Core: Different denormalization context for operations
I'm creating my API and building my user system (I don't use FosUser).
For registering, I have my endpoint POST /api/users with 2 parameters: email *_and *_plainPassword
Now I want the user to be able to edit his email. But the endpoint PUT /api/users/{id} is not valid because he have the same denormalization context than POST. I only want this endpoint to have one argument (email). And I don't want to replace the user, just to update it.
Any piste is welcomed !
polc
All 5 comments
With v2 you are able to have per-operation normalization / denormalization context.
But in your case, perhaps you could add a Symfony Validator constraint to check that plainPassword must be accompanied by the correct current password (assuming that's what you're trying to achieve).
teohhanhui
on 12 Apr 2016
Good idea, but then I will be unable to edit a user without knowing his password (it's a problem if I'm editing as an admin for example).
Do you think it's worth switching to v2 now ? it's for a little project not very important.
polc
on 12 Apr 2016
You could check roles (by injecting security.authorization_checker) if you create a custom validation constraint. There are many ways to skin the cat...
As for v2, I think it's almost there... I've been using it for a while now. It'll certainly be welcome if more people would experiment with it and hopefully contribute patches :smile:
teohhanhui
on 12 Apr 2016
There are many ways to skin the cat...
Well said!
FYI, we talked about voters and authorization in #395.
soyuka
on 12 Apr 2016
:+1: thanks guys, i will go for v2 :)
polc
on 12 Apr 2016
Related issues
dematerializer
路
3Comments
rockyweng
路
3Comments
silverbackdan
路
3Comments
CvekCoding
路
3Comments
breitsmiley
路
3Comments
Most helpful comment
:+1: thanks guys, i will go for v2 :)