feat: integrate security for the class and property (#138)

giorgioma · web-flow · commit 2c372193d58d · 2021-11-20T15:21:54.000+01:00
diff --git a/src/AttributeGenerator/ApiPlatformCoreAttributeGenerator.php b/src/AttributeGenerator/ApiPlatformCoreAttributeGenerator.php
@@ -44,6 +44,9 @@ public function generateClassAttributes(Class_ $class): array
             $arguments['shortName'] = $localName;
         }
         $arguments['iri'] = $class->resourceUri();
+        if ($class->security) {
+            $arguments['security'] = $class->security;
+        }
 
         if ([] !== $class->operations()) {
             $operations = $this->validateClassOperations($class->operations());
@@ -106,7 +109,13 @@ function (Options $options, $value) {
      */
     public function generatePropertyAttributes(Property $property, string $className): array
     {
-        return $property->isCustom ? [] : [['ApiProperty' => ['iri' => $property->resourceUri()]]];
+        $arguments['iri'] = $property->resourceUri();
+
+        if ($property->security) {
+            $arguments['security'] = $property->security;
+        }
+
+        return $property->isCustom ? [] : [['ApiProperty' => $arguments]];
     }
 
     /**
diff --git a/src/Model/Class_.php b/src/Model/Class_.php
@@ -42,6 +42,7 @@ final class Class_
     /** @var bool|string|null */
     private $parent;
     private RdfResource $resource;
+    public ?string $security = null;
 
     private const SCHEMA_ORG_ENUMERATION = 'https://schema.org/Enumeration';
 
diff --git a/src/Model/Property.php b/src/Model/Property.php
@@ -42,6 +42,7 @@ final class Property
     public bool $isEnum = false;
     public ?string $adderRemoverTypeHint = null;
     public array $groups = [];
+    public ?string $security = null;
     /** @var array<string, array>[] */
     private array $attributes = [];
     private array $annotations = [];
diff --git a/src/PropertyGenerator/PropertyGenerator.php b/src/PropertyGenerator/PropertyGenerator.php
@@ -145,6 +145,7 @@ public function __invoke(array $config, Class_ $class, RdfResource $type, array
         $schemaGeneratorProperty->mappedBy = $propertyConfig['mappedBy'] ?? null;
         $schemaGeneratorProperty->inversedBy = $propertyConfig['inversedBy'] ?? null;
         $schemaGeneratorProperty->groups = $propertyConfig['groups'] ?? [];
+        $schemaGeneratorProperty->security = $propertyConfig['security'] ?? null;
         $schemaGeneratorProperty->isId = false;
         $class->addProperty($schemaGeneratorProperty);
 
diff --git a/src/TypesGenerator.php b/src/TypesGenerator.php
@@ -143,6 +143,7 @@ public function generate(array $config): void
             $typeConfig = $config['types'][$typeName] ?? null;
             $parent = $typeConfig['parent'] ?? null;
             $class = new Class_($typeName, $type, $parent);
+            $class->security = $typeConfig['security'] ?? null;
 
             if ($class->isEnum()) {
                 $class = (new EnumClassMutator(
diff --git a/src/TypesGeneratorConfiguration.php b/src/TypesGeneratorConfiguration.php
@@ -169,6 +169,7 @@ static function ($rdf) {
                             ->end()
                             ->scalarNode('parent')->defaultFalse()->info('The parent class, set to false for a top level class')->end()
                             ->scalarNode('guessFrom')->defaultValue('Thing')->info('If declaring a custom class, this will be the class from which properties type will be guessed')->end()
+                            ->scalarNode('security')->defaultNull()->info('Security directive for the class')->end()
                             ->booleanNode('allProperties')->defaultFalse()->info('Import all existing properties')->end()
                             ->arrayNode('properties')
                                 ->info('Properties of this type to use')
@@ -194,6 +195,7 @@ static function ($rdf) {
                                             ->example('{type: "decimal", precision: 5, scale: 1, options: {comment: "my comment"}}')
                                             ->prototype('variable')->end()
                                         ->end()
+                                        ->scalarNode('security')->defaultNull()->info('Security directive for the property')->end()
                                         ->arrayNode('groups')
                                             ->info('Symfony Serialization Groups')
                                             ->prototype('scalar')->end()
diff --git a/tests/AttributeGenerator/ApiPlatformCoreAttributeGeneratorTest.php b/tests/AttributeGenerator/ApiPlatformCoreAttributeGeneratorTest.php
@@ -68,14 +68,30 @@ public function provideGenerateClassAttributesCases(): \Generator
         yield 'abstract' => [(new Class_('Abstract', new Resource('https://schema.org/Abstract')))->setIsAbstract(true), []];
 
         yield 'with short name' => [(new Class_('WithShortName', new Resource('https://schema.org/DifferentLocalName'))), [['ApiResource' => ['shortName' => 'DifferentLocalName', 'iri' => 'https://schema.org/DifferentLocalName']]]];
+
+        $class = new Class_('WithSecurity', new Resource('https://schema.org/WithSecurity'));
+        $class->security = "is_granted('ROLE_USER')";
+        yield 'with security' => [$class, [['ApiResource' => ['iri' => 'https://schema.org/WithSecurity', 'security' => "is_granted('ROLE_USER')"]]]];
+    }
+
+    /**
+     * @dataProvider provideGeneratePropertyAttributesCases
+     */
+    public function testGeneratePropertyAttributes(Property $property, array $attributes): void
+    {
+        $this->assertSame($attributes, $this->generator->generatePropertyAttributes($property, 'Res'));
     }
 
-    public function testGeneratePropertyAttributes(): void
+    public function provideGeneratePropertyAttributesCases(): \Generator
     {
         $property = new Property('prop');
         $property->resource = new Resource('https://schema.org/prop');
+        yield 'classical' => [$property, [['ApiProperty' => ['iri' => 'https://schema.org/prop']]]];
 
-        $this->assertSame([['ApiProperty' => ['iri' => 'https://schema.org/prop']]], $this->generator->generatePropertyAttributes($property, 'Res'));
+        $property = new Property('WithSecurity');
+        $property->resource = new Resource('https://schema.org/WithSecurity');
+        $property->security = "is_granted('ROLE_ADMIN')";
+        yield 'with security' => [$property, [['ApiProperty' => ['iri' => 'https://schema.org/WithSecurity', 'security' => "is_granted('ROLE_ADMIN')"]]]];
     }
 
     public function testGenerateCustomPropertyAttributes(): void
diff --git a/tests/Command/DumpConfigurationTest.php b/tests/Command/DumpConfigurationTest.php
@@ -166,6 +166,9 @@ interface:            null
             # If declaring a custom class, this will be the class from which properties type will be guessed
             guessFrom:            Thing
 
+            # Security directive for the class
+            security:             null
+
             # Import all existing properties
             allProperties:        false
 
@@ -188,6 +191,9 @@ interface:            null
                     # The doctrine column attribute content
                     ormColumn:            [] # Example: '{type: "decimal", precision: 5, scale: 1, options: {comment: "my comment"}}'
 
+                    # Security directive for the property
+                    security:             null
+
                     # Symfony Serialization Groups
                     groups:               []
 
diff --git a/tests/e2e/schema.yml b/tests/e2e/schema.yml
@@ -7,14 +7,15 @@ types:
         properties:
             name: ~
     Person:
+        security: "is_granted('ROLE_USER')"
         properties:
             familyName: ~
             givenName: ~
             additionalName: { groups: ['extra'] }
             address: { range: https://schema.org/PostalAddress }
             birthDate: ~
             telephone: ~
-            email: { unique: true }
+            email: { unique: true, security: "is_granted('ROLE_ADMIN')" }
             url: ~
             customColumn: { ormColumn: {type: "decimal", precision: 5, scale: 1, options: {comment: "my comment"}} }
     PostalAddress:
diff --git a/tests/e2e/src/App/Entity/Person.php b/tests/e2e/src/App/Entity/Person.php
@@ -17,7 +17,7 @@
  * @see https://schema.org/Person
  */
 #[ORM\Entity]
-#[ApiResource(iri: 'https://schema.org/Person')]
+#[ApiResource(iri: 'https://schema.org/Person', security: 'is_granted(\'ROLE_USER\')')]
 #[UniqueEntity('email')]
 class Person
 {
@@ -88,7 +88,7 @@ class Person
      * @see https://schema.org/email
      */
     #[ORM\Column(type: 'text', nullable: true, unique: true)]
-    #[ApiProperty(iri: 'https://schema.org/email')]
+    #[ApiProperty(iri: 'https://schema.org/email', security: 'is_granted(\'ROLE_ADMIN\')')]
     #[Assert\Email]
     private ?string $email = null;
 
