From 031a7ea2b951d90d0157c6c5935b8ba85a14143b Mon Sep 17 00:00:00 2001 From: Alan Poulain Date: Fri, 25 Jun 2021 17:02:21 +0200 Subject: [PATCH] fix: add PATCH operation where it should be --- core/controllers.md | 2 +- core/dto.md | 4 +++- core/events.md | 8 ++++---- core/operations.md | 2 +- core/security.md | 2 +- core/serialization.md | 4 ++-- 6 files changed, 12 insertions(+), 10 deletions(-) diff --git a/core/controllers.md b/core/controllers.md index 076d3e0fdd2..7e0a2e23018 100644 --- a/core/controllers.md +++ b/core/controllers.md @@ -66,7 +66,7 @@ This action will be automatically registered as a service (the service name is t `App\Controller\CreateBookPublication`). API Platform automatically retrieves the appropriate PHP entity using the data provider then deserializes user data in it, -and for `POST` and `PUT` requests updates the entity with data provided by the user. +and for `POST`, `PUT` and `PATCH` requests updates the entity with data provided by the user. **Warning: when using `POST` or `PUT`, the `__invoke()` method parameter [MUST be called `$data`](https://symfony.com/doc/current/components/http_kernel.html#getting-the-controller-arguments)**, otherwise, it will not be filled correctly! When using `GET`, the `__invoke()` method parameter should be called the same as the entity identifier. So for the path `/user/{uuid}/bookmarks`, you must use `__invoke($uuid)`. diff --git a/core/dto.md b/core/dto.md index 18b4502efe0..8491f834f89 100644 --- a/core/dto.md +++ b/core/dto.md @@ -203,7 +203,9 @@ services: ## Updating a Resource with a Custom Input -When performing an update (e.g. `PUT` operation), the resource to be updated is read by ApiPlatform before the deserialization phase. To do so, it uses a [data provider](data-providers.md) with the `:id` parameter given in the URL. The *body* of the request is the JSON object sent by the client, it is deserialized and is used to update the previously found resource. +When performing an update (e.g. `PUT` operation), the resource to be updated is read by API Platform before the deserialization phase. +To do so, it uses a [data provider](data-providers.md) with the `:id` parameter given in the URL. +The *body* of the request is the JSON object sent by the client, it is deserialized and is used to update the previously found resource. ![Diagram put input output](images/diagrams/api-platform-put-i-o.svg) diff --git a/core/events.md b/core/events.md index b7f80f9728c..ada25cad63b 100644 --- a/core/events.md +++ b/core/events.md @@ -25,11 +25,11 @@ These built-in event listeners are registered for routes managed by API Platform Name | Event | [Pre & Post hooks](#custom-event-listeners) | Priority | Description ------------------------------|--------------------|---------------------------------------------|----------|------------- `AddFormatListener` | `kernel.request` | None | 7 | Guesses the best response format ([content negotiation](content-negotiation.md)) -`ReadListener` | `kernel.request` | `PRE_READ`, `POST_READ` | 4 | Retrieves data from the persistence system using the [data providers](data-providers.md) (`GET`, `PUT`, `DELETE`) -`DeserializeListener` | `kernel.request` | `PRE_DESERIALIZE`, `POST_DESERIALIZE` | 2 | Deserializes data into a PHP entity (`GET`, `POST`, `DELETE`); updates the entity retrieved using the data provider (`PUT`) +`ReadListener` | `kernel.request` | `PRE_READ`, `POST_READ` | 4 | Retrieves data from the persistence system using the [data providers](data-providers.md) (`GET`, `PUT`, `PATCH`, `DELETE`) +`DeserializeListener` | `kernel.request` | `PRE_DESERIALIZE`, `POST_DESERIALIZE` | 2 | Deserializes data into a PHP entity (`GET`, `POST`, `DELETE`); updates the entity retrieved using the data provider (`PUT`, `PATCH`) `DenyAccessListener` | `kernel.request` | None | 1 | Enforces [access control](security.md) using Security expressions -`ValidateListener` | `kernel.view` | `PRE_VALIDATE`, `POST_VALIDATE` | 64 | [Validates data](validation.md) (`POST`, `PUT`) -`WriteListener` | `kernel.view` | `PRE_WRITE`, `POST_WRITE` | 32 | Persists changes in the persistence system using the [data persisters](data-persisters.md) (`POST`, `PUT`, `DELETE`) +`ValidateListener` | `kernel.view` | `PRE_VALIDATE`, `POST_VALIDATE` | 64 | [Validates data](validation.md) (`POST`, `PUT`, `PATCH`) +`WriteListener` | `kernel.view` | `PRE_WRITE`, `POST_WRITE` | 32 | Persists changes in the persistence system using the [data persisters](data-persisters.md) (`POST`, `PUT`, `PATCH`, `DELETE`) `SerializeListener` | `kernel.view` | `PRE_SERIALIZE`, `POST_SERIALIZE` | 16 | Serializes the PHP entity in string [according to the request format](content-negotiation.md) `RespondListener` | `kernel.view` | `PRE_RESPOND`, `POST_RESPOND` | 8 | Transforms serialized to a `Symfony\Component\HttpFoundation\Response` instance `AddLinkHeaderListener` | `kernel.response` | None | 0 | Adds a `Link` HTTP header pointing to the Hydra documentation diff --git a/core/operations.md b/core/operations.md index 9287f530b90..d88bb662106 100644 --- a/core/operations.md +++ b/core/operations.md @@ -598,7 +598,7 @@ class Weather // ... ``` -This will expose the `Weather` model, but also all the default CRUD routes: `GET`, `PUT`, `DELETE` and `POST`, which is a non-sense in our context. +This will expose the `Weather` model, but also all the default CRUD routes: `GET`, `PUT`, `PATCH`, `DELETE` and `POST`, which is a non-sense in our context. Since we are required to expose at least one route, let's expose just one: ```php diff --git a/core/security.md b/core/security.md index 3e95e7f2597..72a73153aaa 100644 --- a/core/security.md +++ b/core/security.md @@ -121,7 +121,7 @@ Available variables are: * `request`: the current request Access control checks in the `security` attribute are always executed before the [denormalization step](serialization.md). -It means than for `PUT` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md). +It means than for `PUT` or `PATCH` requests, `object` doesn't contain the value submitted by the user, but values currently stored in [the persistence layer](data-persisters.md). ## Executing Access Control Rules After Denormalization diff --git a/core/serialization.md b/core/serialization.md index 1ac98b195f6..716e34deb5e 100644 --- a/core/serialization.md +++ b/core/serialization.md @@ -139,7 +139,7 @@ Alternatively, you can use the more verbose syntax: ``` In the previous example, the `name` property will be visible when reading (`GET`) the object, and it will also be available -to write (`PUT/POST`). The `author` property will be write-only; it will not be visible when serialized responses are +to write (`PUT` / `PATCH` / `POST`). The `author` property will be write-only; it will not be visible when serialized responses are returned by the API. Internally, API Platform passes the value of the `normalization_context` as the 3rd argument of [the `Serializer::serialize()` method](https://api.symfony.com/master/Symfony/Component/Serializer/SerializerInterface.html#method_serialize) during the normalization @@ -352,7 +352,7 @@ Instead of embedding relations in the main HTTP response, you may want [to "push ### Denormalization -It is also possible to embed a relation in `PUT` and `POST` requests. To enable that feature, set the serialization groups +It is also possible to embed a relation in `PUT`, `PATCH` and `POST` requests. To enable that feature, set the serialization groups the same way as normalization. For example: [codeSelector]