diff --git a/jsonapi.services.yml b/jsonapi.services.yml index 841b72c..1cf0e61 100644 --- a/jsonapi.services.yml +++ b/jsonapi.services.yml @@ -4,7 +4,6 @@ parameters: services: jsonapi.serializer_do_not_use_removal_imminent: class: Drupal\jsonapi\Serializer\Serializer - public: false calls: - [setFallbackNormalizer, ['@serializer']] arguments: [{ }, { }] @@ -104,12 +103,12 @@ services: - { name: route_enhancer } jsonapi.params.enhancer: class: Drupal\jsonapi\Routing\JsonApiParamEnhancer - arguments: ['@serializer.normalizer.filter.jsonapi', '@serializer.normalizer.sort.jsonapi', '@serializer.normalizer.offset_page.jsonapi'] + arguments: ['@jsonapi.serializer_do_not_use_removal_imminent'] tags: - { name: route_enhancer } jsonapi.link_manager: class: Drupal\jsonapi\LinkManager\LinkManager - arguments: ['@router.no_access_checks', '@url_generator'] + arguments: [null, '@url_generator'] jsonapi.field_resolver: class: Drupal\jsonapi\Context\FieldResolver arguments: ['@entity_type.manager', '@entity_field.manager', '@entity_type.bundle.info', '@jsonapi.resource_type.repository'] @@ -149,7 +148,6 @@ services: jsonapi.request_handler: class: \Drupal\jsonapi\Controller\RequestHandler arguments: - - '@jsonapi.serializer_do_not_use_removal_imminent' - '@jsonapi.entity_resource' jsonapi.entity_resource: class: \Drupal\jsonapi\Controller\EntityResource diff --git a/src/Controller/EntityResource.php b/src/Controller/EntityResource.php index b2be715..ce60a73 100644 --- a/src/Controller/EntityResource.php +++ b/src/Controller/EntityResource.php @@ -663,16 +663,12 @@ class EntityResource { * @throws \Symfony\Component\HttpKernel\Exception\ConflictHttpException * Thrown when deleting a "to-one" relationship. */ - public function deleteRelationship(ResourceType $resource_type, EntityInterface $entity, $related_field, $parsed_field_list, Request $request = NULL) { + public function deleteRelationship(ResourceType $resource_type, EntityInterface $entity, $related_field, $parsed_field_list, Request $request) { if ($parsed_field_list instanceof Response) { // This usually means that there was an error, so there is no point on // processing further. return $parsed_field_list; } - if ($parsed_field_list instanceof Request) { - // This usually means that there was not body provided. - throw new BadRequestHttpException(sprintf('You need to provide a body for DELETE operations on a relationship (%s).', $related_field)); - } /* @var \Drupal\Core\Field\EntityReferenceFieldItemListInterface $field_list */ $field_list = $entity->{$related_field}; $is_multiple = $field_list->getFieldDefinition() diff --git a/src/Controller/RequestHandler.php b/src/Controller/RequestHandler.php index 7544a3f..5d26b8a 100644 --- a/src/Controller/RequestHandler.php +++ b/src/Controller/RequestHandler.php @@ -4,11 +4,6 @@ namespace Drupal\jsonapi\Controller; use Drupal\jsonapi\ResourceType\ResourceType; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; -use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException; -use Symfony\Component\Serializer\Exception\InvalidArgumentException; -use Symfony\Component\Serializer\Exception\UnexpectedValueException; -use Symfony\Component\Serializer\SerializerInterface; /** * Acts as request forwarder for \Drupal\jsonapi\Controller\EntityResource. @@ -17,13 +12,6 @@ use Symfony\Component\Serializer\SerializerInterface; */ class RequestHandler { - /** - * The JSON API serializer. - * - * @var \Drupal\jsonapi\Serializer\Serializer - */ - protected $serializer; - /** * The JSON API entity resource controller. * @@ -34,11 +22,10 @@ class RequestHandler { /** * Creates a new RequestHandler instance. * - * @param \Symfony\Component\Serializer\SerializerInterface $serializer - * The JSON API serializer. + * @param \Drupal\jsonapi\Controller\EntityResource $entity_resource + * The JSON API entity controller. */ - public function __construct(SerializerInterface $serializer, EntityResource $entity_resource) { - $this->serializer = $serializer; + public function __construct(EntityResource $entity_resource) { $this->entityResource = $entity_resource; } @@ -54,8 +41,6 @@ class RequestHandler { * The response object. */ public function handle(Request $request, ResourceType $resource_type) { - $unserialized = $this->deserialize($request, $resource_type); - // Determine the request parameters that should be passed to the resource // plugin. $parameters = ['resource_type' => $resource_type]; @@ -72,72 +57,15 @@ class RequestHandler { // Invoke the operation on the resource plugin. $action = $this->action($request, $resource_type); - // Only add the unserialized data if there is something there. - $extra_parameters = $unserialized ? [$unserialized, $request] : [$request]; - - return call_user_func_array([$this->entityResource, $action], array_merge($parameters, $extra_parameters)); - } - - /** - * Deserializes request body, if any. - * - * @param \Symfony\Component\HttpFoundation\Request $request - * The HTTP request object. - * @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type - * The JSON API resource type for the current request. - * - * @return array|null - * An object normalization, if there is a valid request body. NULL if there - * is no request body. - * - * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException - * Thrown if the request body cannot be decoded, or when no request body was - * provided with a POST or PATCH request. - * @throws \Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException - * Thrown if the request body cannot be denormalized. - */ - protected function deserialize(Request $request, ResourceType $resource_type) { - if ($request->isMethodSafe(FALSE)) { - return NULL; + // Add the deserialized entity or relationship if available. + if ($request->get('serialization_class', FALSE) && !$request->isMethodCacheable()) { + $parameters[] = $request->get('deserialized'); } - // Deserialize incoming data if available. - $received = $request->getContent(); - $unserialized = NULL; - if (!empty($received)) { - // First decode the request data. We can then determine if the - // serialized data was malformed. - try { - $unserialized = $this->serializer->decode($received, 'api_json'); - } - catch (UnexpectedValueException $e) { - // If an exception was thrown at this stage, there was a problem - // decoding the data. Throw a 400 http exception. - throw new BadRequestHttpException($e->getMessage()); - } - - $field_related = $resource_type->getInternalName($request->get('related')); - try { - $unserialized = $this->serializer->denormalize($unserialized, $request->get('serialization_class'), 'api_json', [ - 'related' => $field_related, - 'target_entity' => $request->get($resource_type->getEntityTypeId()), - 'resource_type' => $resource_type, - ]); - } - // These two serialization exception types mean there was a problem with - // the structure of the decoded data and it's not valid. - catch (UnexpectedValueException $e) { - throw new UnprocessableEntityHttpException($e->getMessage()); - } - catch (InvalidArgumentException $e) { - throw new UnprocessableEntityHttpException($e->getMessage()); - } - } - elseif ($request->isMethod('POST') || $request->isMethod('PATCH')) { - throw new BadRequestHttpException('Empty request body.'); - } + // Add the request as a parameter. + $parameters[] = $request; - return $unserialized; + return call_user_func_array([$this->entityResource, $action], $parameters); } /** diff --git a/src/Routing/JsonApiParamEnhancer.php b/src/Routing/JsonApiParamEnhancer.php index 41270a5..1a54011 100644 --- a/src/Routing/JsonApiParamEnhancer.php +++ b/src/Routing/JsonApiParamEnhancer.php @@ -3,11 +3,16 @@ namespace Drupal\jsonapi\Routing; use Drupal\Core\Routing\EnhancerInterface; +use Drupal\jsonapi\Exception\UnprocessableHttpEntityException; use Drupal\jsonapi\Query\OffsetPage; use Drupal\jsonapi\Query\Filter; use Drupal\jsonapi\Query\Sort; +use Drupal\jsonapi\ResourceType\ResourceType; use Symfony\Component\HttpFoundation\Request; -use Symfony\Component\Serializer\Normalizer\DenormalizerInterface; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; +use Symfony\Component\Serializer\Exception\InvalidArgumentException; +use Symfony\Component\Serializer\Exception\UnexpectedValueException; +use Symfony\Component\Serializer\SerializerInterface; /** * Processes the request query parameters. @@ -17,33 +22,17 @@ use Symfony\Component\Serializer\Normalizer\DenormalizerInterface; class JsonApiParamEnhancer implements EnhancerInterface { /** - * The filter normalizer. + * The JSON API serializer. * - * @var \Symfony\Component\Serializer\Normalizer\DenormalizerInterface + * @var \Symfony\Component\Serializer\SerializerInterface|\Symfony\Component\Serializer\Normalizer\DenormalizerInterface */ - protected $filterNormalizer; - - /** - * The sort normalizer. - * - * @var \Symfony\Component\Serializer\Normalizer\DenormalizerInterface - */ - protected $sortNormalizer; - - /** - * The page normalizer. - * - * @var Symfony\Component\Serializer\Normalizer\DenormalizerInterface - */ - protected $pageNormalizer; + protected $serializer; /** * {@inheritdoc} */ - public function __construct(DenormalizerInterface $filter_normalizer, DenormalizerInterface $sort_normalizer, DenormalizerInterface $page_normalizer) { - $this->filterNormalizer = $filter_normalizer; - $this->sortNormalizer = $sort_normalizer; - $this->pageNormalizer = $page_normalizer; + public function __construct(SerializerInterface $serializer) { + $this->serializer = $serializer; } /** @@ -64,20 +53,81 @@ class JsonApiParamEnhancer implements EnhancerInterface { if ($request->query->has('filter')) { $filter = $request->query->get('filter'); - $options['filter'] = $this->filterNormalizer->denormalize($filter, Filter::class, NULL, $context); + $options['filter'] = $this->serializer->denormalize($filter, Filter::class, NULL, $context); } if ($request->query->has('sort')) { $sort = $request->query->get('sort'); - $options['sort'] = $this->sortNormalizer->denormalize($sort, Sort::class, NULL, $context); + $options['sort'] = $this->serializer->denormalize($sort, Sort::class, NULL, $context); } $page = ($request->query->has('page')) ? $request->query->get('page') : []; - $options['page'] = $this->pageNormalizer->denormalize($page, OffsetPage::class); + $options['page'] = $this->serializer->denormalize($page, OffsetPage::class); + + if (isset($defaults['serialization_class']) && !$request->isMethodSafe(FALSE)) { + // Deserialize incoming data if available. + if ($received = (string) $request->getContent()) { + $defaults['deserialized'] = $this->deserialize($resource_type, $received, $defaults); + } + elseif ($request->isMethod('POST') || $request->isMethod('PATCH')) { + throw new BadRequestHttpException('Empty request body.'); + } + elseif ($request->isMethod('DELETE') && isset($defaults['related']) && $defaults['related']) { + throw new BadRequestHttpException(sprintf('You need to provide a body for DELETE operations on a relationship (%s).', $defaults['related'])); + } + } $defaults['_json_api_params'] = $options; return $defaults; } + /** + * Deserializes request body, if any. + * + * @param \Drupal\jsonapi\ResourceType\ResourceType $resource_type + * The JSON API resource type for the current request. + * @param string $received + * The request body. + * @param array $defaults + * The route defaults. + * + * @return array + * An object normalization. + * + * @throws \Symfony\Component\HttpKernel\Exception\BadRequestHttpException + * Thrown if the request body cannot be decoded, or when no request body was + * provided with a POST or PATCH request. + * @throws \Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException + * Thrown if the request body cannot be denormalized. + */ + protected function deserialize(ResourceType $resource_type, $received, array $defaults) { + // First decode the request data. We can then determine if the + // serialized data was malformed. + try { + $decoded = $this->serializer->decode($received, 'api_json'); + } + catch (UnexpectedValueException $e) { + // If an exception was thrown at this stage, there was a problem + // decoding the data. Throw a 400 http exception. + throw new BadRequestHttpException($e->getMessage()); + } + + try { + return $this->serializer->denormalize($decoded, $defaults['serialization_class'], 'api_json', [ + 'related' => $resource_type->getInternalName(isset($defaults['related']) ? $defaults['related'] : NULL), + 'target_entity' => isset($defaults[$resource_type->getEntityTypeId()]) ? $defaults[$resource_type->getEntityTypeId()] : NULL, + 'resource_type' => $resource_type, + ]); + } + // These two serialization exception types mean there was a problem with + // the structure of the decoded data and it's not valid. + catch (UnexpectedValueException $e) { + throw new UnprocessableHttpEntityException($e->getMessage()); + } + catch (InvalidArgumentException $e) { + throw new UnprocessableHttpEntityException($e->getMessage()); + } + } + } diff --git a/tests/src/Functional/ResourceTestBase.php b/tests/src/Functional/ResourceTestBase.php index 594e890..2a9c48b 100644 --- a/tests/src/Functional/ResourceTestBase.php +++ b/tests/src/Functional/ResourceTestBase.php @@ -28,6 +28,7 @@ use Drupal\field\Entity\FieldStorageConfig; use Drupal\jsonapi\Normalizer\HttpExceptionNormalizer; use Drupal\jsonapi\JsonApiResource\JsonApiDocumentTopLevel; use Drupal\jsonapi\ResourceResponse; +use Drupal\jsonapi\Serializer\Serializer; use Drupal\path\Plugin\Field\FieldType\PathItem; use Drupal\Tests\BrowserTestBase; use Drupal\user\Entity\Role; @@ -1835,13 +1836,6 @@ abstract class ResourceTestBase extends BrowserTestBase { $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json'; - // DX: 403 when unauthorized. - $response = $this->request('POST', $url, $request_options); - $reason = $this->getExpectedUnauthorizedAccessMessage('POST'); - $this->assertResourceErrorResponse(403, (string) $reason, $response); - - $this->setUpAuthorization('POST'); - // DX: 400 when no request body. $response = $this->request('POST', $url, $request_options); $this->assertResourceErrorResponse(400, 'Empty request body.', $response); @@ -1860,6 +1854,13 @@ abstract class ResourceTestBase extends BrowserTestBase { $request_options[RequestOptions::BODY] = $parseable_invalid_request_body; + // DX: 403 when unauthorized. + $response = $this->request('POST', $url, $request_options); + $reason = $this->getExpectedUnauthorizedAccessMessage('POST'); + $this->assertResourceErrorResponse(403, (string) $reason, $response); + + $this->setUpAuthorization('POST'); + // DX: 422 when invalid entity: multiple values sent for single-value field. $response = $this->request('POST', $url, $request_options); $label_field = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName; @@ -2077,13 +2078,6 @@ abstract class ResourceTestBase extends BrowserTestBase { $request_options[RequestOptions::HEADERS]['Content-Type'] = 'application/vnd.api+json'; - // DX: 403 when unauthorized. - $response = $this->request('PATCH', $url, $request_options); - $reason = $this->getExpectedUnauthorizedAccessMessage('PATCH'); - $this->assertResourceErrorResponse(403, (string) $reason, $response); - - $this->setUpAuthorization('PATCH'); - // DX: 400 when no request body. $response = $this->request('PATCH', $url, $request_options); $this->assertResourceErrorResponse(400, 'Empty request body.', $response); @@ -2096,6 +2090,13 @@ abstract class ResourceTestBase extends BrowserTestBase { $request_options[RequestOptions::BODY] = $parseable_invalid_request_body; + // DX: 403 when unauthorized. + $response = $this->request('PATCH', $url, $request_options); + $reason = $this->getExpectedUnauthorizedAccessMessage('PATCH'); + $this->assertResourceErrorResponse(403, (string) $reason, $response); + + $this->setUpAuthorization('PATCH'); + // DX: 422 when invalid entity: multiple values sent for single-value field. $response = $this->request('PATCH', $url, $request_options); $label_field = $this->entity->getEntityType()->hasKey('label') ? $this->entity->getEntityType()->getKey('label') : static::$labelFieldName; diff --git a/tests/src/Kernel/Normalizer/EntityConditionGroupNormalizerTest.php b/tests/src/Kernel/Normalizer/EntityConditionGroupNormalizerTest.php index f26bb4e..8082d65 100644 --- a/tests/src/Kernel/Normalizer/EntityConditionGroupNormalizerTest.php +++ b/tests/src/Kernel/Normalizer/EntityConditionGroupNormalizerTest.php @@ -2,6 +2,7 @@ namespace Drupal\Tests\jsonapi\Kernel\Normalizer; +use Drupal\jsonapi\Normalizer\EntityConditionGroupNormalizer; use Drupal\KernelTests\KernelTestBase; use Drupal\jsonapi\Query\EntityConditionGroup; @@ -29,7 +30,7 @@ class EntityConditionGroupNormalizerTest extends KernelTestBase { * @dataProvider denormalizeProvider */ public function testDenormalize($case) { - $normalizer = $this->container->get('serializer.normalizer.entity_condition_group.jsonapi'); + $normalizer = new EntityConditionGroupNormalizer(); $normalized = $normalizer->denormalize($case, EntityConditionGroup::class); @@ -45,7 +46,7 @@ class EntityConditionGroupNormalizerTest extends KernelTestBase { * @covers ::denormalize */ public function testDenormalizeException() { - $normalizer = $this->container->get('serializer.normalizer.entity_condition_group.jsonapi'); + $normalizer = new EntityConditionGroupNormalizer(); $data = ['conjunction' => 'NOT_ALLOWED', 'members' => []]; $this->setExpectedException(\InvalidArgumentException::class); $normalized = $normalizer->denormalize($data, EntityConditionGroup::class); diff --git a/tests/src/Kernel/Normalizer/EntityConditionNormalizerTest.php b/tests/src/Kernel/Normalizer/EntityConditionNormalizerTest.php index 53a84c8..2dc607e 100644 --- a/tests/src/Kernel/Normalizer/EntityConditionNormalizerTest.php +++ b/tests/src/Kernel/Normalizer/EntityConditionNormalizerTest.php @@ -31,7 +31,7 @@ class EntityConditionNormalizerTest extends KernelTestBase { */ public function setUp() { parent::setUp(); - $this->normalizer = $this->container->get('serializer.normalizer.entity_condition.jsonapi'); + $this->normalizer = new EntityConditionNormalizer(); } /** diff --git a/tests/src/Kernel/Normalizer/FilterNormalizerTest.php b/tests/src/Kernel/Normalizer/FilterNormalizerTest.php index 17cd940..43abf45 100644 --- a/tests/src/Kernel/Normalizer/FilterNormalizerTest.php +++ b/tests/src/Kernel/Normalizer/FilterNormalizerTest.php @@ -2,6 +2,9 @@ namespace Drupal\Tests\jsonapi\Kernel\Normalizer; +use Drupal\jsonapi\Normalizer\EntityConditionGroupNormalizer; +use Drupal\jsonapi\Normalizer\EntityConditionNormalizer; +use Drupal\jsonapi\Normalizer\FilterNormalizer; use Drupal\KernelTests\KernelTestBase; use Drupal\jsonapi\Query\Filter; use Drupal\jsonapi\Context\FieldResolver; @@ -38,8 +41,11 @@ class FilterNormalizerTest extends KernelTestBase { */ public function setUp() { parent::setUp(); - $this->container->set('jsonapi.field_resolver', $this->getFieldResolver('foo', 'bar')); - $this->normalizer = $this->container->get('serializer.normalizer.filter.jsonapi'); + $this->normalizer = new FilterNormalizer( + $this->getFieldResolver('foo', 'bar'), + new EntityConditionNormalizer(), + new EntityConditionGroupNormalizer() + ); } /** diff --git a/tests/src/Kernel/Normalizer/OffsetPageNormalizerTest.php b/tests/src/Kernel/Normalizer/OffsetPageNormalizerTest.php index c22e89f..6a07040 100644 --- a/tests/src/Kernel/Normalizer/OffsetPageNormalizerTest.php +++ b/tests/src/Kernel/Normalizer/OffsetPageNormalizerTest.php @@ -2,6 +2,7 @@ namespace Drupal\Tests\jsonapi\Kernel\Normalizer; +use Drupal\jsonapi\Normalizer\OffsetPageNormalizer; use Drupal\KernelTests\KernelTestBase; use Drupal\jsonapi\Query\OffsetPage; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; @@ -37,7 +38,7 @@ class OffsetPageNormalizerTest extends KernelTestBase { */ public function setUp() { parent::setUp(); - $this->normalizer = $this->container->get('serializer.normalizer.offset_page.jsonapi'); + $this->normalizer = new OffsetPageNormalizer(); } /** diff --git a/tests/src/Kernel/Normalizer/SortNormalizerTest.php b/tests/src/Kernel/Normalizer/SortNormalizerTest.php index 92ae1cc..41a4581 100644 --- a/tests/src/Kernel/Normalizer/SortNormalizerTest.php +++ b/tests/src/Kernel/Normalizer/SortNormalizerTest.php @@ -2,6 +2,7 @@ namespace Drupal\Tests\jsonapi\Kernel\Normalizer; +use Drupal\jsonapi\Normalizer\SortNormalizer; use Drupal\KernelTests\KernelTestBase; use Drupal\jsonapi\Context\FieldResolver; use Drupal\jsonapi\Query\Sort; @@ -38,8 +39,7 @@ class SortNormalizerTest extends KernelTestBase { */ public function setUp() { parent::setUp(); - $this->container->set('jsonapi.field_resolver', $this->getFieldResolver('foo', 'bar')); - $this->normalizer = $this->container->get('serializer.normalizer.sort.jsonapi'); + $this->normalizer = new SortNormalizer($this->getFieldResolver('foo', 'bar')); } /** diff --git a/tests/src/Kernel/Query/FilterTest.php b/tests/src/Kernel/Query/FilterTest.php index 3c93d6a..c9adf9b 100644 --- a/tests/src/Kernel/Query/FilterTest.php +++ b/tests/src/Kernel/Query/FilterTest.php @@ -3,6 +3,9 @@ namespace Drupal\Tests\jsonapi\Kernel\Query; use Drupal\Core\Field\FieldStorageDefinitionInterface; +use Drupal\jsonapi\Normalizer\EntityConditionGroupNormalizer; +use Drupal\jsonapi\Normalizer\EntityConditionNormalizer; +use Drupal\jsonapi\Normalizer\FilterNormalizer; use Drupal\node\Entity\Node; use Drupal\node\Entity\NodeType; use Drupal\Tests\jsonapi\Kernel\JsonapiKernelTestBase; @@ -64,7 +67,11 @@ class FilterTest extends JsonapiKernelTestBase { ['colors' => ['orange'], 'shapes' => ['square'], 'title' => 'DONT_FIND'], ]); - $this->normalizer = $this->container->get('serializer.normalizer.filter.jsonapi'); + $this->normalizer = new FilterNormalizer( + $this->container->get('jsonapi.field_resolver'), + new EntityConditionNormalizer(), + new EntityConditionGroupNormalizer() + ); $this->nodeStorage = $this->container->get('entity_type.manager')->getStorage('node'); }