API Platform: Customize access control error message
17 July 2022 (Updated 17 July 2022)
<?php
// api/src/Entity/Book.php
namespace App\Entity;
use ApiPlatform\Core\Annotation\ApiResource;
#[ApiResource(
attributes: ["security" => "is_granted('ROLE_USER')"],
collectionOperations: [
"post" => [
"security" => "is_granted('ROLE_ADMIN')",
"security_message" => "Only admins can add books.",
],
],
itemOperations: [
"get" => [
"security" => "is_granted('ROLE_USER') and object.owner == user",
"security_message" => "Sorry, but you are not the book owner.",
],
"put" => [
"security_post_denormalize" => "is_granted('ROLE_ADMIN') or (object.owner == user and previous_object.owner == user)",
"security_post_denormalize_message" => "Sorry, but you are not the actual book owner.",
],
],
)]
class Book
{
// ...
}
Tagged:
API Platform
Thanks for your comment 🙏. Once it's approved, it will appear here.
Leave a comment