The Doctrine integration with Laminas API Tools includes Query Providers used to create filtering of data for each REST endpoint. This may take into account the current user's permissions and add filtering to a Doctrine QueryBuilder object.
Query Providers act much like an event listener but are hard-coded into a Laminas API Tools Doctrine REST event.
Writing your own Query Providers is not difficult but this library exists to give you a jump start to writing custom Query Providers by supplying a plugin manager and abstract query providers for both ORM and ODM. Included are Query requets based tools for filtering and ordering request responses. This filtering is provided by api-tools-doctrine-orm-querybuilder and api-tools-doctrine-odm-querybuilder
Please see the composer.json file.
Run the following composer command:
$ composer require "laminas-api-tools/api-tools-doctrine-query-provider"Alternately, manually add the following to your composer.json, in the require section:
"require": {
"laminas-api-tools/api-tools-doctrine-query-provider": "^1.0"
}And then run composer update to ensure the module is installed.
Finally, add the module name to your project's config/application.config.php under the modules
key:
return [
/* ... */
'modules' => [
/* ... */
'Laminas\ApiTools\Doctrine\QueryProvider',
],
/* ... */
];Configuration is done inside the doctrine-connected section of the api-tools-doctrine configuration.
return [
'zf-laminas-api-tools' => [
'doctrine-connected' => [
V1\Rest\PerformanceMerge\PerformanceMergeResource::class => [
'query_providers' => [
// 'default' => QueryProvider\PerformanceMergeDefault::class, // applies to all
'fetch' => QueryProvider\PerformanceMergeFetch::class,
'fetch_all' => QueryProvider\PerformanceMergeFetch::class,
'patch' => QueryProvider\PerformanceMergePatch::class,
'update' => QueryProvider\PerformanceMergeUpdate::class,
'delete' => QueryProvider\PerformanceMergeDelete::class,
],
],Note patch_all, update_all, and delete_all do not exist. For similar functionality to query providers for these actions use the provided events. See custom events.
Included is filtering and sorting of REST responses and authentication through
the Zend\Authentication\AuthenticationService library. This authentication
ties in directly with api-tools-mvc-auth.
namespace DbApi\QueryProvider;
use ZF\Rest\ResourceEvent;
use Laminas\ApiTools\Doctrine\QueryProvider\AbstractORMQueryProvider;
use Db\Fixture\RoleFixture;
final class PerformanceCorrectionPatch extends AbstractQueryProvider
{
public function createQuery(ResourceEvent $event, $entityClass, $parameters)
{
$queryBuilder = parent::createQuery($event, $entityClass, $parameters);
// Always allow admin
if ($this->getAuthentication()->getIdentity()->getUser()->hasRole(RoleFixture::ADMIN)) {
return $queryBuilder;
}
// Filter so the query provider only returns results belonging to this user
$queryBuilder
->andWhere($queryBuilder->expr()->eq('row.user', ':user'))
->setParameter('user', $this->getAuthentication()->getIdentity()->getUser())
;
return $queryBuilder;
}
}