertyAccessor ?: PropertyAccess::createPropertyAccessor();
  111. $this->itemDataProvider = $itemDataProvider;
  113. if (true === $allowPlainIdentifiers) {
  114. @trigger_error(sprintf('Allowing plain identifiers as argument of "%s" is deprecated since API Platform 2.7 and will not be possible anymore in API Platform 3.', self::class), \E_USER_DEPRECATED);
  115. }
  116. $this->allowPlainIdentifiers = $allowPlainIdentifiers;
  118. $this->dataTransformers = $dataTransformers;
  120. // Just skip our data transformer to trigger a proper deprecation
  121. $customDataTransformers = array_filter(\is_array($dataTransformers) ? $dataTransformers : iterator_to_array($dataTransformers), function ($dataTransformer) {
  122. return !$dataTransformer instanceof MessengerDataTransformer;
  123. });
  125. if (\count($customDataTransformers)) {
  126. trigger_deprecation('api-platform/core', '2.7', 'The DataTransformer pattern is deprecated, use a Provider or a Processor and either use your input or return a new output there.');
  127. }
  129. if ($resourceMetadataFactory && !$resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface) {
  130. trigger_deprecation('api-platform/core', '2.7', sprintf('Use "%s" instead of "%s".', ResourceMetadataCollectionFactoryInterface::class, ResourceMetadataFactoryInterface::class));
  131. }
  133. $this->resourceMetadataFactory = $resourceMetadataFactory;
  134. $this->resourceAccessChecker = $resourceAccessChecker;
  135. }
  137. /**
  138. * {@inheritdoc}
  139. */
  140. public function supportsNormalization($data, $format = null, array $context = []): bool
  141. {
  142. if (!\is_object($data) || is_iterable($data)) {
  143. return false;
  144. }
  146. $class = $this->getObjectClass($data);
  147. if (($context['output']['class'] ?? null) === $class) {
  148. return true;
  149. }
  151. return $this->resourceClassResolver->isResourceClass($class);
  152. }
  154. /**
  155. * {@inheritdoc}
  156. */
  157. public function hasCacheableSupportsMethod(): bool
  158. {
  159. return true;
  160. }
  162. /**
  163. * {@inheritdoc}
  164. *
  165. * @throws LogicException
  166. *
  167. * @return array|string|int|float|bool|\ArrayObject|null
  168. */
  169. public function normalize($object, $format = null, array $context = [])
  170. {
  171. $resourceClass = $this->getObjectClass($object);
  172. if (!($isTransformed = isset($context[self::IS_TRANSFORMED_TO_SAME_CLASS])) && $outputClass = $this->getOutputClass($resourceClass, $context)) {
  173. if (!$this->serializer instanceof NormalizerInterface) {
  174. throw new LogicException('Cannot normalize the output because the injected serializer is not a normalizer');
  175. }
  177. // Data transformers are deprecated, this is removed from 3.0
  178. if ($dataTransformer = $this->getDataTransformer($object, $outputClass, $context)) {
  179. $transformed = $dataTransformer->transform($object, $outputClass, $context);
  181. if ($object === $transformed) {
  182. $context[self::IS_TRANSFORMED_TO_SAME_CLASS] = true;
  183. } else {
  184. $context['api_normalize'] = true;
  185. $context['api_resource'] = $object;
  186. unset($context['output'], $context['resource_class']);
  187. }
  189. return $this->serializer->normalize($transformed, $format, $context);
  190. }
  192. unset($context['output'], $context['operation_name']);
  193. if ($this->resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface && !isset($context['operation'])) {
  194. $context['operation'] = $this->resourceMetadataFactory->create($context['resource_class'])->getOperation();
  195. }
  196. $context['resource_class'] = $outputClass;
  197. $context['api_sub_level'] = true;
  198. $context[self::ALLOW_EXTRA_ATTRIBUTES] = false;
  200. return $this->serializer->normalize($object, $format, $context);
  201. }
  203. if ($isTransformed) {
  204. unset($context[self::IS_TRANSFORMED_TO_SAME_CLASS]);
  205. }
  207. if ($isResourceClass = $this->resourceClassResolver->isResourceClass($resourceClass)) {
  208. $context = $this->initContext($resourceClass, $context);
  209. }
  211. if (isset($context['operation']) && $context['operation'] instanceof CollectionOperationInterface) {
  212. unset($context['operation_name']);
  213. unset($context['operation']);
  214. unset($context['iri']);
  215. }
  217. $iri = null;
  218. if (isset($context['iri'])) {
  219. $iri = $context['iri'];
  220. } elseif ($this->iriConverter instanceof LegacyIriConverterInterface && $isResourceClass) {
  221. $iri = $this->iriConverter->getIriFromItem($object);
  222. } elseif ($this->iriConverter instanceof IriConverterInterface) {
  223. $iri = $this->iriConverter->getIriFromResource($object, UrlGeneratorInterface::ABS_URL, $context['operation'] ?? null, $context);
  224. }
  226. $context['iri'] = $iri;
  227. $context['api_normalize'] = true;
  229. /*
  230. * When true, converts the normalized data array of a resource into an
  231. * IRI, if the normalized data array is empty.
  232. *
  233. * This is useful when traversing from a non-resource towards an attribute
  234. * which is a resource, as we do not have the benefit of {@see PropertyMetadata::isReadableLink}.
  235. *
  236. * It must not be propagated to subresources, as {@see PropertyMetadata::isReadableLink}
  237. * should take effect.
  238. */
  239. $emptyResourceAsIri = $context['api_empty_resource_as_iri'] ?? false;
  240. unset($context['api_empty_resource_as_iri']);
  242. if (isset($context['resources'])) {
  243. $context['resources'][$iri] = $iri;
  244. }
  246. $data = parent::normalize($object, $format, $context);
  247. if ($emptyResourceAsIri && \is_array($data) && 0 === \count($data)) {
  248. return $iri;
  249. }
  251. return $data;
  252. }
  254. /**
  255. * {@inheritdoc}
  256. *
  257. * @return bool
  258. */
  259. public function supportsDenormalization($data, $type, $format = null, array $context = [])
  260. {
  261. if (($context['input']['class'] ?? null) === $type) {
  262. return true;
  263. }
  265. return $this->localCache[$type] ?? $this->localCache[$type] = $this->resourceClassResolver->isResourceClass($type);
  266. }
  268. /**
  269. * {@inheritdoc}
  270. *
  271. * @return mixed
  272. */
  273. public function denormalize($data, $class, $format = null, array $context = [])
  274. {
  275. $resourceClass = $class;
  277. if (null !== $inputClass = $this->getInputClass($resourceClass, $context)) {
  278. if (null !== $dataTransformer = $this->getDataTransformer($data, $resourceClass, $context)) {
  279. $dataTransformerContext = $context;
  281. unset($context['input']);
  282. unset($context['resource_class']);
  284. if (!$this->serializer instanceof DenormalizerInterface) {
  285. throw new LogicException('Cannot denormalize the input because the injected serializer is not a denormalizer');
  286. }
  288. if ($dataTransformer instanceof DataTransformerInitializerInterface) {
  289. $context[AbstractObjectNormalizer::OBJECT_TO_POPULATE] = $dataTransformer->initialize($inputClass, $context);
  290. $context[AbstractObjectNormalizer::DEEP_OBJECT_TO_POPULATE] = true;
  291. }
  293. try {
  294. $denormalizedInput = $this->serializer->denormalize($data, $inputClass, $format, $context);
  295. } catch (NotNormalizableValueException $e) {
  296. throw new UnexpectedValueException('The input data is misformatted.', $e->getCode(), $e);
  297. }
  299. if (!\is_object($denormalizedInput)) {
  300. throw new UnexpectedValueException('Expected denormalized input to be an object.');
  301. }
  303. return $dataTransformer->transform($denormalizedInput, $resourceClass, $dataTransformerContext);
  304. }
  306. unset($context['input']);
  307. unset($context['operation']);
  308. unset($context['operation_name']);
  309. $context['resource_class'] = $inputClass;
  311. if (!$this->serializer instanceof DenormalizerInterface) {
  312. throw new LogicException('Cannot denormalize the input because the injected serializer is not a denormalizer');
  313. }
  315. try {
  316. return $this->serializer->denormalize($data, $inputClass, $format, $context);
  317. } catch (NotNormalizableValueException $e) {
  318. throw new UnexpectedValueException('The input data is misformatted.', $e->getCode(), $e);
  319. }
  320. }
  322. if (null === $objectToPopulate = $this->extractObjectToPopulate($class, $context, static::OBJECT_TO_POPULATE)) {
  323. $normalizedData = \is_scalar($data) ? [$data] : $this->prepareForDenormalization($data);
  324. $class = $this->getClassDiscriminatorResolvedClass($normalizedData, $class);
  325. }
  327. $context['api_denormalize'] = true;
  329. if ($this->resourceClassResolver->isResourceClass($class)) {
  330. $resourceClass = $this->resourceClassResolver->getResourceClass($objectToPopulate, $class);
  331. $context['resource_class'] = $resourceClass;
  332. }
  334. $supportsPlainIdentifiers = $this->supportsPlainIdentifiers();
  336. if (\is_string($data)) {
  337. try {
  338. return $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getItemFromIri($data, $context + ['fetch_data' => true]) : $this->iriConverter->getResourceFromIri($data, $context + ['fetch_data' => true]);
  339. } catch (ItemNotFoundException $e) {
  340. if (!$supportsPlainIdentifiers) {
  341. throw new UnexpectedValueException($e->getMessage(), $e->getCode(), $e);
  342. }
  343. } catch (InvalidArgumentException $e) {
  344. if (!$supportsPlainIdentifiers) {
  345. throw new UnexpectedValueException(sprintf('Invalid IRI "%s".', $data), $e->getCode(), $e);
  346. }
  347. }
  348. }
  350. if (!\is_array($data)) {
  351. if (!$supportsPlainIdentifiers) {
  352. throw new UnexpectedValueException(sprintf('Expected IRI or document for resource "%s", "%s" given.', $resourceClass, \gettype($data)));
  353. }
  355. $item = $this->itemDataProvider->getItem($resourceClass, $data, null, $context + ['fetch_data' => true]);
  356. if (null === $item) {
  357. throw new ItemNotFoundException(sprintf('Item not found for resource "%s" with id "%s".', $resourceClass, $data));
  358. }
  360. return $item;
  361. }
  363. $previousObject = null !== $objectToPopulate ? clone $objectToPopulate : null;
  364. $object = parent::denormalize($data, $resourceClass, $format, $context);
  366. if (!$this->resourceClassResolver->isResourceClass($context['resource_class'])) {
  367. return $object;
  368. }
  370. // Revert attributes that aren't allowed to be changed after a post-denormalize check
  371. foreach (array_keys($data) as $attribute) {
  372. if (!$this->canAccessAttributePostDenormalize($object, $previousObject, $attribute, $context)) {
  373. if (null !== $previousObject) {
  374. $this->setValue($object, $attribute, $this->propertyAccessor->getValue($previousObject, $attribute));
  375. } else {
  376. $propertyMetadata = $this->propertyMetadataFactory->create($resourceClass, $attribute, $this->getFactoryOptions($context));
  377. $this->setValue($object, $attribute, $propertyMetadata->getDefault());
  378. }
  379. }
  380. }
  382. return $object;
  383. }
  385. /**
  386. * Method copy-pasted from symfony/serializer.
  387. * Remove it after symfony/serializer version update @see https://github.com/symfony/symfony/pull/28263.
  388. *
  389. * {@inheritdoc}
  390. *
  391. * @internal
  392. *
  393. * @return object
  394. */
  395. protected function instantiateObject(array &$data, $class, array &$context, \ReflectionClass $reflectionClass, $allowedAttributes, string $format = null)
  396. {
  397. if (null !== $object = $this->extractObjectToPopulate($class, $context, static::OBJECT_TO_POPULATE)) {
  398. unset($context[static::OBJECT_TO_POPULATE]);
  400. return $object;
  401. }
  403. $class = $this->getClassDiscriminatorResolvedClass($data, $class);
  404. $reflectionClass = new \ReflectionClass($class);
  406. $constructor = $this->getConstructor($data, $class, $context, $reflectionClass, $allowedAttributes);
  407. if ($constructor) {
  408. $constructorParameters = $constructor->getParameters();
  410. $params = [];
  411. foreach ($constructorParameters as $constructorParameter) {
  412. $paramName = $constructorParameter->name;
  413. $key = $this->nameConverter ? $this->nameConverter->normalize($paramName, $class, $format, $context) : $paramName;
  415. $allowed = false === $allowedAttributes || (\is_array($allowedAttributes) && \in_array($paramName, $allowedAttributes, true));
  416. $ignored = !$this->isAllowedAttribute($class, $paramName, $format, $context);
  417. if ($constructorParameter->isVariadic()) {
  418. if ($allowed && !$ignored && (isset($data[$key]) || \array_key_exists($key, $data))) {
  419. if (!\is_array($data[$paramName])) {
  420. throw new RuntimeException(sprintf('Cannot create an instance of %s from serialized data because the variadic parameter %s can only accept an array.', $class, $constructorParameter->name));
  421. }
  423. $params = array_merge($params, $data[$paramName]);
  424. }
  425. } elseif ($allowed && !$ignored && (isset($data[$key]) || \array_key_exists($key, $data))) {
  426. $params[] = $this->createConstructorArgument($data[$key], $key, $constructorParameter, $context, $format);
  428. // Don't run set for a parameter passed to the constructor
  429. unset($data[$key]);
  430. } elseif (isset($context[static::DEFAULT_CONSTRUCTOR_ARGUMENTS][$class][$key])) {
  431. $params[] = $context[static::DEFAULT_CONSTRUCTOR_ARGUMENTS][$class][$key];
  432. } elseif ($constructorParameter->isDefaultValueAvailable()) {
  433. $params[] = $constructorParameter->getDefaultValue();
  434. } else {
  435. throw new MissingConstructorArgumentsException(sprintf('Cannot create an instance of %s from serialized data because its constructor requires parameter "%s" to be present.', $class, $constructorParameter->name));
  436. }
  437. }
  439. if ($constructor->isConstructor()) {
  440. return $reflectionClass->newInstanceArgs($params);
  441. }
  443. return $constructor->invokeArgs(null, $params);
  444. }
  446. return new $class();
  447. }
  449. protected function getClassDiscriminatorResolvedClass(array &$data, string $class): string
  450. {
  451. if (null === $this->classDiscriminatorResolver || (null === $mapping = $this->classDiscriminatorResolver->getMappingForClass($class))) {
  452. return $class;
  453. }
  455. if (!isset($data[$mapping->getTypeProperty()])) {
  456. throw new RuntimeException(sprintf('Type property "%s" not found for the abstract object "%s"', $mapping->getTypeProperty(), $class));
  457. }
  459. $type = $data[$mapping->getTypeProperty()];
  460. if (null === ($mappedClass = $mapping->getClassForType($type))) {
  461. throw new RuntimeException(sprintf('The type "%s" has no mapped class for the abstract object "%s"', $type, $class));
  462. }
  464. return $mappedClass;
  465. }
  467. /**
  468. * {@inheritdoc}
  469. */
  470. protected function createConstructorArgument($parameterData, string $key, \ReflectionParameter $constructorParameter, array &$context, string $format = null)
  471. {
  472. return $this->createAttributeValue($constructorParameter->name, $parameterData, $format, $context);
  473. }
  475. /**
  476. * {@inheritdoc}
  477. *
  478. * Unused in this context.
  479. *
  480. * @return string[]
  481. */
  482. protected function extractAttributes($object, $format = null, array $context = [])
  483. {
  484. return [];
  485. }
  487. /**
  488. * {@inheritdoc}
  489. *
  490. * @return array|bool
  491. */
  492. protected function getAllowedAttributes($classOrObject, array $context, $attributesAsString = false)
  493. {
  494. if (!$this->resourceClassResolver->isResourceClass($context['resource_class'])) {
  495. return parent::getAllowedAttributes($classOrObject, $context, $attributesAsString);
  496. }
  498. $resourceClass = $this->resourceClassResolver->getResourceClass(null, $context['resource_class']); // fix for abstract classes and interfaces
  499. $options = $this->getFactoryOptions($context);
  500. $propertyNames = $this->propertyNameCollectionFactory->create($resourceClass, $options);
  502. $allowedAttributes = [];
  503. foreach ($propertyNames as $propertyName) {
  504. $propertyMetadata = $this->propertyMetadataFactory->create($resourceClass, $propertyName, $options);
  506. if (
  507. $this->isAllowedAttribute($classOrObject, $propertyName, null, $context) &&
  508. (
  509. isset($context['api_normalize']) && $propertyMetadata->isReadable() ||
  510. isset($context['api_denormalize']) && ($propertyMetadata->isWritable() || !\is_object($classOrObject) && $propertyMetadata->isInitializable())
  511. )
  512. ) {
  513. $allowedAttributes[] = $propertyName;
  514. }
  515. }
  517. return $allowedAttributes;
  518. }
  520. /**
  521. * {@inheritdoc}
  522. *
  523. * @return bool
  524. */
  525. protected function isAllowedAttribute($classOrObject, $attribute, $format = null, array $context = [])
  526. {
  527. if (!parent::isAllowedAttribute($classOrObject, $attribute, $format, $context)) {
  528. return false;
  529. }
  531. return $this->canAccessAttribute(\is_object($classOrObject) ? $classOrObject : null, $attribute, $context);
  532. }
  534. /**
  535. * Check if access to the attribute is granted.
  536. *
  537. * @param object $object
  538. */
  539. protected function canAccessAttribute($object, string $attribute, array $context = []): bool
  540. {
  541. if (!$this->resourceClassResolver->isResourceClass($context['resource_class'])) {
  542. return true;
  543. }
  545. $options = $this->getFactoryOptions($context);
  546. /** @var PropertyMetadata|ApiProperty */
  547. $propertyMetadata = $this->propertyMetadataFactory->create($context['resource_class'], $attribute, $options);
  548. $security = $propertyMetadata instanceof PropertyMetadata ? $propertyMetadata->getAttribute('security') : $propertyMetadata->getSecurity();
  549. if ($this->resourceAccessChecker && $security) {
  550. return $this->resourceAccessChecker->isGranted($context['resource_class'], $security, [
  551. 'object' => $object,
  552. ]);
  553. }
  555. return true;
  556. }
  558. /**
  559. * Check if access to the attribute is granted.
  560. *
  561. * @param object $object
  562. * @param object|null $previousObject
  563. */
  564. protected function canAccessAttributePostDenormalize($object, $previousObject, string $attribute, array $context = []): bool
  565. {
  566. $options = $this->getFactoryOptions($context);
  567. /** @var PropertyMetadata|ApiProperty */
  568. $propertyMetadata = $this->propertyMetadataFactory->create($context['resource_class'], $attribute, $options);
  569. $security = $propertyMetadata instanceof PropertyMetadata ? $propertyMetadata->getAttribute('security_post_denormalize') : $propertyMetadata->getSecurityPostDenormalize();
  570. if ($this->resourceAccessChecker && $security) {
  571. return $this->resourceAccessChecker->isGranted($context['resource_class'], $security, [
  572. 'object' => $object,
  573. 'previous_object' => $previousObject,
  574. ]);
  575. }
  577. return true;
  578. }
  580. /**
  581. * {@inheritdoc}
  582. */
  583. protected function setAttributeValue($object, $attribute, $value, $format = null, array $context = [])
  584. {
  585. $this->setValue($object, $attribute, $this->createAttributeValue($attribute, $value, $format, $context));
  586. }
  588. /**
  589. * Validates the type of the value. Allows using integers as floats for JSON formats.
  590. *
  591. * @param mixed $value
  592. *
  593. * @throws InvalidArgumentException
  594. */
  595. protected function validateType(string $attribute, Type $type, $value, string $format = null)
  596. {
  597. $builtinType = $type->getBuiltinType();
  598. if (Type::BUILTIN_TYPE_FLOAT === $builtinType && null !== $format && false !== strpos($format, 'json')) {
  599. $isValid = \is_float($value) || \is_int($value);
  600. } else {
  601. $isValid = \call_user_func('is_'.$builtinType, $value);
  602. }
  604. if (!$isValid) {
  605. throw new UnexpectedValueException(sprintf('The type of the "%s" attribute must be "%s", "%s" given.', $attribute, $builtinType, \gettype($value)));
  606. }
  607. }
  609. /**
  610. * Denormalizes a collection of objects.
  611. *
  612. * @param ApiProperty|PropertyMetadata $propertyMetadata
  613. * @param mixed $value
  614. *
  615. * @throws InvalidArgumentException
  616. */
  617. protected function denormalizeCollection(string $attribute, $propertyMetadata, Type $type, string $className, $value, ?string $format, array $context): array
  618. {
  619. if (!\is_array($value)) {
  620. throw new InvalidArgumentException(sprintf('The type of the "%s" attribute must be "array", "%s" given.', $attribute, \gettype($value)));
  621. }
  623. $collectionKeyType = method_exists(Type::class, 'getCollectionKeyTypes') ? ($type->getCollectionKeyTypes()[0] ?? null) : $type->getCollectionKeyType();
  624. $collectionKeyBuiltinType = null === $collectionKeyType ? null : $collectionKeyType->getBuiltinType();
  626. $values = [];
  627. foreach ($value as $index => $obj) {
  628. if (null !== $collectionKeyBuiltinType && !\call_user_func('is_'.$collectionKeyBuiltinType, $index)) {
  629. throw new InvalidArgumentException(sprintf('The type of the key "%s" must be "%s", "%s" given.', $index, $collectionKeyBuiltinType, \gettype($index)));
  630. }
  632. $values[$index] = $this->denormalizeRelation($attribute, $propertyMetadata, $className, $obj, $format, $this->createChildContext($context, $attribute, $format));
  633. }
  635. return $values;
  636. }
  638. /**
  639. * Denormalizes a relation.
  640. *
  641. * @param ApiProperty|PropertyMetadata $propertyMetadata
  642. * @param mixed $value
  643. *
  644. * @throws LogicException
  645. * @throws UnexpectedValueException
  646. * @throws ItemNotFoundException
  647. *
  648. * @return object|null
  649. */
  650. protected function denormalizeRelation(string $attributeName, $propertyMetadata, string $className, $value, ?string $format, array $context)
  651. {
  652. $supportsPlainIdentifiers = $this->supportsPlainIdentifiers();
  654. if (\is_string($value)) {
  655. try {
  656. return $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getItemFromIri($value, $context + ['fetch_data' => true]) : $this->iriConverter->getResourceFromIri($value, $context + ['fetch_data' => true]);
  657. } catch (ItemNotFoundException $e) {
  658. if (!$supportsPlainIdentifiers) {
  659. throw new UnexpectedValueException($e->getMessage(), $e->getCode(), $e);
  660. }
  661. } catch (InvalidArgumentException $e) {
  662. if (!$supportsPlainIdentifiers) {
  663. throw new UnexpectedValueException(sprintf('Invalid IRI "%s".', $value), $e->getCode(), $e);
  664. }
  665. }
  666. }
  668. if ($propertyMetadata->isWritableLink()) {
  669. $context['api_allow_update'] = true;
  671. if (!$this->serializer instanceof DenormalizerInterface) {
  672. throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class));
  673. }
  675. try {
  676. $item = $this->serializer->denormalize($value, $className, $format, $context);
  677. if (!\is_object($item) && null !== $item) {
  678. throw new \UnexpectedValueException('Expected item to be an object or null.');
  679. }
  681. return $item;
  682. } catch (InvalidValueException $e) {
  683. if (!$supportsPlainIdentifiers) {
  684. throw $e;
  685. }
  686. }
  687. }
  689. if (!\is_array($value)) {
  690. if (!$supportsPlainIdentifiers) {
  691. throw new UnexpectedValueException(sprintf('Expected IRI or nested document for attribute "%s", "%s" given.', $attributeName, \gettype($value)));
  692. }
  694. $item = $this->itemDataProvider->getItem($className, $value, null, $context + ['fetch_data' => true]);
  695. if (null === $item) {
  696. throw new ItemNotFoundException(sprintf('Item not found for resource "%s" with id "%s".', $className, $value));
  697. }
  699. return $item;
  700. }
  702. throw new UnexpectedValueException(sprintf('Nested documents for attribute "%s" are not allowed. Use IRIs instead.', $attributeName));
  703. }
  705. /**
  706. * Gets the options for the property name collection / property metadata factories.
  707. */
  708. protected function getFactoryOptions(array $context): array
  709. {
  710. $options = [];
  712. if (isset($context[self::GROUPS])) {
  713. /* @see https://github.com/symfony/symfony/blob/v4.2.6/src/Symfony/Component/PropertyInfo/Extractor/SerializerExtractor.php */
  714. $options['serializer_groups'] = (array) $context[self::GROUPS];
  715. }
  717. if (isset($context['resource_class']) && $this->resourceClassResolver->isResourceClass($context['resource_class']) && $this->resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface) {
  718. $resourceClass = $this->resourceClassResolver->getResourceClass(null, $context['resource_class']); // fix for abstract classes and interfaces
  719. // This is a hot spot, we should avoid calling this here but in many cases we can't
  720. $operation = $context['root_operation'] ?? $context['operation'] ?? $this->resourceMetadataFactory->create($resourceClass)->getOperation($context['root_operation_name'] ?? $context['operation_name'] ?? null);
  721. $options['normalization_groups'] = $operation->getNormalizationContext()['groups'] ?? null;
  722. $options['denormalization_groups'] = $operation->getDenormalizationContext()['groups'] ?? null;
  723. }
  725. if (isset($context['operation_name'])) {
  726. $options['operation_name'] = $context['operation_name'];
  727. }
  729. if (isset($context['collection_operation_name'])) {
  730. $options['collection_operation_name'] = $context['collection_operation_name'];
  731. }
  733. if (isset($context['item_operation_name'])) {
  734. $options['item_operation_name'] = $context['item_operation_name'];
  735. }
  737. return $options;
  738. }
  740. /**
  741. * Creates the context to use when serializing a relation.
  742. *
  743. * @deprecated since version 2.1, to be removed in 3.0.
  744. */
  745. protected function createRelationSerializationContext(string $resourceClass, array $context): array
  746. {
  747. @trigger_error(sprintf('The method %s() is deprecated since 2.1 and will be removed in 3.0.', __METHOD__), \E_USER_DEPRECATED);
  749. return $context;
  750. }
  752. /**
  753. * {@inheritdoc}
  754. *
  755. * @throws UnexpectedValueException
  756. * @throws LogicException
  757. *
  758. * @return mixed
  759. */
  760. protected function getAttributeValue($object, $attribute, $format = null, array $context = [])
  761. {
  762. $context['api_attribute'] = $attribute;
  763. /** @var ApiProperty|PropertyMetadata */
  764. $propertyMetadata = $this->propertyMetadataFactory->create($context['resource_class'], $attribute, $this->getFactoryOptions($context));
  766. try {
  767. $attributeValue = $this->propertyAccessor->getValue($object, $attribute);
  768. } catch (NoSuchPropertyException $e) {
  769. // BC to be removed in 3.0
  770. if ($propertyMetadata instanceof PropertyMetadata && !$propertyMetadata->hasChildInherited()) {
  771. throw $e;
  772. }
  773. if ($propertyMetadata instanceof ApiProperty) {
  774. throw $e;
  775. }
  777. $attributeValue = null;
  778. }
  780. if ($context['api_denormalize'] ?? false) {
  781. return $attributeValue;
  782. }
  784. $type = $propertyMetadata instanceof PropertyMetadata ? $propertyMetadata->getType() : ($propertyMetadata->getBuiltinTypes()[0] ?? null);
  786. if (
  787. $type &&
  788. $type->isCollection() &&
  789. ($collectionValueType = method_exists(Type::class, 'getCollectionValueTypes') ? ($type->getCollectionValueTypes()[0] ?? null) : $type->getCollectionValueType()) &&
  790. ($className = $collectionValueType->getClassName()) &&
  791. $this->resourceClassResolver->isResourceClass($className)
  792. ) {
  793. if (!is_iterable($attributeValue)) {
  794. throw new UnexpectedValueException('Unexpected non-iterable value for to-many relation.');
  795. }
  797. $resourceClass = $this->resourceClassResolver->getResourceClass($attributeValue, $className);
  798. $childContext = $this->createChildContext($context, $attribute, $format);
  799. $childContext['resource_class'] = $resourceClass;
  800. if ($this->resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface) {
  801. $childContext['operation'] = $this->resourceMetadataFactory->create($resourceClass)->getOperation();
  802. }
  803. unset($childContext['iri'], $childContext['uri_variables']);
  805. return $this->normalizeCollectionOfRelations($propertyMetadata, $attributeValue, $resourceClass, $format, $childContext);
  806. }
  808. if (
  809. $type &&
  810. ($className = $type->getClassName()) &&
  811. $this->resourceClassResolver->isResourceClass($className)
  812. ) {
  813. if (!\is_object($attributeValue) && null !== $attributeValue) {
  814. throw new UnexpectedValueException('Unexpected non-object value for to-one relation.');
  815. }
  817. $resourceClass = $this->resourceClassResolver->getResourceClass($attributeValue, $className);
  818. $childContext = $this->createChildContext($context, $attribute, $format);
  819. $childContext['resource_class'] = $resourceClass;
  820. if ($this->resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface) {
  821. $childContext['operation'] = $this->resourceMetadataFactory->create($resourceClass)->getOperation();
  822. }
  823. unset($childContext['iri'], $childContext['uri_variables']);
  825. return $this->normalizeRelation($propertyMetadata, $attributeValue, $resourceClass, $format, $childContext);
  826. }
  828. if (!$this->serializer instanceof NormalizerInterface) {
  829. throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class));
  830. }
  832. unset($context['resource_class']);
  834. if ($type && $type->getClassName()) {
  835. $childContext = $this->createChildContext($context, $attribute, $format);
  836. unset($childContext['iri'], $childContext['uri_variables']);
  838. if ($propertyMetadata instanceof PropertyMetadata) {
  839. $childContext['output']['iri'] = $propertyMetadata->getIri() ?? false;
  840. } else {
  841. $childContext['output']['gen_id'] = $propertyMetadata->getGenId() ?? false;
  842. }
  844. return $this->serializer->normalize($attributeValue, $format, $childContext);
  845. }
  847. return $this->serializer->normalize($attributeValue, $format, $context);
  848. }
  850. /**
  851. * Normalizes a collection of relations (to-many).
  852. *
  853. * @param ApiProperty|PropertyMetadata $propertyMetadata
  854. * @param iterable $attributeValue
  855. *
  856. * @throws UnexpectedValueException
  857. */
  858. protected function normalizeCollectionOfRelations($propertyMetadata, $attributeValue, string $resourceClass, ?string $format, array $context): array
  859. {
  860. $value = [];
  861. foreach ($attributeValue as $index => $obj) {
  862. if (!\is_object($obj) && null !== $obj) {
  863. throw new UnexpectedValueException('Unexpected non-object element in to-many relation.');
  864. }
  866. $value[$index] = $this->normalizeRelation($propertyMetadata, $obj, $resourceClass, $format, $context);
  867. }
  869. return $value;
  870. }
  872. /**
  873. * Normalizes a relation.
  874. *
  875. * @param ApiProperty|PropertyMetadata $propertyMetadata
  876. * @param object|null $relatedObject
  877. *
  878. * @throws LogicException
  879. * @throws UnexpectedValueException
  880. *
  881. * @return string|array|\ArrayObject|null IRI or normalized object data
  882. */
  883. protected function normalizeRelation($propertyMetadata, $relatedObject, string $resourceClass, ?string $format, array $context)
  884. {
  885. if (null === $relatedObject || !empty($context['attributes']) || $propertyMetadata->isReadableLink()) {
  886. if (!$this->serializer instanceof NormalizerInterface) {
  887. throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', NormalizerInterface::class));
  888. }
  890. $normalizedRelatedObject = $this->serializer->normalize($relatedObject, $format, $context);
  891. if (!\is_string($normalizedRelatedObject) && !\is_array($normalizedRelatedObject) && !$normalizedRelatedObject instanceof \ArrayObject && null !== $normalizedRelatedObject) {
  892. throw new UnexpectedValueException('Expected normalized relation to be an IRI, array, \ArrayObject or null');
  893. }
  895. return $normalizedRelatedObject;
  896. }
  898. $iri = $this->iriConverter instanceof LegacyIriConverterInterface ? $this->iriConverter->getIriFromItem($relatedObject) : $this->iriConverter->getIriFromResource($relatedObject);
  900. if (isset($context['resources'])) {
  901. $context['resources'][$iri] = $iri;
  902. }
  904. $push = $propertyMetadata instanceof PropertyMetadata ? $propertyMetadata->getAttribute('push', false) : ($propertyMetadata->getPush() ?? false);
  905. if (isset($context['resources_to_push']) && $push) {
  906. $context['resources_to_push'][$iri] = $iri;
  907. }
  909. return $iri;
  910. }
  912. /**
  913. * Finds the first supported data transformer if any.
  914. *
  915. * @param object|array $data object on normalize / array on denormalize
  916. */
  917. protected function getDataTransformer($data, string $to, array $context = []): ?DataTransformerInterface
  918. {
  919. foreach ($this->dataTransformers as $dataTransformer) {
  920. if ($dataTransformer->supportsTransformation($data, $to, $context)) {
  921. return $dataTransformer;
  922. }
  923. }
  925. return null;
  926. }
  928. /**
  929. * For a given resource, it returns an output representation if any
  930. * If not, the resource is returned.
  931. *
  932. * @param mixed $object
  933. */
  934. protected function transformOutput($object, array $context = [], string $outputClass = null)
  935. {
  936. }
  938. private function createAttributeValue($attribute, $value, $format = null, array $context = [])
  939. {
  940. if (!$this->resourceClassResolver->isResourceClass($context['resource_class'])) {
  941. return $value;
  942. }
  944. /** @var ApiProperty|PropertyMetadata */
  945. $propertyMetadata = $this->propertyMetadataFactory->create($context['resource_class'], $attribute, $this->getFactoryOptions($context));
  946. $type = $propertyMetadata instanceof PropertyMetadata ? $propertyMetadata->getType() : ($propertyMetadata->getBuiltinTypes()[0] ?? null);
  948. if (null === $type) {
  949. // No type provided, blindly return the value
  950. return $value;
  951. }
  953. if (null === $value && $type->isNullable()) {
  954. return $value;
  955. }
  957. $collectionValueType = method_exists(Type::class, 'getCollectionValueTypes') ? ($type->getCollectionValueTypes()[0] ?? null) : $type->getCollectionValueType();
  959. /* From @see AbstractObjectNormalizer::validateAndDenormalize() */
  960. // Fix a collection that contains the only one element
  961. // This is special to xml format only
  962. if ('xml' === $format && null !== $collectionValueType && (!\is_array($value) || !\is_int(key($value)))) {
  963. $value = [$value];
  964. }
  966. if (
  967. $type->isCollection() &&
  968. null !== $collectionValueType &&
  969. null !== ($className = $collectionValueType->getClassName()) &&
  970. $this->resourceClassResolver->isResourceClass($className)
  971. ) {
  972. $resourceClass = $this->resourceClassResolver->getResourceClass(null, $className);
  973. $context['resource_class'] = $resourceClass;
  975. return $this->denormalizeCollection($attribute, $propertyMetadata, $type, $resourceClass, $value, $format, $context);
  976. }
  978. if (
  979. null !== ($className = $type->getClassName()) &&
  980. $this->resourceClassResolver->isResourceClass($className)
  981. ) {
  982. $resourceClass = $this->resourceClassResolver->getResourceClass(null, $className);
  983. $childContext = $this->createChildContext($context, $attribute, $format);
  984. $childContext['resource_class'] = $resourceClass;
  985. if ($this->resourceMetadataFactory instanceof ResourceMetadataCollectionFactoryInterface) {
  986. $childContext['operation'] = $this->resourceMetadataFactory->create($resourceClass)->getOperation();
  987. }
  989. return $this->denormalizeRelation($attribute, $propertyMetadata, $resourceClass, $value, $format, $childContext);
  990. }
  992. if (
  993. $type->isCollection() &&
  994. null !== $collectionValueType &&
  995. null !== ($className = $collectionValueType->getClassName())
  996. ) {
  997. if (!$this->serializer instanceof DenormalizerInterface) {
  998. throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class));
  999. }
  1001. unset($context['resource_class']);
  1003. return $this->serializer->denormalize($value, $className.'[]', $format, $context);
  1004. }
  1006. if (null !== $className = $type->getClassName()) {
  1007. if (!$this->serializer instanceof DenormalizerInterface) {
  1008. throw new LogicException(sprintf('The injected serializer must be an instance of "%s".', DenormalizerInterface::class));
  1009. }
  1011. unset($context['resource_class']);
  1013. return $this->serializer->denormalize($value, $className, $format, $context);
  1014. }
  1016. /* From @see AbstractObjectNormalizer::validateAndDenormalize() */
  1017. // In XML and CSV all basic datatypes are represented as strings, it is e.g. not possible to determine,
  1018. // if a value is meant to be a string, float, int or a boolean value from the serialized representation.
  1019. // That's why we have to transform the values, if one of these non-string basic datatypes is expected.
  1020. if (\is_string($value) && (XmlEncoder::FORMAT === $format || CsvEncoder::FORMAT === $format)) {
  1021. if ('' === $value && $type->isNullable() && \in_array($type->getBuiltinType(), [Type::BUILTIN_TYPE_BOOL, Type::BUILTIN_TYPE_INT, Type::BUILTIN_TYPE_FLOAT], true)) {
  1022. return null;
  1023. }
  1025. switch ($type->getBuiltinType()) {
  1026. case Type::BUILTIN_TYPE_BOOL:
  1027. // according to https://www.w3.org/TR/xmlschema-2/#boolean, valid representations are "false", "true", "0" and "1"
  1028. if ('false' === $value || '0' === $value) {
  1029. $value = false;
  1030. } elseif ('true' === $value || '1' === $value) {
  1031. $value = true;
  1032. } else {
  1033. throw new NotNormalizableValueException(sprintf('The type of the "%s" attribute for class "%s" must be bool ("%s" given).', $attribute, $className, $value));
  1034. }
  1035. break;
  1036. case Type::BUILTIN_TYPE_INT:
  1037. if (ctype_digit($value) || ('-' === $value[0] && ctype_digit(substr($value, 1)))) {
  1038. $value = (int) $value;
  1039. } else {
  1040. throw new NotNormalizableValueException(sprintf('The type of the "%s" attribute for class "%s" must be int ("%s" given).', $attribute, $className, $value));
  1041. }
  1042. break;
  1043. case Type::BUILTIN_TYPE_FLOAT:
  1044. if (is_numeric($value)) {
  1045. return (float) $value;
  1046. }
  1048. switch ($value) {
  1049. case 'NaN':
  1050. return \NAN;
  1051. case 'INF':
  1052. return \INF;
  1053. case '-INF':
  1054. return -\INF;
  1055. default:
  1056. throw new NotNormalizableValueException(sprintf('The type of the "%s" attribute for class "%s" must be float ("%s" given).', $attribute, $className, $value));
  1057. }
  1058. }
  1059. }
  1061. if ($context[static::DISABLE_TYPE_ENFORCEMENT] ?? false) {
  1062. return $value;
  1063. }
  1065. $this->validateType($attribute, $type, $value, $format);
  1067. return $value;
  1068. }
  1070. /**
  1071. * Sets a value of the object using the PropertyAccess component.
  1072. *
  1073. * @param object $object
  1074. * @param mixed $value
  1075. */
  1076. private function setValue($object, string $attributeName, $value)
  1077. {
  1078. try {
  1079. $this->propertyAccessor->setValue($object, $attributeName, $value);
  1080. } catch (NoSuchPropertyException $exception) {
  1081. // Properties not found are ignored
  1082. }
  1083. }
  1085. /**
  1086. * TODO: to remove in 3.0.
  1087. *
  1088. * @deprecated since 2.7
  1089. */
  1090. private function supportsPlainIdentifiers(): bool
  1091. {
  1092. return $this->allowPlainIdentifiers && null !== $this->itemDataProvider;
  1093. }
  1094. }
  1096. class_alias(AbstractItemNormalizer::class, \ApiPlatform\Core\Serializer\AbstractItemNormalizer::class);