<?php declare(strict_types=1);
namespace Shopware\Core\Framework\Api\Controller;
use Shopware\Core\Defaults;
use Shopware\Core\Framework\Api\Acl\AclCriteriaValidator;
use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
use Shopware\Core\Framework\Api\Converter\ApiVersionConverter;
use Shopware\Core\Framework\Api\Converter\Exceptions\ApiConversionException;
use Shopware\Core\Framework\Api\Exception\InvalidVersionNameException;
use Shopware\Core\Framework\Api\Exception\LiveVersionDeleteException;
use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
use Shopware\Core\Framework\Api\Exception\NoEntityClonedException;
use Shopware\Core\Framework\Api\Exception\ResourceNotFoundException;
use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
use Shopware\Core\Framework\Context;
use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
use Shopware\Core\Framework\DataAbstractionLayer\Entity;
use Shopware\Core\Framework\DataAbstractionLayer\EntityCollection;
use Shopware\Core\Framework\DataAbstractionLayer\EntityDefinition;
use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\EntityProtectionValidator;
use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\ReadProtection;
use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\WriteProtection;
use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
use Shopware\Core\Framework\DataAbstractionLayer\Exception\DefinitionNotFoundException;
use Shopware\Core\Framework\DataAbstractionLayer\Exception\MissingReverseAssociation;
use Shopware\Core\Framework\DataAbstractionLayer\Field\AssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\Field\Field;
use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToManyAssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToOneAssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToManyAssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToOneAssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\Field\TranslationsAssociationField;
use Shopware\Core\Framework\DataAbstractionLayer\FieldCollection;
use Shopware\Core\Framework\DataAbstractionLayer\MappingEntityDefinition;
use Shopware\Core\Framework\DataAbstractionLayer\Search\CompositeEntitySearcher;
use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
use Shopware\Core\Framework\DataAbstractionLayer\Search\EntitySearchResult;
use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
use Shopware\Core\Framework\DataAbstractionLayer\Search\IdSearchResult;
use Shopware\Core\Framework\DataAbstractionLayer\Search\RequestCriteriaBuilder;
use Shopware\Core\Framework\DataAbstractionLayer\Write\CloneBehavior;
use Shopware\Core\Framework\Feature;
use Shopware\Core\Framework\Log\Package;
use Shopware\Core\Framework\Routing\Annotation\RouteScope;
use Shopware\Core\Framework\Routing\Annotation\Since;
use Shopware\Core\Framework\Routing\Exception\MissingRequestParameterException;
use Shopware\Core\Framework\Uuid\Exception\InvalidUuidException;
use Shopware\Core\Framework\Uuid\Uuid;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Serializer\Exception\InvalidArgumentException;
use Symfony\Component\Serializer\Exception\UnexpectedValueException;
use Symfony\Component\Serializer\Serializer;
/**
* @Route(defaults={"_routeScope"={"api"}})
*/
#[Package('core')]
class ApiController extends AbstractController
{
public const WRITE_UPDATE = 'update';
public const WRITE_CREATE = 'create';
public const WRITE_DELETE = 'delete';
/**
* @var DefinitionInstanceRegistry
*/
private $definitionRegistry;
/**
* @var Serializer
*/
private $serializer;
/**
* @var RequestCriteriaBuilder
*/
private $criteriaBuilder;
/**
* @var CompositeEntitySearcher
*/
private $compositeEntitySearcher;
/**
* @var ApiVersionConverter
*/
private $apiVersionConverter;
/**
* @var EntityProtectionValidator
*/
private $entityProtectionValidator;
/**
* @var AclCriteriaValidator
*/
private $criteriaValidator;
/**
* @internal
*/
public function __construct(
DefinitionInstanceRegistry $definitionRegistry,
Serializer $serializer,
RequestCriteriaBuilder $criteriaBuilder,
CompositeEntitySearcher $compositeEntitySearcher,
ApiVersionConverter $apiVersionConverter,
EntityProtectionValidator $entityProtectionValidator,
AclCriteriaValidator $criteriaValidator
) {
$this->definitionRegistry = $definitionRegistry;
$this->serializer = $serializer;
$this->criteriaBuilder = $criteriaBuilder;
$this->compositeEntitySearcher = $compositeEntitySearcher;
$this->apiVersionConverter = $apiVersionConverter;
$this->entityProtectionValidator = $entityProtectionValidator;
$this->criteriaValidator = $criteriaValidator;
}
/**
* @Since("6.0.0.0")
* @Route("/api/_search", name="api.composite.search", methods={"GET","POST"})
*
* @deprecated tag:v6.5.0 - Will be removed in the next major
*/
public function compositeSearch(Request $request, Context $context): JsonResponse
{
Feature::triggerDeprecationOrThrow(
'v6.5.0.0',
Feature::deprecatedMethodMessage(__CLASS__, __METHOD__, 'v6.5.0.0', 'Shopware\Administration\Controller\AdminSearchController::search()')
);
$term = (string) $request->query->get('term');
if ($term === '') {
throw new MissingRequestParameterException('term');
}
$limit = $request->query->getInt('limit', 5);
$results = $this->compositeEntitySearcher->search($term, $limit, $context);
foreach ($results as &$result) {
$definition = $this->definitionRegistry->getByEntityName($result['entity']);
/** @var EntityCollection<Entity> $entityCollection */
$entityCollection = $result['entities'];
$entities = [];
foreach ($entityCollection->getElements() as $key => $entity) {
$entities[$key] = $this->apiVersionConverter->convertEntity($definition, $entity);
}
$result['entities'] = $entities;
}
return new JsonResponse(['data' => $results]);
}
/**
* @Since("6.0.0.0")
* @Route("/api/_action/clone/{entity}/{id}", name="api.clone", methods={"POST"}, requirements={
* "version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
* })
*/
public function clone(Context $context, string $entity, string $id, Request $request): JsonResponse
{
$behavior = new CloneBehavior(
$request->request->all('overwrites'),
$request->request->getBoolean('cloneChildren', true)
);
$entity = $this->urlToSnakeCase($entity);
$definition = $this->definitionRegistry->getByEntityName($entity);
$missing = $this->validateAclPermissions($context, $definition, AclRoleDefinition::PRIVILEGE_CREATE);
if ($missing) {
throw new MissingPrivilegeException([$missing]);
}
$eventContainer = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($definition, $id, $behavior): EntityWrittenContainerEvent {
/** @var EntityRepository $entityRepo */
$entityRepo = $this->definitionRegistry->getRepository($definition->getEntityName());
return $entityRepo->clone($id, $context, null, $behavior);
});
$event = $eventContainer->getEventByEntityName($definition->getEntityName());
if (!$event) {
throw new NoEntityClonedException($entity, $id);
}
$ids = $event->getIds();
$newId = array_shift($ids);
return new JsonResponse(['id' => $newId]);
}
/**
* @Since("6.0.0.0")
* @Route("/api/_action/version/{entity}/{id}", name="api.createVersion", methods={"POST"},
* requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
* })
*/
public function createVersion(Request $request, Context $context, string $entity, string $id): Response
{
$entity = $this->urlToSnakeCase($entity);
$versionId = $request->request->has('versionId') ? (string) $request->request->get('versionId') : null;
$versionName = $request->request->has('versionName') ? (string) $request->request->get('versionName') : null;
if ($versionId !== null && !Uuid::isValid($versionId)) {
throw new InvalidUuidException($versionId);
}
if ($versionName !== null && !ctype_alnum($versionName)) {
throw new InvalidVersionNameException();
}
try {
$entityDefinition = $this->definitionRegistry->getByEntityName($entity);
} catch (DefinitionNotFoundException $e) {
throw new NotFoundHttpException($e->getMessage(), $e);
}
$versionId = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entityDefinition, $id, $versionName, $versionId): string {
return $this->definitionRegistry->getRepository($entityDefinition->getEntityName())->createVersion($id, $context, $versionName, $versionId);
});
return new JsonResponse([
'versionId' => $versionId,
'versionName' => $versionName,
'id' => $id,
'entity' => $entity,
]);
}
/**
* @Since("6.0.0.0")
* @Route("/api/_action/version/merge/{entity}/{versionId}", name="api.mergeVersion", methods={"POST"},
* requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "versionId"="[0-9a-f]{32}"
* })
*/
public function mergeVersion(Context $context, string $entity, string $versionId): JsonResponse
{
$entity = $this->urlToSnakeCase($entity);
if (!Uuid::isValid($versionId)) {
throw new InvalidUuidException($versionId);
}
$entityDefinition = $this->getEntityDefinition($entity);
$repository = $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
// change scope to be able to update write protected fields
$context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($repository, $versionId): void {
$repository->merge($versionId, $context);
});
return new JsonResponse(null, Response::HTTP_NO_CONTENT);
}
/**
* @Since("6.0.0.0")
* @Route("/api/_action/version/{versionId}/{entity}/{entityId}", name="api.deleteVersion", methods={"POST"},
* requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
* })
*/
public function deleteVersion(Context $context, string $entity, string $entityId, string $versionId): JsonResponse
{
if ($versionId !== null && !Uuid::isValid($versionId)) {
throw new InvalidUuidException($versionId);
}
if ($versionId === Defaults::LIVE_VERSION) {
throw new LiveVersionDeleteException();
}
if ($entityId !== null && !Uuid::isValid($entityId)) {
throw new InvalidUuidException($entityId);
}
try {
$entityDefinition = $this->definitionRegistry->getByEntityName($this->urlToSnakeCase($entity));
} catch (DefinitionNotFoundException $e) {
throw new NotFoundHttpException($e->getMessage(), $e);
}
$versionContext = $context->createWithVersionId($versionId);
$entityRepository = $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
$versionContext->scope(Context::CRUD_API_SCOPE, function (Context $versionContext) use ($entityId, $entityRepository): void {
$entityRepository->delete([['id' => $entityId]], $versionContext);
});
$versionRepository = $this->definitionRegistry->getRepository('version');
$versionRepository->delete([['id' => $versionId]], $context);
return new JsonResponse();
}
public function detail(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
$pathSegments = $this->buildEntityPath($entityName, $path, $context);
$permissions = $this->validatePathSegments($context, $pathSegments, AclRoleDefinition::PRIVILEGE_READ);
$root = $pathSegments[0]['entity'];
$id = $pathSegments[\count($pathSegments) - 1]['value'];
$definition = $this->definitionRegistry->getByEntityName($root);
$associations = array_column($pathSegments, 'entity');
array_shift($associations);
if (empty($associations)) {
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
} else {
$field = $this->getAssociation($definition->getFields(), $associations);
$definition = $field->getReferenceDefinition();
if ($field instanceof ManyToManyAssociationField) {
$definition = $field->getToManyReferenceDefinition();
}
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
}
$criteria = new Criteria();
$criteria = $this->criteriaBuilder->handleRequest($request, $criteria, $definition, $context);
$criteria->setIds([$id]);
// trigger acl validation
$missing = $this->criteriaValidator->validate($definition->getEntityName(), $criteria, $context);
$permissions = array_unique(array_filter(array_merge($permissions, $missing)));
if (!empty($permissions)) {
throw new MissingPrivilegeException($permissions);
}
$entity = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository, $criteria, $id): ?Entity {
return $repository->search($criteria, $context)->get($id);
});
if ($entity === null) {
throw new ResourceNotFoundException($definition->getEntityName(), ['id' => $id]);
}
return $responseFactory->createDetailResponse($criteria, $entity, $definition, $request, $context);
}
public function searchIds(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
[$criteria, $repository] = $this->resolveSearch($request, $context, $entityName, $path);
$result = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository, $criteria): IdSearchResult {
return $repository->searchIds($criteria, $context);
});
return new JsonResponse([
'total' => $result->getTotal(),
'data' => array_values($result->getIds()),
]);
}
public function search(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
[$criteria, $repository] = $this->resolveSearch($request, $context, $entityName, $path);
$result = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository, $criteria): EntitySearchResult {
return $repository->search($criteria, $context);
});
$definition = $this->getDefinitionOfPath($entityName, $path, $context);
return $responseFactory->createListingResponse($criteria, $result, $definition, $request, $context);
}
public function list(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
[$criteria, $repository] = $this->resolveSearch($request, $context, $entityName, $path);
$result = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository, $criteria): EntitySearchResult {
return $repository->search($criteria, $context);
});
$definition = $this->getDefinitionOfPath($entityName, $path, $context);
return $responseFactory->createListingResponse($criteria, $result, $definition, $request, $context);
}
public function create(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
return $this->write($request, $context, $responseFactory, $entityName, $path, self::WRITE_CREATE);
}
public function update(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
return $this->write($request, $context, $responseFactory, $entityName, $path, self::WRITE_UPDATE);
}
public function delete(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path): Response
{
$pathSegments = $this->buildEntityPath($entityName, $path, $context, [WriteProtection::class]);
$last = $pathSegments[\count($pathSegments) - 1];
$id = $last['value'];
$first = array_shift($pathSegments);
if (\count($pathSegments) === 0) {
//first api level call /product/{id}
$definition = $first['definition'];
$this->executeWriteOperation($definition, ['id' => $id], $context, self::WRITE_DELETE);
return $responseFactory->createRedirectResponse($definition, $id, $request, $context);
}
$child = array_pop($pathSegments);
$parent = $first;
if (!empty($pathSegments)) {
$parent = array_pop($pathSegments);
}
$definition = $child['definition'];
/** @var AssociationField $association */
$association = $child['field'];
// DELETE api/product/{id}/manufacturer/{id}
if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
$this->executeWriteOperation($definition, ['id' => $id], $context, self::WRITE_DELETE);
return $responseFactory->createRedirectResponse($definition, $id, $request, $context);
}
// DELETE api/product/{id}/category/{id}
if ($association instanceof ManyToManyAssociationField) {
$local = $definition->getFields()->getByStorageName(
$association->getMappingLocalColumn()
);
$reference = $definition->getFields()->getByStorageName(
$association->getMappingReferenceColumn()
);
$mapping = [
$local->getPropertyName() => $parent['value'],
$reference->getPropertyName() => $id,
];
/** @var EntityDefinition $parentDefinition */
$parentDefinition = $parent['definition'];
if ($parentDefinition->isVersionAware()) {
$versionField = $parentDefinition->getEntityName() . 'VersionId';
$mapping[$versionField] = $context->getVersionId();
}
if ($association->getToManyReferenceDefinition()->isVersionAware()) {
$versionField = $association->getToManyReferenceDefinition()->getEntityName() . 'VersionId';
$mapping[$versionField] = Defaults::LIVE_VERSION;
}
$this->executeWriteOperation($definition, $mapping, $context, self::WRITE_DELETE);
return $responseFactory->createRedirectResponse($definition, $id, $request, $context);
}
if ($association instanceof TranslationsAssociationField) {
/** @var EntityTranslationDefinition $refClass */
$refClass = $association->getReferenceDefinition();
$refPropName = $refClass->getFields()->getByStorageName($association->getReferenceField())->getPropertyName();
$refLanguagePropName = $refClass->getPrimaryKeys()->getByStorageName($association->getLanguageField())->getPropertyName();
$mapping = [
$refPropName => $parent['value'],
$refLanguagePropName => $id,
];
$this->executeWriteOperation($definition, $mapping, $context, self::WRITE_DELETE);
return $responseFactory->createRedirectResponse($definition, $id, $request, $context);
}
if ($association instanceof OneToManyAssociationField) {
$this->executeWriteOperation($definition, ['id' => $id], $context, self::WRITE_DELETE);
return $responseFactory->createRedirectResponse($definition, $id, $request, $context);
}
throw new \RuntimeException(sprintf('Unsupported association for field %s', $association->getPropertyName()));
}
private function resolveSearch(Request $request, Context $context, string $entityName, string $path): array
{
$pathSegments = $this->buildEntityPath($entityName, $path, $context);
$permissions = $this->validatePathSegments($context, $pathSegments, AclRoleDefinition::PRIVILEGE_READ);
$first = array_shift($pathSegments);
/** @var EntityDefinition|string $definition */
$definition = $first['definition'];
if (!$definition) {
throw new NotFoundHttpException('The requested entity does not exist.');
}
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
$criteria = new Criteria();
if (empty($pathSegments)) {
$criteria = $this->criteriaBuilder->handleRequest($request, $criteria, $definition, $context);
// trigger acl validation
$nested = $this->criteriaValidator->validate($definition->getEntityName(), $criteria, $context);
$permissions = array_unique(array_filter(array_merge($permissions, $nested)));
if (!empty($permissions)) {
throw new MissingPrivilegeException($permissions);
}
return [$criteria, $repository];
}
$child = array_pop($pathSegments);
$parent = $first;
if (!empty($pathSegments)) {
$parent = array_pop($pathSegments);
}
$association = $child['field'];
$parentDefinition = $parent['definition'];
$definition = $child['definition'];
if ($association instanceof ManyToManyAssociationField) {
$definition = $association->getToManyReferenceDefinition();
}
$criteria = $this->criteriaBuilder->handleRequest($request, $criteria, $definition, $context);
if ($association instanceof ManyToManyAssociationField) {
//fetch inverse association definition for filter
$reverse = $definition->getFields()->filter(
function (Field $field) use ($association) {
return $field instanceof ManyToManyAssociationField && $association->getMappingDefinition() === $field->getMappingDefinition();
}
);
//contains now the inverse side association: category.products
$reverse = $reverse->first();
if (!$reverse) {
throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
}
$criteria->addFilter(
new EqualsFilter(
sprintf('%s.%s.id', $definition->getEntityName(), $reverse->getPropertyName()),
$parent['value']
)
);
/** @var EntityDefinition $parentDefinition */
if ($parentDefinition->isVersionAware()) {
$criteria->addFilter(
new EqualsFilter(
sprintf('%s.%s.versionId', $definition->getEntityName(), $reverse->getPropertyName()),
$context->getVersionId()
)
);
}
} elseif ($association instanceof OneToManyAssociationField) {
/*
* Example
* Route: /api/product/SW1/prices
* $definition: \Shopware\Core\Content\Product\Definition\ProductPriceDefinition
*/
//get foreign key definition of reference
$foreignKey = $definition->getFields()->getByStorageName(
$association->getReferenceField()
);
$criteria->addFilter(
new EqualsFilter(
//add filter to parent value: prices.productId = SW1
$definition->getEntityName() . '.' . $foreignKey->getPropertyName(),
$parent['value']
)
);
} elseif ($association instanceof ManyToOneAssociationField) {
/*
* Example
* Route: /api/product/SW1/manufacturer
* $definition: \Shopware\Core\Content\Product\Aggregate\ProductManufacturer\ProductManufacturerDefinition
*/
//get inverse association to filter to parent value
$reverse = $definition->getFields()->filter(
function (Field $field) use ($parentDefinition) {
return $field instanceof AssociationField && $parentDefinition === $field->getReferenceDefinition();
}
);
$reverse = $reverse->first();
if (!$reverse) {
throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
}
$criteria->addFilter(
new EqualsFilter(
//filter inverse association to parent value: manufacturer.products.id = SW1
sprintf('%s.%s.id', $definition->getEntityName(), $reverse->getPropertyName()),
$parent['value']
)
);
} elseif ($association instanceof OneToOneAssociationField) {
/*
* Example
* Route: /api/order/xxxx/orderCustomer
* $definition: \Shopware\Core\Checkout\Order\Aggregate\OrderCustomer\OrderCustomerDefinition
*/
//get inverse association to filter to parent value
$reverse = $definition->getFields()->filter(
function (Field $field) use ($parentDefinition) {
return $field instanceof OneToOneAssociationField && $parentDefinition === $field->getReferenceDefinition();
}
);
$reverse = $reverse->first();
if (!$reverse) {
throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
}
$criteria->addFilter(
new EqualsFilter(
//filter inverse association to parent value: order_customer.order_id = xxxx
sprintf('%s.%s.id', $definition->getEntityName(), $reverse->getPropertyName()),
$parent['value']
)
);
}
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
$nested = $this->criteriaValidator->validate($definition->getEntityName(), $criteria, $context);
$permissions = array_unique(array_filter(array_merge($permissions, $nested)));
if (!empty($permissions)) {
throw new MissingPrivilegeException($permissions);
}
return [$criteria, $repository];
}
private function getDefinitionOfPath(string $entityName, string $path, Context $context): EntityDefinition
{
$pathSegments = $this->buildEntityPath($entityName, $path, $context);
$first = array_shift($pathSegments);
/** @var EntityDefinition|string $definition */
$definition = $first['definition'];
if (empty($pathSegments)) {
return $definition;
}
$child = array_pop($pathSegments);
$association = $child['field'];
if ($association instanceof ManyToManyAssociationField) {
/*
* Example:
* route: /api/product/SW1/categories
* $definition: \Shopware\Core\Content\Category\CategoryDefinition
*/
return $association->getToManyReferenceDefinition();
}
return $child['definition'];
}
private function write(Request $request, Context $context, ResponseFactoryInterface $responseFactory, string $entityName, string $path, string $type): Response
{
$payload = $this->getRequestBody($request);
$noContent = !$request->query->has('_response');
// safari bug prevents us from using the location header
$appendLocationHeader = false;
if ($this->isCollection($payload)) {
throw new BadRequestHttpException('Only single write operations are supported. Please send the entities one by one or use the /sync api endpoint.');
}
$pathSegments = $this->buildEntityPath($entityName, $path, $context, [WriteProtection::class]);
$last = $pathSegments[\count($pathSegments) - 1];
if ($type === self::WRITE_CREATE && !empty($last['value'])) {
$methods = ['GET', 'PATCH', 'DELETE'];
throw new MethodNotAllowedHttpException($methods, sprintf('No route found for "%s %s": Method Not Allowed (Allow: %s)', $request->getMethod(), $request->getPathInfo(), implode(', ', $methods)));
}
if ($type === self::WRITE_UPDATE && isset($last['value'])) {
$payload['id'] = $last['value'];
}
$first = array_shift($pathSegments);
if (\count($pathSegments) === 0) {
$definition = $first['definition'];
$events = $this->executeWriteOperation($definition, $payload, $context, $type);
$event = $events->getEventByEntityName($definition->getEntityName());
$eventIds = $event->getIds();
$entityId = array_pop($eventIds);
if ($definition instanceof MappingEntityDefinition) {
return new Response(null, Response::HTTP_NO_CONTENT);
}
if ($noContent) {
return $responseFactory->createRedirectResponse($definition, $entityId, $request, $context);
}
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
$criteria = new Criteria($event->getIds());
$entities = $repository->search($criteria, $context);
return $responseFactory->createDetailResponse($criteria, $entities->first(), $definition, $request, $context, $appendLocationHeader);
}
$child = array_pop($pathSegments);
$parent = $first;
if (!empty($pathSegments)) {
$parent = array_pop($pathSegments);
}
/** @var EntityDefinition $definition */
$definition = $child['definition'];
$association = $child['field'];
$parentDefinition = $parent['definition'];
if ($association instanceof OneToManyAssociationField) {
$foreignKey = $definition->getFields()
->getByStorageName($association->getReferenceField());
$payload[$foreignKey->getPropertyName()] = $parent['value'];
$events = $this->executeWriteOperation($definition, $payload, $context, $type);
if ($noContent) {
return $responseFactory->createRedirectResponse($definition, $parent['value'], $request, $context);
}
$event = $events->getEventByEntityName($definition->getEntityName());
$repository = $this->definitionRegistry->getRepository($definition->getEntityName());
$criteria = new Criteria($event->getIds());
$entities = $repository->search($criteria, $context);
return $responseFactory->createDetailResponse($criteria, $entities->first(), $definition, $request, $context, $appendLocationHeader);
}
if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
$events = $this->executeWriteOperation($definition, $payload, $context, $type);
$event = $events->getEventByEntityName($definition->getEntityName());
$entityIds = $event->getIds();
$entityId = array_pop($entityIds);
$foreignKey = $parentDefinition->getFields()->getByStorageName($association->getStorageName());
$payload = [
'id' => $parent['value'],
$foreignKey->getPropertyName() => $entityId,
];
$repository = $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
$repository->update([$payload], $context);
if ($noContent) {
return $responseFactory->createRedirectResponse($definition, $entityId, $request, $context);
}
$criteria = new Criteria($event->getIds());
$entities = $repository->search($criteria, $context);
return $responseFactory->createDetailResponse($criteria, $entities->first(), $definition, $request, $context, $appendLocationHeader);
}
/** @var ManyToManyAssociationField $manyToManyAssociation */
$manyToManyAssociation = $association;
/** @var EntityDefinition|string $reference */
$reference = $manyToManyAssociation->getToManyReferenceDefinition();
// check if we need to create the entity first
if (\count($payload) > 1 || !\array_key_exists('id', $payload)) {
$events = $this->executeWriteOperation($reference, $payload, $context, $type);
$event = $events->getEventByEntityName($reference->getEntityName());
$ids = $event->getIds();
$id = array_shift($ids);
} else {
// only id provided - add assignment
$id = $payload['id'];
}
$payload = [
'id' => $parent['value'],
$manyToManyAssociation->getPropertyName() => [
['id' => $id],
],
];
$repository = $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
$repository->update([$payload], $context);
$repository = $this->definitionRegistry->getRepository($reference->getEntityName());
$criteria = new Criteria([$id]);
$entities = $repository->search($criteria, $context);
$entity = $entities->first();
if ($noContent) {
return $responseFactory->createRedirectResponse($reference, $entity->getId(), $request, $context);
}
return $responseFactory->createDetailResponse($criteria, $entity, $definition, $request, $context, $appendLocationHeader);
}
private function executeWriteOperation(
EntityDefinition $entity,
array $payload,
Context $context,
string $type
): EntityWrittenContainerEvent {
$repository = $this->definitionRegistry->getRepository($entity->getEntityName());
$conversionException = new ApiConversionException();
$payload = $this->apiVersionConverter->convertPayload($entity, $payload, $conversionException);
$conversionException->tryToThrow();
$event = $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository, $payload, $entity, $type): ?EntityWrittenContainerEvent {
if ($type === self::WRITE_CREATE) {
return $repository->create([$payload], $context);
}
if ($type === self::WRITE_UPDATE) {
return $repository->update([$payload], $context);
}
if ($type === self::WRITE_DELETE) {
$event = $repository->delete([$payload], $context);
if (!empty($event->getErrors())) {
throw new ResourceNotFoundException($entity->getEntityName(), $payload);
}
return $event;
}
return null;
});
if (!$event) {
throw new \RuntimeException('Unsupported write operation.');
}
return $event;
}
private function getAssociation(FieldCollection $fields, array $keys): AssociationField
{
$key = array_shift($keys);
/** @var AssociationField $field */
$field = $fields->get($key);
if (empty($keys)) {
return $field;
}
$reference = $field->getReferenceDefinition();
$nested = $reference->getFields();
return $this->getAssociation($nested, $keys);
}
private function buildEntityPath(
string $entityName,
string $pathInfo,
Context $context,
array $protections = [ReadProtection::class]
): array {
$pathInfo = str_replace('/extensions/', '/', $pathInfo);
$exploded = explode('/', $entityName . '/' . ltrim($pathInfo, '/'));
$parts = [];
foreach ($exploded as $index => $part) {
if ($index % 2) {
continue;
}
if (empty($part)) {
continue;
}
$value = $exploded[$index + 1] ?? null;
if (empty($parts)) {
$part = $this->urlToSnakeCase($part);
} else {
$part = $this->urlToCamelCase($part);
}
$parts[] = [
'entity' => $part,
'value' => $value,
];
}
/** @var array{'entity': string, 'value': string|null} $first */
$first = array_shift($parts);
try {
$root = $this->definitionRegistry->getByEntityName($first['entity']);
} catch (DefinitionNotFoundException $e) {
throw new NotFoundHttpException($e->getMessage(), $e);
}
$entities = [
[
'entity' => $first['entity'],
'value' => $first['value'],
'definition' => $root,
'field' => null,
],
];
foreach ($parts as $part) {
/** @var AssociationField|null $field */
$field = $root->getFields()->get($part['entity']);
if (!$field) {
$path = implode('.', array_column($entities, 'entity')) . '.' . $part['entity'];
throw new NotFoundHttpException(sprintf('Resource at path "%s" is not an existing relation.', $path));
}
if ($field instanceof ManyToManyAssociationField) {
$root = $field->getToManyReferenceDefinition();
} else {
$root = $field->getReferenceDefinition();
}
$entities[] = [
'entity' => $part['entity'],
'value' => $part['value'],
'definition' => $field->getReferenceDefinition(),
'field' => $field,
];
}
$context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entities, $protections): void {
$this->entityProtectionValidator->validateEntityPath($entities, $protections, $context);
});
return $entities;
}
private function urlToSnakeCase(string $name): string
{
return str_replace('-', '_', $name);
}
private function urlToCamelCase(string $name): string
{
$parts = explode('-', $name);
$parts = array_map('ucfirst', $parts);
return lcfirst(implode('', $parts));
}
/**
* Return a nested array structure of based on the content-type
*/
private function getRequestBody(Request $request): array
{
$contentType = $request->headers->get('CONTENT_TYPE', '');
$semicolonPosition = mb_strpos($contentType, ';');
if ($semicolonPosition !== false) {
$contentType = mb_substr($contentType, 0, $semicolonPosition);
}
try {
switch ($contentType) {
case 'application/vnd.api+json':
return $this->serializer->decode($request->getContent(), 'jsonapi');
case 'application/json':
return $request->request->all();
}
} catch (InvalidArgumentException | UnexpectedValueException $exception) {
throw new BadRequestHttpException($exception->getMessage());
}
throw new UnsupportedMediaTypeHttpException(sprintf('The Content-Type "%s" is unsupported.', $contentType));
}
private function isCollection(array $array): bool
{
return array_keys($array) === range(0, \count($array) - 1);
}
private function getEntityDefinition(string $entityName): EntityDefinition
{
try {
$entityDefinition = $this->definitionRegistry->getByEntityName($entityName);
} catch (DefinitionNotFoundException $e) {
throw new NotFoundHttpException($e->getMessage(), $e);
}
return $entityDefinition;
}
private function validateAclPermissions(Context $context, EntityDefinition $entity, string $privilege): ?string
{
$resource = $entity->getEntityName();
if ($entity instanceof EntityTranslationDefinition) {
$resource = $entity->getParentDefinition()->getEntityName();
}
if (!$context->isAllowed($resource . ':' . $privilege)) {
return $resource . ':' . $privilege;
}
return null;
}
private function validatePathSegments(Context $context, array $pathSegments, string $privilege): array
{
$child = array_pop($pathSegments);
$missing = [];
foreach ($pathSegments as $segment) {
// you need detail privileges for every parent entity
$missing[] = $this->validateAclPermissions(
$context,
$this->getDefinitionForPathSegment($segment),
AclRoleDefinition::PRIVILEGE_READ
);
}
$missing[] = $this->validateAclPermissions($context, $this->getDefinitionForPathSegment($child), $privilege);
return array_unique(array_filter($missing));
}
private function getDefinitionForPathSegment(array $segment): EntityDefinition
{
$definition = $segment['definition'];
if ($segment['field'] instanceof ManyToManyAssociationField) {
$definition = $segment['field']->getToManyReferenceDefinition();
}
return $definition;
}
}