vendor/sylius/resource-bundle/src/Bundle/Controller/ResourceController.php line 162

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Sylius package.
  5. *
  6. * (c) Paweł Jędrzejewski
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. declare(strict_types=1);
  14. namespace Sylius\Bundle\ResourceBundle\Controller;
  16. use Doctrine\Persistence\ObjectManager;
  17. use FOS\RestBundle\View\View;
  18. use Sylius\Bundle\ResourceBundle\Event\ResourceControllerEvent;
  19. use Sylius\Component\Resource\Exception\DeleteHandlingException;
  20. use Sylius\Component\Resource\Exception\UpdateHandlingException;
  21. use Sylius\Component\Resource\Factory\FactoryInterface;
  22. use Sylius\Component\Resource\Metadata\MetadataInterface;
  23. use Sylius\Component\Resource\Model\ResourceInterface;
  24. use Sylius\Component\Resource\Repository\RepositoryInterface;
  25. use Sylius\Component\Resource\ResourceActions;
  26. use Symfony\Component\DependencyInjection\ContainerAwareTrait;
  27. use Symfony\Component\DependencyInjection\ContainerInterface;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\HttpFoundation\Response;
  30. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  31. use Symfony\Component\HttpKernel\Exception\HttpException;
  32. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  33. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  35. class ResourceController
  36. {
  37. use ControllerTrait;
  38. use ContainerAwareTrait;
  40. protected MetadataInterface $metadata;
  42. protected RequestConfigurationFactoryInterface $requestConfigurationFactory;
  44. protected ?ViewHandlerInterface $viewHandler;
  46. protected RepositoryInterface $repository;
  48. protected FactoryInterface $factory;
  50. protected NewResourceFactoryInterface $newResourceFactory;
  52. protected ObjectManager $manager;
  54. protected SingleResourceProviderInterface $singleResourceProvider;
  56. protected ResourcesCollectionProviderInterface $resourcesCollectionProvider;
  58. protected ResourceFormFactoryInterface $resourceFormFactory;
  60. protected RedirectHandlerInterface $redirectHandler;
  62. protected FlashHelperInterface $flashHelper;
  64. protected AuthorizationCheckerInterface $authorizationChecker;
  66. protected EventDispatcherInterface $eventDispatcher;
  68. protected ?StateMachineInterface $stateMachine;
  70. protected ResourceUpdateHandlerInterface $resourceUpdateHandler;
  72. protected ResourceDeleteHandlerInterface $resourceDeleteHandler;
  74. public function __construct(
  75. MetadataInterface $metadata,
  76. RequestConfigurationFactoryInterface $requestConfigurationFactory,
  77. ?ViewHandlerInterface $viewHandler,
  78. RepositoryInterface $repository,
  79. FactoryInterface $factory,
  80. NewResourceFactoryInterface $newResourceFactory,
  81. ObjectManager $manager,
  82. SingleResourceProviderInterface $singleResourceProvider,
  83. ResourcesCollectionProviderInterface $resourcesFinder,
  84. ResourceFormFactoryInterface $resourceFormFactory,
  85. RedirectHandlerInterface $redirectHandler,
  86. FlashHelperInterface $flashHelper,
  87. AuthorizationCheckerInterface $authorizationChecker,
  88. EventDispatcherInterface $eventDispatcher,
  89. ?StateMachineInterface $stateMachine,
  90. ResourceUpdateHandlerInterface $resourceUpdateHandler,
  91. ResourceDeleteHandlerInterface $resourceDeleteHandler,
  92. ) {
  93. $this->metadata = $metadata;
  94. $this->requestConfigurationFactory = $requestConfigurationFactory;
  95. $this->viewHandler = $viewHandler;
  96. $this->repository = $repository;
  97. $this->factory = $factory;
  98. $this->newResourceFactory = $newResourceFactory;
  99. $this->manager = $manager;
  100. $this->singleResourceProvider = $singleResourceProvider;
  101. $this->resourcesCollectionProvider = $resourcesFinder;
  102. $this->resourceFormFactory = $resourceFormFactory;
  103. $this->redirectHandler = $redirectHandler;
  104. $this->flashHelper = $flashHelper;
  105. $this->authorizationChecker = $authorizationChecker;
  106. $this->eventDispatcher = $eventDispatcher;
  107. $this->stateMachine = $stateMachine;
  108. $this->resourceUpdateHandler = $resourceUpdateHandler;
  109. $this->resourceDeleteHandler = $resourceDeleteHandler;
  110. }
  112. public function showAction(Request $request): Response
  113. {
  114. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  116. $this->isGrantedOr403($configuration, ResourceActions::SHOW);
  117. $resource = $this->findOr404($configuration);
  119. $event = $this->eventDispatcher->dispatch(ResourceActions::SHOW, $configuration, $resource);
  120. $eventResponse = $event->getResponse();
  121. if (null !== $eventResponse) {
  122. return $eventResponse;
  123. }
  125. if ($configuration->isHtmlRequest()) {
  126. return $this->render($configuration->getTemplate(ResourceActions::SHOW . '.html'), [
  127. 'configuration' => $configuration,
  128. 'metadata' => $this->metadata,
  129. 'resource' => $resource,
  130. $this->metadata->getName() => $resource,
  131. ]);
  132. }
  134. return $this->createRestView($configuration, $resource);
  135. }
  137. public function indexAction(Request $request): Response
  138. {
  139. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  141. $this->isGrantedOr403($configuration, ResourceActions::INDEX);
  142. $resources = $this->resourcesCollectionProvider->get($configuration, $this->repository);
  144. $event = $this->eventDispatcher->dispatchMultiple(ResourceActions::INDEX, $configuration, $resources);
  145. $eventResponse = $event->getResponse();
  146. if (null !== $eventResponse) {
  147. return $eventResponse;
  148. }
  150. if ($configuration->isHtmlRequest()) {
  151. return $this->render($configuration->getTemplate(ResourceActions::INDEX . '.html'), [
  152. 'configuration' => $configuration,
  153. 'metadata' => $this->metadata,
  154. 'resources' => $resources,
  155. $this->metadata->getPluralName() => $resources,
  156. ]);
  157. }
  159. return $this->createRestView($configuration, $resources);
  160. }
  162. public function createAction(Request $request): Response
  163. {
  164. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  166. $this->isGrantedOr403($configuration, ResourceActions::CREATE);
  167. $newResource = $this->newResourceFactory->create($configuration, $this->factory);
  169. $form = $this->resourceFormFactory->create($configuration, $newResource);
  170. $form->handleRequest($request);
  172. if ($request->isMethod('POST') && $form->isSubmitted() && $form->isValid()) {
  173. $newResource = $form->getData();
  175. $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::CREATE, $configuration, $newResource);
  177. if ($event->isStopped() && !$configuration->isHtmlRequest()) {
  178. throw new HttpException($event->getErrorCode(), $event->getMessage());
  179. }
  180. if ($event->isStopped()) {
  181. $this->flashHelper->addFlashFromEvent($configuration, $event);
  183. $eventResponse = $event->getResponse();
  184. if (null !== $eventResponse) {
  185. return $eventResponse;
  186. }
  188. return $this->redirectHandler->redirectToIndex($configuration, $newResource);
  189. }
  191. if ($configuration->hasStateMachine()) {
  192. $stateMachine = $this->getStateMachine();
  193. $stateMachine->apply($configuration, $newResource);
  194. }
  196. $this->repository->add($newResource);
  198. if ($configuration->isHtmlRequest()) {
  199. $this->flashHelper->addSuccessFlash($configuration, ResourceActions::CREATE, $newResource);
  200. }
  202. $postEvent = $this->eventDispatcher->dispatchPostEvent(ResourceActions::CREATE, $configuration, $newResource);
  204. if (!$configuration->isHtmlRequest()) {
  205. return $this->createRestView($configuration, $newResource, Response::HTTP_CREATED);
  206. }
  208. $postEventResponse = $postEvent->getResponse();
  209. if (null !== $postEventResponse) {
  210. return $postEventResponse;
  211. }
  213. return $this->redirectHandler->redirectToResource($configuration, $newResource);
  214. }
  215. if ($request->isMethod('POST') && $form->isSubmitted() && !$form->isValid()) {
  216. $responseCode = Response::HTTP_UNPROCESSABLE_ENTITY;
  217. }
  219. if (!$configuration->isHtmlRequest()) {
  220. return $this->createRestView($configuration, $form, Response::HTTP_BAD_REQUEST);
  221. }
  223. $initializeEvent = $this->eventDispatcher->dispatchInitializeEvent(ResourceActions::CREATE, $configuration, $newResource);
  224. $initializeEventResponse = $initializeEvent->getResponse();
  225. if (null !== $initializeEventResponse) {
  226. return $initializeEventResponse;
  227. }
  229. return $this->render($configuration->getTemplate(ResourceActions::CREATE . '.html'), [
  230. 'configuration' => $configuration,
  231. 'metadata' => $this->metadata,
  232. 'resource' => $newResource,
  233. $this->metadata->getName() => $newResource,
  234. 'form' => $form->createView(),
  235. ], null, $responseCode ?? Response::HTTP_OK);
  236. }
  238. public function updateAction(Request $request): Response
  239. {
  240. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  242. $this->isGrantedOr403($configuration, ResourceActions::UPDATE);
  243. $resource = $this->findOr404($configuration);
  245. $form = $this->resourceFormFactory->create($configuration, $resource);
  246. $form->handleRequest($request);
  248. if (
  249. in_array($request->getMethod(), ['POST', 'PUT', 'PATCH'], true) &&
  250. $form->isSubmitted() &&
  251. $form->isValid()
  252. ) {
  253. $resource = $form->getData();
  255. /** @var ResourceControllerEvent $event */
  256. $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::UPDATE, $configuration, $resource);
  258. if ($event->isStopped() && !$configuration->isHtmlRequest()) {
  259. throw new HttpException($event->getErrorCode(), $event->getMessage());
  260. }
  261. if ($event->isStopped()) {
  262. $this->flashHelper->addFlashFromEvent($configuration, $event);
  264. $eventResponse = $event->getResponse();
  265. if (null !== $eventResponse) {
  266. return $eventResponse;
  267. }
  269. return $this->redirectHandler->redirectToResource($configuration, $resource);
  270. }
  272. try {
  273. $this->resourceUpdateHandler->handle($resource, $configuration, $this->manager);
  274. } catch (UpdateHandlingException $exception) {
  275. if (!$configuration->isHtmlRequest()) {
  276. return $this->createRestView($configuration, $form, $exception->getApiResponseCode());
  277. }
  279. $this->flashHelper->addErrorFlash($configuration, $exception->getFlash());
  281. return $this->redirectHandler->redirectToReferer($configuration);
  282. }
  284. if ($configuration->isHtmlRequest()) {
  285. $this->flashHelper->addSuccessFlash($configuration, ResourceActions::UPDATE, $resource);
  286. }
  288. $postEvent = $this->eventDispatcher->dispatchPostEvent(ResourceActions::UPDATE, $configuration, $resource);
  290. if (!$configuration->isHtmlRequest()) {
  291. if ($configuration->getParameters()->get('return_content', false)) {
  292. return $this->createRestView($configuration, $resource, Response::HTTP_OK);
  293. }
  295. return $this->createRestView($configuration, null, Response::HTTP_NO_CONTENT);
  296. }
  298. $postEventResponse = $postEvent->getResponse();
  299. if (null !== $postEventResponse) {
  300. return $postEventResponse;
  301. }
  303. return $this->redirectHandler->redirectToResource($configuration, $resource);
  304. }
  305. if (in_array($request->getMethod(), ['POST', 'PUT', 'PATCH'], true) && $form->isSubmitted() && !$form->isValid()) {
  306. $responseCode = Response::HTTP_UNPROCESSABLE_ENTITY;
  307. }
  309. if (!$configuration->isHtmlRequest()) {
  310. return $this->createRestView($configuration, $form, Response::HTTP_BAD_REQUEST);
  311. }
  313. $initializeEvent = $this->eventDispatcher->dispatchInitializeEvent(ResourceActions::UPDATE, $configuration, $resource);
  314. $initializeEventResponse = $initializeEvent->getResponse();
  315. if (null !== $initializeEventResponse) {
  316. return $initializeEventResponse;
  317. }
  319. return $this->render($configuration->getTemplate(ResourceActions::UPDATE . '.html'), [
  320. 'configuration' => $configuration,
  321. 'metadata' => $this->metadata,
  322. 'resource' => $resource,
  323. $this->metadata->getName() => $resource,
  324. 'form' => $form->createView(),
  325. ], null, $responseCode ?? Response::HTTP_OK);
  326. }
  328. public function deleteAction(Request $request): Response
  329. {
  330. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  332. $this->isGrantedOr403($configuration, ResourceActions::DELETE);
  333. $resource = $this->findOr404($configuration);
  335. if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid((string) $resource->getId(), (string) $request->request->get('_csrf_token'))) {
  336. throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
  337. }
  339. $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::DELETE, $configuration, $resource);
  341. if ($event->isStopped() && !$configuration->isHtmlRequest()) {
  342. throw new HttpException($event->getErrorCode(), $event->getMessage());
  343. }
  344. if ($event->isStopped()) {
  345. $this->flashHelper->addFlashFromEvent($configuration, $event);
  347. $eventResponse = $event->getResponse();
  348. if (null !== $eventResponse) {
  349. return $eventResponse;
  350. }
  352. return $this->redirectHandler->redirectToIndex($configuration, $resource);
  353. }
  355. try {
  356. $this->resourceDeleteHandler->handle($resource, $this->repository);
  357. } catch (DeleteHandlingException $exception) {
  358. if (!$configuration->isHtmlRequest()) {
  359. return $this->createRestView($configuration, null, $exception->getApiResponseCode());
  360. }
  362. $this->flashHelper->addErrorFlash($configuration, $exception->getFlash());
  364. return $this->redirectHandler->redirectToReferer($configuration);
  365. }
  367. if ($configuration->isHtmlRequest()) {
  368. $this->flashHelper->addSuccessFlash($configuration, ResourceActions::DELETE, $resource);
  369. }
  371. $postEvent = $this->eventDispatcher->dispatchPostEvent(ResourceActions::DELETE, $configuration, $resource);
  373. if (!$configuration->isHtmlRequest()) {
  374. return $this->createRestView($configuration, null, Response::HTTP_NO_CONTENT);
  375. }
  377. $postEventResponse = $postEvent->getResponse();
  378. if (null !== $postEventResponse) {
  379. return $postEventResponse;
  380. }
  382. return $this->redirectHandler->redirectToIndex($configuration, $resource);
  383. }
  385. public function bulkDeleteAction(Request $request): Response
  386. {
  387. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  389. $this->isGrantedOr403($configuration, ResourceActions::BULK_DELETE);
  390. $resources = $this->resourcesCollectionProvider->get($configuration, $this->repository);
  392. if (
  393. $configuration->isCsrfProtectionEnabled() &&
  394. !$this->isCsrfTokenValid(ResourceActions::BULK_DELETE, (string) $request->request->get('_csrf_token'))
  395. ) {
  396. throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
  397. }
  399. $this->eventDispatcher->dispatchMultiple(ResourceActions::BULK_DELETE, $configuration, $resources);
  401. foreach ($resources as $resource) {
  402. $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::DELETE, $configuration, $resource);
  404. if ($event->isStopped() && !$configuration->isHtmlRequest()) {
  405. throw new HttpException($event->getErrorCode(), $event->getMessage());
  406. }
  407. if ($event->isStopped()) {
  408. $this->flashHelper->addFlashFromEvent($configuration, $event);
  410. $eventResponse = $event->getResponse();
  411. if (null !== $eventResponse) {
  412. return $eventResponse;
  413. }
  415. return $this->redirectHandler->redirectToIndex($configuration, $resource);
  416. }
  418. try {
  419. $this->resourceDeleteHandler->handle($resource, $this->repository);
  420. } catch (DeleteHandlingException $exception) {
  421. if (!$configuration->isHtmlRequest()) {
  422. return $this->createRestView($configuration, null, $exception->getApiResponseCode());
  423. }
  425. $this->flashHelper->addErrorFlash($configuration, $exception->getFlash());
  427. return $this->redirectHandler->redirectToReferer($configuration);
  428. }
  430. $postEvent = $this->eventDispatcher->dispatchPostEvent(ResourceActions::DELETE, $configuration, $resource);
  431. }
  433. if (!$configuration->isHtmlRequest()) {
  434. return $this->createRestView($configuration, null, Response::HTTP_NO_CONTENT);
  435. }
  437. $this->flashHelper->addSuccessFlash($configuration, ResourceActions::BULK_DELETE);
  439. if (isset($postEvent)) {
  440. $postEventResponse = $postEvent->getResponse();
  441. if (null !== $postEventResponse) {
  442. return $postEventResponse;
  443. }
  444. }
  446. return $this->redirectHandler->redirectToIndex($configuration);
  447. }
  449. public function applyStateMachineTransitionAction(Request $request): Response
  450. {
  451. $stateMachine = $this->getStateMachine();
  452. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  454. $this->isGrantedOr403($configuration, ResourceActions::UPDATE);
  455. $resource = $this->findOr404($configuration);
  457. if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid((string) $resource->getId(), $request->get('_csrf_token'))) {
  458. throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid CSRF token.');
  459. }
  461. $event = $this->eventDispatcher->dispatchPreEvent(ResourceActions::UPDATE, $configuration, $resource);
  463. if ($event->isStopped() && !$configuration->isHtmlRequest()) {
  464. throw new HttpException($event->getErrorCode(), $event->getMessage());
  465. }
  466. if ($event->isStopped()) {
  467. $this->flashHelper->addFlashFromEvent($configuration, $event);
  469. $eventResponse = $event->getResponse();
  470. if (null !== $eventResponse) {
  471. return $eventResponse;
  472. }
  474. return $this->redirectHandler->redirectToResource($configuration, $resource);
  475. }
  477. if (!$stateMachine->can($configuration, $resource)) {
  478. throw new BadRequestHttpException();
  479. }
  481. try {
  482. $this->resourceUpdateHandler->handle($resource, $configuration, $this->manager);
  483. } catch (UpdateHandlingException $exception) {
  484. if (!$configuration->isHtmlRequest()) {
  485. return $this->createRestView($configuration, $resource, $exception->getApiResponseCode());
  486. }
  488. $this->flashHelper->addErrorFlash($configuration, $exception->getFlash());
  490. return $this->redirectHandler->redirectToReferer($configuration);
  491. }
  493. if ($configuration->isHtmlRequest()) {
  494. $this->flashHelper->addSuccessFlash($configuration, ResourceActions::UPDATE, $resource);
  495. }
  497. $postEvent = $this->eventDispatcher->dispatchPostEvent(ResourceActions::UPDATE, $configuration, $resource);
  499. if (!$configuration->isHtmlRequest()) {
  500. if ($configuration->getParameters()->get('return_content', true)) {
  501. return $this->createRestView($configuration, $resource, Response::HTTP_OK);
  502. }
  504. return $this->createRestView($configuration, null, Response::HTTP_NO_CONTENT);
  505. }
  507. $postEventResponse = $postEvent->getResponse();
  508. if (null !== $postEventResponse) {
  509. return $postEventResponse;
  510. }
  512. return $this->redirectHandler->redirectToResource($configuration, $resource);
  513. }
  515. /**
  516. * @return mixed
  517. */
  518. protected function getParameter(string $name)
  519. {
  520. if (!$this->container instanceof ContainerInterface) {
  521. throw new \RuntimeException(sprintf(
  522. 'Container passed to "%s" has to implements "%s".',
  523. self::class,
  524. ContainerInterface::class,
  525. ));
  526. }
  528. return $this->container->getParameter($name);
  529. }
  531. /**
  532. * @throws AccessDeniedException
  533. */
  534. protected function isGrantedOr403(RequestConfiguration $configuration, string $permission): void
  535. {
  536. if (!$configuration->hasPermission()) {
  537. return;
  538. }
  540. $permission = $configuration->getPermission($permission);
  542. if (!$this->authorizationChecker->isGranted($configuration, $permission)) {
  543. throw new AccessDeniedException();
  544. }
  545. }
  547. /**
  548. * @throws NotFoundHttpException
  549. */
  550. protected function findOr404(RequestConfiguration $configuration): ResourceInterface
  551. {
  552. if (null === $resource = $this->singleResourceProvider->get($configuration, $this->repository)) {
  553. throw new NotFoundHttpException(sprintf('The "%s" has not been found', $this->metadata->getHumanizedName()));
  554. }
  556. return $resource;
  557. }
  559. /**
  560. * @param mixed $data
  561. */
  562. protected function createRestView(RequestConfiguration $configuration, $data, int $statusCode = null): Response
  563. {
  564. if (null === $this->viewHandler) {
  565. throw new \LogicException('You can not use the "non-html" request if FriendsOfSymfony Rest Bundle is not available. Try running "composer require friendsofsymfony/rest-bundle".');
  566. }
  568. $view = View::create($data, $statusCode);
  570. return $this->viewHandler->handle($configuration, $view);
  571. }
  573. protected function getStateMachine(): StateMachineInterface
  574. {
  575. if (null === $this->stateMachine) {
  576. throw new \LogicException('You can not use the "state-machine" if Winzou State Machine Bundle is not available. Try running "composer require winzou/state-machine-bundle".');
  577. }
  579. return $this->stateMachine;
  580. }
  581. }