Api-platform: Can properties be restricted based on access control?

Created on 2 Aug 2018 · 3Comments · Source: api-platform/api-platform

I would like to know the most idiomatic way to approach restricting properties based on user role, or other access control. I haven't had luck in the docs or slack so far.

For example: On the User resource, I'd like the roles property to only be accessible to admin users.

The use case would be for building an app where admins can manage other user's roles. Users could also view limited details about each other (their profile), and I'd like to restrict their roles from being exposed here.

Is this possible? and if so, what's the most idiomatic approach?

question

Source

mikemilano

Most helpful comment

This should do it: https://api-platform.com/docs/core/serialization/#changing-the-serialization-context-dynamically

TLDR: use dynamic groups with a context based on access control to restrict properties

soyuka on 2 Aug 2018

❤1 👍1

All 3 comments

This should do it: https://api-platform.com/docs/core/serialization/#changing-the-serialization-context-dynamically

TLDR: use dynamic groups with a context based on access control to restrict properties

soyuka on 2 Aug 2018

❤1 👍1

Duplicate of #773

teohhanhui on 2 Aug 2018

That looks like it will do, thanks!

mikemilano on 2 Aug 2018

Was this page helpful?

0 / 5 - 0 ratings

Related issues

API Platform and Voters - $subject variable is null

vatri · 3Comments

Question : How to deal with external resources ? (Using URL as URI ?)

MLKiiwy · 4Comments

Disable cache invalidation via ENV variables

martijnhartlief · 3Comments

Problem with OpenApi api-platform 2.6

john-dufrene-dev · 3Comments

api_resource/resource.yaml - Symfony 4 Location

kswzr · 3Comments