Api-platform: Can properties be restricted based on access control?

Created on 2 Aug 2018  路  3Comments  路  Source: api-platform/api-platform

I would like to know the most idiomatic way to approach restricting properties based on user role, or other access control. I haven't had luck in the docs or slack so far.

For example: On the User resource, I'd like the roles property to only be accessible to admin users.

The use case would be for building an app where admins can manage other user's roles. Users could also view limited details about each other (their profile), and I'd like to restrict their roles from being exposed here.

Is this possible? and if so, what's the most idiomatic approach?

question
Source
picture mikemilano

Most helpful comment

This should do it: https://api-platform.com/docs/core/serialization/#changing-the-serialization-context-dynamically

TLDR: use dynamic groups with a context based on access control to restrict properties

picture soyuka on 2 Aug 2018
1 👍1

All 3 comments

This should do it: https://api-platform.com/docs/core/serialization/#changing-the-serialization-context-dynamically

TLDR: use dynamic groups with a context based on access control to restrict properties

soyuka picture soyuka on 2 Aug 2018
1 👍1

Duplicate of #773

teohhanhui picture teohhanhui on 2 Aug 2018

That looks like it will do, thanks!

mikemilano picture mikemilano on 2 Aug 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PierreNAPOLETANO picture PierreNAPOLETANO  路  3Comments
john-dufrene-dev picture john-dufrene-dev  路  3Comments
bastoune picture bastoune  路  3Comments
achref-riahi picture achref-riahi  路  3Comments
irmantas picture irmantas  路  4Comments