/api/users
| Method | Description |
|---|---|
| GET | Get all elements (paginated) |
| POST | Create a new element |
Restricting
<?php
use ApiPlatform\\Core\\Annotation\\ApiResource;
...
/**
* @ApiResource(
* **itemOperations={"get", "post"},**
* )
* @ORM\\Entity(repositoryClass=UserRepository::class)
*/
class User implements PasswordAuthenticatedUserInterface
...
/api/users/{id}
| Method | Description |
|---|---|
| GET | Gets an element |
| PUT | Replaces an element |
| PATCH | Modifies an element |
| DELETE | Deletes an element |
Restricting
<?php
use ApiPlatform\\Core\\Annotation\\ApiResource;
...
/**
* @ApiResource(
* itemOperations={"get", "post"},
*** collectionOperations={"get", "post", "put", "patch", "delete"},**
* )
* @ORM\\Entity(repositoryClass=UserRepository::class)
*/
class User implements PasswordAuthenticatedUserInterface
...
Only allow authenticated users
/**
*@ApiResource(
* itemOperations={
* **"get"={
* "access_control"="is_granted('IS_AUTHENTICATED_FULLY')"
* }**
* },
* collectionOperations={"post"},
* normalizationContext={
* "groups"={"read"}
* }
* )
*@ORM\\Entity(repositoryClass=UserRepository::class)
*@UniqueEntity("username")
*@UniqueEntity("email")
* @method stringgetUserIdentifier()
*/
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
Only allow user responsible for the resource
/**
*@ApiResource(
* itemOperations={
* "get",
*** "put"={
* "security"="is_granted('IS_AUTHENTICATED_FULLY') and object.getAuthor() == user"**
* }
* },
* collectionOperations={
* "get",
* "post"={
* "security"="is_granted('IS_AUTHENTICATED_FULLY')"
* }
* }
* )
*@ORM\\Entity(repositoryClass=BlogPostRepository::class)
*/
class BlogPost
{
...
/**
*@ORM\\ManyToOne(targetEntity="App\\Entity\\User")
*@ORM\\JoinColumn(nullable=false)
*/
private $author;