sajad torkamani

API Platform: Customize access control error message

17 July 2022 (Updated 17 July 2022) 
<?php
// api/src/Entity/Book.php

namespace App\Entity;

use ApiPlatform\Core\Annotation\ApiResource;

#[ApiResource(
    attributes: ["security" => "is_granted('ROLE_USER')"],
    collectionOperations: [
        "post" => [
            "security" => "is_granted('ROLE_ADMIN')",
            "security_message" => "Only admins can add books.",
        ],
    ],
    itemOperations: [
        "get" => [
            "security" => "is_granted('ROLE_USER') and object.owner == user",
            "security_message" => "Sorry, but you are not the book owner.",
        ],
        "put" => [
            "security_post_denormalize" => "is_granted('ROLE_ADMIN') or (object.owner == user and previous_object.owner == user)",
            "security_post_denormalize_message" => "Sorry, but you are not the actual book owner.",
        ],
    ],
)]
class Book
{
    // ...
}
Tagged: API Platform