vendor/shopware/core/Framework/Api/Controller/ApiController.php line 424

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Controller;
  5. use OpenApi\Annotations as OA;
  6. use Shopware\Core\Defaults;
  7. use Shopware\Core\Framework\Api\Acl\AclCriteriaValidator;
  8. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  9. use Shopware\Core\Framework\Api\Converter\ApiVersionConverter;
  10. use Shopware\Core\Framework\Api\Converter\Exceptions\ApiConversionException;
  11. use Shopware\Core\Framework\Api\Exception\InvalidVersionNameException;
  12. use Shopware\Core\Framework\Api\Exception\LiveVersionDeleteException;
  13. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  14. use Shopware\Core\Framework\Api\Exception\NoEntityClonedException;
  15. use Shopware\Core\Framework\Api\Exception\ResourceNotFoundException;
  16. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  17. use Shopware\Core\Framework\Context;
  18. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Entity;
  20. use Shopware\Core\Framework\DataAbstractionLayer\EntityCollection;
  21. use Shopware\Core\Framework\DataAbstractionLayer\EntityDefinition;
  22. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\EntityProtectionValidator;
  23. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\ReadProtection;
  24. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\WriteProtection;
  25. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
  26. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  27. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  28. use Shopware\Core\Framework\DataAbstractionLayer\Exception\DefinitionNotFoundException;
  29. use Shopware\Core\Framework\DataAbstractionLayer\Exception\MissingReverseAssociation;
  30. use Shopware\Core\Framework\DataAbstractionLayer\Field\AssociationField;
  31. use Shopware\Core\Framework\DataAbstractionLayer\Field\Field;
  32. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToManyAssociationField;
  33. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToOneAssociationField;
  34. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToManyAssociationField;
  35. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToOneAssociationField;
  36. use Shopware\Core\Framework\DataAbstractionLayer\Field\TranslationsAssociationField;
  37. use Shopware\Core\Framework\DataAbstractionLayer\FieldCollection;
  38. use Shopware\Core\Framework\DataAbstractionLayer\Search\CompositeEntitySearcher;
  39. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  40. use Shopware\Core\Framework\DataAbstractionLayer\Search\EntitySearchResult;
  41. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  42. use Shopware\Core\Framework\DataAbstractionLayer\Search\IdSearchResult;
  43. use Shopware\Core\Framework\DataAbstractionLayer\Search\RequestCriteriaBuilder;
  44. use Shopware\Core\Framework\DataAbstractionLayer\Write\CloneBehavior;
  45. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  46. use Shopware\Core\Framework\Routing\Annotation\Since;
  47. use Shopware\Core\Framework\Uuid\Exception\InvalidUuidException;
  48. use Shopware\Core\Framework\Uuid\Uuid;
  49. use Shopware\Core\PlatformRequest;
  50. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  51. use Symfony\Component\HttpFoundation\JsonResponse;
  52. use Symfony\Component\HttpFoundation\Request;
  53. use Symfony\Component\HttpFoundation\Response;
  54. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  55. use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
  56. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  57. use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
  58. use Symfony\Component\Routing\Annotation\Route;
  59. use Symfony\Component\Serializer\Exception\InvalidArgumentException;
  60. use Symfony\Component\Serializer\Exception\UnexpectedValueException;
  61. use Symfony\Component\Serializer\Serializer;
  63. /**
  64.  * @RouteScope(scopes={"api"})
  65.  */
  66. class ApiController extends AbstractController
  67. {
  68.     public const WRITE_UPDATE 'update';
  69.     public const WRITE_CREATE 'create';
  70.     public const WRITE_DELETE 'delete';
  72.     /**
  73.      * @var DefinitionInstanceRegistry
  74.      */
  75.     private $definitionRegistry;
  77.     /**
  78.      * @var Serializer
  79.      */
  80.     private $serializer;
  82.     /**
  83.      * @var RequestCriteriaBuilder
  84.      */
  85.     private $searchCriteriaBuilder;
  87.     /**
  88.      * @var CompositeEntitySearcher
  89.      */
  90.     private $compositeEntitySearcher;
  92.     /**
  93.      * @var ApiVersionConverter
  94.      */
  95.     private $apiVersionConverter;
  97.     /**
  98.      * @var EntityProtectionValidator
  99.      */
  100.     private $entityProtectionValidator;
  102.     /**
  103.      * @var AclCriteriaValidator
  104.      */
  105.     private $criteriaValidator;
  107.     public function __construct(
  108.         DefinitionInstanceRegistry $definitionRegistry,
  109.         Serializer $serializer,
  110.         RequestCriteriaBuilder $searchCriteriaBuilder,
  111.         CompositeEntitySearcher $compositeEntitySearcher,
  112.         ApiVersionConverter $apiVersionConverter,
  113.         EntityProtectionValidator $entityProtectionValidator,
  114.         AclCriteriaValidator $criteriaValidator
  115.     ) {
  116.         $this->definitionRegistry $definitionRegistry;
  117.         $this->serializer $serializer;
  118.         $this->searchCriteriaBuilder $searchCriteriaBuilder;
  119.         $this->compositeEntitySearcher $compositeEntitySearcher;
  120.         $this->apiVersionConverter $apiVersionConverter;
  121.         $this->entityProtectionValidator $entityProtectionValidator;
  122.         $this->criteriaValidator $criteriaValidator;
  123.     }
  125.     /**
  126.      * @Since("6.0.0.0")
  127.      * @OA\Get(
  128.      *      path="/_search",
  129.      *      summary="Search for multiple entites by a given term",
  130.      *      operationId="compositeSearch",
  131.      *      tags={"Admin Api"},
  132.      *      @OA\Parameter(
  133.      *          name="limit",
  134.      *          in="query",
  135.      *          description="Max amount of resources per entity",
  136.      *          @OA\Schema(type="integer"),
  137.      *      ),
  138.      *      @OA\Parameter(
  139.      *          name="term",
  140.      *          in="query",
  141.      *          description="The term to search for",
  142.      *          required=true,
  143.      *          @OA\Schema(type="string")
  144.      *      ),
  145.      *      @OA\Response(
  146.      *          response="200",
  147.      *          description="The list of found entities",
  148.      *          @OA\JsonContent(
  149.      *              type="array",
  150.      *              @OA\Items(
  151.      *                  type="object",
  152.      *                  @OA\Property(
  153.      *                      property="entity",
  154.      *                      type="string",
  155.      *                      description="The name of the entity",
  156.      *                  ),
  157.      *                  @OA\Property(
  158.      *                      property="total",
  159.      *                      type="integer",
  160.      *                      description="The total amount of search results for this entity",
  161.      *                  ),
  162.      *                  @OA\Property(
  163.      *                      property="entities",
  164.      *                      type="array",
  165.      *                      description="The found entities",
  166.      *                      @OA\Items(type="object", additionalProperties=true),
  167.      *                  ),
  168.      *              ),
  169.      *          ),
  170.      *      ),
  171.      *      @OA\Response(
  172.      *          response="400",
  173.      *          ref="#/components/responses/400"
  174.      *      ),
  175.      *     @OA\Response(
  176.      *          response="401",
  177.      *          ref="#/components/responses/401"
  178.      *      )
  179.      * )
  180.      * @Route("/api/v{version}/_search", name="api.composite.search", methods={"GET","POST"}, requirements={"version"="\d+"})
  181.      */
  182.     public function compositeSearch(Request $requestContext $contextint $version): JsonResponse
  183.     {
  184.         $term $request->query->get('term');
  185.         $limit $request->query->getInt('limit'5);
  187.         $results $this->compositeEntitySearcher->search($term$limit$context$version);
  189.         foreach ($results as &$result) {
  190.             $definition $this->definitionRegistry->getByEntityName($result['entity']);
  191.             /** @var EntityCollection $entityCollection */
  192.             $entityCollection $result['entities'];
  193.             $entities = [];
  194.             foreach ($entityCollection->getElements() as $key => $entity) {
  195.                 $entities[$key] = $this->apiVersionConverter->convertEntity($definition$entity$version);
  196.             }
  197.             $result['entities'] = $entities;
  198.         }
  200.         return new JsonResponse(['data' => $results]);
  201.     }
  203.     /**
  204.      * @Since("6.0.0.0")
  205.      * @Route("/api/v{version}/_action/clone/{entity}/{id}", name="api.clone", methods={"POST"}, requirements={
  206.      *     "version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  207.      * })
  208.      *
  209.      * @throws DefinitionNotFoundException
  210.      */
  211.     public function clone(Context $contextstring $entitystring $idint $versionRequest $request): JsonResponse
  212.     {
  213.         $behavior = new CloneBehavior(
  214.             $request->request->get('overwrites', []),
  215.             $request->request->get('cloneChildren'true)
  216.         );
  218.         $entity $this->urlToSnakeCase($entity);
  219.         $this->checkIfRouteAvailableInApiVersion($entity$version);
  221.         $definition $this->definitionRegistry->getByEntityName($entity);
  222.         $missing $this->validateAclPermissions($context$definitionAclRoleDefinition::PRIVILEGE_CREATE);
  223.         if ($missing) {
  224.             throw new MissingPrivilegeException([$missing]);
  225.         }
  227.         $eventContainer $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($definition$id$behavior): EntityWrittenContainerEvent {
  228.             /** @var EntityRepository $entityRepo */
  229.             $entityRepo $this->definitionRegistry->getRepository($definition->getEntityName());
  231.             return $entityRepo->clone($id$contextnull$behavior);
  232.         });
  234.         $event $eventContainer->getEventByEntityName($definition->getEntityName());
  235.         if (!$event) {
  236.             throw new NoEntityClonedException($entity$id);
  237.         }
  239.         $ids $event->getIds();
  240.         $newId array_shift($ids);
  242.         return new JsonResponse(['id' => $newId]);
  243.     }
  245.     /**
  246.      * @Since("6.0.0.0")
  247.      * @Route("/api/v{version}/_action/version/{entity}/{id}", name="api.createVersion", methods={"POST"},
  248.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  249.      * })
  250.      *
  251.      * @throws InvalidUuidException
  252.      * @throws InvalidVersionNameException
  253.      */
  254.     public function createVersion(Request $requestContext $contextstring $entitystring $idint $version): Response
  255.     {
  256.         $entity $this->urlToSnakeCase($entity);
  257.         $this->checkIfRouteAvailableInApiVersion($entity$version);
  259.         $versionId $request->request->get('versionId');
  260.         $versionName $request->request->get('versionName');
  262.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  263.             throw new InvalidUuidException($versionId);
  264.         }
  266.         if ($versionName !== null && !ctype_alnum($versionName)) {
  267.             throw new InvalidVersionNameException();
  268.         }
  270.         try {
  271.             $entityDefinition $this->definitionRegistry->getByEntityName($entity);
  272.         } catch (DefinitionNotFoundException $e) {
  273.             throw new NotFoundHttpException($e->getMessage(), $e);
  274.         }
  276.         $versionId $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entityDefinition$id$versionName$versionId): string {
  277.             return $this->definitionRegistry->getRepository($entityDefinition->getEntityName())->createVersion($id$context$versionName$versionId);
  278.         });
  280.         return new JsonResponse([
  281.             'versionId' => $versionId,
  282.             'versionName' => $versionName,
  283.             'id' => $id,
  284.             'entity' => $entity,
  285.         ]);
  286.     }
  288.     /**
  289.      * @Since("6.0.0.0")
  290.      * @Route("/api/v{version}/_action/version/merge/{entity}/{versionId}", name="api.mergeVersion", methods={"POST"},
  291.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "versionId"="[0-9a-f]{32}"
  292.      * })
  293.      *
  294.      * @throws InvalidUuidException
  295.      */
  296.     public function mergeVersion(Context $contextstring $entitystring $versionIdint $version): JsonResponse
  297.     {
  298.         $entity $this->urlToSnakeCase($entity);
  299.         $this->checkIfRouteAvailableInApiVersion($entity$version);
  301.         if (!Uuid::isValid($versionId)) {
  302.             throw new InvalidUuidException($versionId);
  303.         }
  305.         $entityDefinition $this->getEntityDefinition($entity);
  306.         $repository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  308.         // change scope to be able to update write protected fields
  309.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($repository$versionId): void {
  310.             $repository->merge($versionId$context);
  311.         });
  313.         return new JsonResponse(nullResponse::HTTP_NO_CONTENT);
  314.     }
  316.     /**
  317.      * @Since("6.0.0.0")
  318.      * @Route("/api/v{version}/_action/version/{versionId}/{entity}/{entityId}", name="api.deleteVersion", methods={"POST"},
  319.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  320.      * })
  321.      *
  322.      * @throws InvalidUuidException
  323.      * @throws InvalidVersionNameException
  324.      * @throws LiveVersionDeleteException
  325.      */
  326.     public function deleteVersion(Context $contextstring $entitystring $entityIdstring $versionId): JsonResponse
  327.     {
  328.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  329.             throw new InvalidUuidException($versionId);
  330.         }
  332.         if ($versionId === Defaults::LIVE_VERSION) {
  333.             throw new LiveVersionDeleteException();
  334.         }
  336.         if ($entityId !== null && !Uuid::isValid($entityId)) {
  337.             throw new InvalidUuidException($entityId);
  338.         }
  340.         try {
  341.             $entityDefinition $this->definitionRegistry->getByEntityName($this->urlToSnakeCase($entity));
  342.         } catch (DefinitionNotFoundException $e) {
  343.             throw new NotFoundHttpException($e->getMessage(), $e);
  344.         }
  346.         $versionContext $context->createWithVersionId($versionId);
  348.         $entityRepository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  350.         $versionContext->scope(Context::CRUD_API_SCOPE, function (Context $versionContext) use ($entityId$entityRepository): void {
  351.             $entityRepository->delete([['id' => $entityId]], $versionContext);
  352.         });
  354.         $versionRepository $this->definitionRegistry->getRepository('version');
  355.         $versionRepository->delete([['id' => $versionId]], $context);
  357.         return new JsonResponse();
  358.     }
  360.     public function detail(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  361.     {
  362.         $pathSegments $this->buildEntityPath($entityName$path$request->attributes->getInt('version'), $context);
  363.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  365.         $root $pathSegments[0]['entity'];
  366.         $id $pathSegments[\count($pathSegments) - 1]['value'];
  368.         $definition $this->definitionRegistry->getByEntityName($root);
  370.         $associations array_column($pathSegments'entity');
  371.         array_shift($associations);
  373.         if (empty($associations)) {
  374.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  375.         } else {
  376.             $field $this->getAssociation($definition->getFields(), $associations);
  378.             $definition $field->getReferenceDefinition();
  379.             if ($field instanceof ManyToManyAssociationField) {
  380.                 $definition $field->getToManyReferenceDefinition();
  381.             }
  383.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  384.         }
  386.         $criteria = new Criteria();
  387.         $criteria $this->searchCriteriaBuilder->handleRequest($request$criteria$definition$context);
  389.         $criteria->setIds([$id]);
  391.         // trigger acl validation
  392.         $missing $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  393.         $permissions array_unique(array_filter(array_merge($permissions$missing)));
  395.         if (!empty($permissions)) {
  396.             throw new MissingPrivilegeException($permissions);
  397.         }
  399.         $entity $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria$id): ?Entity {
  400.             return $repository->search($criteria$context)->get($id);
  401.         });
  403.         if ($entity === null) {
  404.             throw new ResourceNotFoundException($definition->getEntityName(), ['id' => $id]);
  405.         }
  407.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context);
  408.     }
  410.     public function searchIds(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  411.     {
  412.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  414.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): IdSearchResult {
  415.             return $repository->searchIds($criteria$context);
  416.         });
  418.         return new JsonResponse([
  419.             'total' => $result->getTotal(),
  420.             'data' => array_values($result->getIds()),
  421.         ]);
  422.     }
  424.     public function search(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  425.     {
  426.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  428.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  429.             return $repository->search($criteria$context);
  430.         });
  432.         $definition $this->getDefinitionOfPath($entityName$path$request$context);
  434.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  435.     }
  437.     public function list(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  438.     {
  439.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  441.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  442.             return $repository->search($criteria$context);
  443.         });
  445.         $definition $this->getDefinitionOfPath($entityName$path$request$context);
  447.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  448.     }
  450.     public function create(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  451.     {
  452.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_CREATE);
  453.     }
  455.     public function update(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  456.     {
  457.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_UPDATE);
  458.     }
  460.     public function delete(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  461.     {
  462.         $pathSegments $this->buildEntityPath($entityName$path$request->attributes->getInt('version'), $context, [WriteProtection::class]);
  464.         $last $pathSegments[\count($pathSegments) - 1];
  466.         $id $last['value'];
  468.         $first array_shift($pathSegments);
  470.         /* @var EntityDefinition $definition */
  471.         if (\count($pathSegments) === 0) {
  472.             //first api level call /product/{id}
  473.             $definition $first['definition'];
  475.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE$request->attributes->getInt('version'));
  477.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  478.         }
  480.         $child array_pop($pathSegments);
  481.         $parent $first;
  482.         if (!empty($pathSegments)) {
  483.             $parent array_pop($pathSegments);
  484.         }
  486.         $definition $child['definition'];
  488.         /** @var AssociationField $association */
  489.         $association $child['field'];
  491.         // DELETE api/product/{id}/manufacturer/{id}
  492.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  493.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE$request->attributes->getInt('version'));
  495.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  496.         }
  498.         // DELETE api/product/{id}/category/{id}
  499.         if ($association instanceof ManyToManyAssociationField) {
  500.             $local $definition->getFields()->getByStorageName(
  501.                 $association->getMappingLocalColumn()
  502.             );
  504.             $reference $definition->getFields()->getByStorageName(
  505.                 $association->getMappingReferenceColumn()
  506.             );
  508.             $mapping = [
  509.                 $local->getPropertyName() => $parent['value'],
  510.                 $reference->getPropertyName() => $id,
  511.             ];
  512.             /** @var EntityDefinition $parentDefinition */
  513.             $parentDefinition $parent['definition'];
  515.             if ($parentDefinition->isVersionAware()) {
  516.                 $versionField $parentDefinition->getEntityName() . 'VersionId';
  517.                 $mapping[$versionField] = $context->getVersionId();
  518.             }
  520.             if ($association->getToManyReferenceDefinition()->isVersionAware()) {
  521.                 $versionField $association->getToManyReferenceDefinition()->getEntityName() . 'VersionId';
  523.                 $mapping[$versionField] = Defaults::LIVE_VERSION;
  524.             }
  526.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE$request->attributes->getInt('version'));
  528.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  529.         }
  531.         if ($association instanceof TranslationsAssociationField) {
  532.             /** @var EntityTranslationDefinition $refClass */
  533.             $refClass $association->getReferenceDefinition();
  535.             $refPropName $refClass->getFields()->getByStorageName($association->getReferenceField())->getPropertyName();
  536.             $refLanguagePropName $refClass->getPrimaryKeys()->getByStorageName($association->getLanguageField())->getPropertyName();
  538.             $mapping = [
  539.                 $refPropName => $parent['value'],
  540.                 $refLanguagePropName => $id,
  541.             ];
  543.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE$request->attributes->getInt('version'));
  545.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  546.         }
  548.         if ($association instanceof OneToManyAssociationField) {
  549.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE$request->attributes->getInt('version'));
  551.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  552.         }
  554.         throw new \RuntimeException(sprintf('Unsupported association for field %s'$association->getPropertyName()));
  555.     }
  557.     private function resolveSearch(Request $requestContext $contextstring $entityNamestring $path): array
  558.     {
  559.         $pathSegments $this->buildEntityPath($entityName$path$request->attributes->getInt('version'), $context);
  560.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  562.         $first array_shift($pathSegments);
  564.         /** @var EntityDefinition|string $definition */
  565.         $definition $first['definition'];
  567.         if (!$definition) {
  568.             throw new NotFoundHttpException('The requested entity does not exist.');
  569.         }
  571.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  573.         $criteria = new Criteria();
  574.         if (empty($pathSegments)) {
  575.             $criteria $this->searchCriteriaBuilder->handleRequest($request$criteria$definition$context);
  577.             // trigger acl validation
  578.             $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  579.             $permissions array_unique(array_filter(array_merge($permissions$nested)));
  581.             if (!empty($permissions)) {
  582.                 throw new MissingPrivilegeException($permissions);
  583.             }
  585.             return [$criteria$repository];
  586.         }
  588.         $child array_pop($pathSegments);
  589.         $parent $first;
  591.         if (!empty($pathSegments)) {
  592.             $parent array_pop($pathSegments);
  593.         }
  595.         $association $child['field'];
  597.         $parentDefinition $parent['definition'];
  599.         $definition $child['definition'];
  600.         if ($association instanceof ManyToManyAssociationField) {
  601.             $definition $association->getToManyReferenceDefinition();
  602.         }
  604.         $criteria $this->searchCriteriaBuilder->handleRequest($request$criteria$definition$context);
  606.         if ($association instanceof ManyToManyAssociationField) {
  607.             //fetch inverse association definition for filter
  608.             $reverse $definition->getFields()->filter(
  609.                 function (Field $field) use ($association) {
  610.                     return $field instanceof ManyToManyAssociationField && $association->getMappingDefinition() === $field->getMappingDefinition();
  611.                 }
  612.             );
  614.             //contains now the inverse side association: category.products
  615.             $reverse $reverse->first();
  616.             if (!$reverse) {
  617.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  618.             }
  620.             /* @var ManyToManyAssociationField $reverse */
  621.             $criteria->addFilter(
  622.                 new EqualsFilter(
  623.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  624.                     $parent['value']
  625.                 )
  626.             );
  628.             /** @var EntityDefinition $parentDefinition */
  629.             if ($parentDefinition->isVersionAware()) {
  630.                 $criteria->addFilter(
  631.                     new EqualsFilter(
  632.                         sprintf('%s.%s.versionId'$definition->getEntityName(), $reverse->getPropertyName()),
  633.                         $context->getVersionId()
  634.                     )
  635.                 );
  636.             }
  637.         } elseif ($association instanceof OneToManyAssociationField) {
  638.             /*
  639.              * Example
  640.              * Route:           /api/product/SW1/prices
  641.              * $definition:     \Shopware\Core\Content\Product\Definition\ProductPriceDefinition
  642.              */
  644.             //get foreign key definition of reference
  645.             $foreignKey $definition->getFields()->getByStorageName(
  646.                 $association->getReferenceField()
  647.             );
  649.             $criteria->addFilter(
  650.                 new EqualsFilter(
  651.                 //add filter to parent value: prices.productId = SW1
  652.                     $definition->getEntityName() . '.' $foreignKey->getPropertyName(),
  653.                     $parent['value']
  654.                 )
  655.             );
  656.         } elseif ($association instanceof ManyToOneAssociationField) {
  657.             /*
  658.              * Example
  659.              * Route:           /api/product/SW1/manufacturer
  660.              * $definition:     \Shopware\Core\Content\Product\Aggregate\ProductManufacturer\ProductManufacturerDefinition
  661.              */
  663.             //get inverse association to filter to parent value
  664.             $reverse $definition->getFields()->filter(
  665.                 function (Field $field) use ($parentDefinition) {
  666.                     return $field instanceof AssociationField && $parentDefinition === $field->getReferenceDefinition();
  667.                 }
  668.             );
  669.             $reverse $reverse->first();
  670.             if (!$reverse) {
  671.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  672.             }
  674.             /* @var OneToManyAssociationField $reverse */
  675.             $criteria->addFilter(
  676.                 new EqualsFilter(
  677.                 //filter inverse association to parent value:  manufacturer.products.id = SW1
  678.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  679.                     $parent['value']
  680.                 )
  681.             );
  682.         } elseif ($association instanceof OneToOneAssociationField) {
  683.             /*
  684.              * Example
  685.              * Route:           /api/order/xxxx/orderCustomer
  686.              * $definition:     \Shopware\Core\Checkout\Order\Aggregate\OrderCustomer\OrderCustomerDefinition
  687.              */
  689.             //get inverse association to filter to parent value
  690.             $reverse $definition->getFields()->filter(
  691.                 function (Field $field) use ($parentDefinition) {
  692.                     return $field instanceof OneToOneAssociationField && $parentDefinition === $field->getReferenceDefinition();
  693.                 }
  694.             );
  695.             $reverse $reverse->first();
  696.             if (!$reverse) {
  697.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  698.             }
  700.             /* @var OneToManyAssociationField $reverse */
  701.             $criteria->addFilter(
  702.                 new EqualsFilter(
  703.                 //filter inverse association to parent value:  order_customer.order_id = xxxx
  704.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  705.                     $parent['value']
  706.                 )
  707.             );
  708.         }
  710.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  712.         $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  713.         $permissions array_unique(array_filter(array_merge($permissions$nested)));
  715.         if (!empty($permissions)) {
  716.             throw new MissingPrivilegeException($permissions);
  717.         }
  719.         return [$criteria$repository];
  720.     }
  722.     private function getDefinitionOfPath(string $entityNamestring $pathRequest $requestContext $context): EntityDefinition
  723.     {
  724.         $pathSegments $this->buildEntityPath($entityName$path$request->attributes->getInt('version'), $context);
  726.         $first array_shift($pathSegments);
  728.         /** @var EntityDefinition|string $definition */
  729.         $definition $first['definition'];
  731.         if (empty($pathSegments)) {
  732.             return $definition;
  733.         }
  735.         $child array_pop($pathSegments);
  737.         $association $child['field'];
  739.         if ($association instanceof ManyToManyAssociationField) {
  740.             /*
  741.              * Example:
  742.              * route:           /api/product/SW1/categories
  743.              * $definition:     \Shopware\Core\Content\Category\CategoryDefinition
  744.              */
  745.             return $association->getToManyReferenceDefinition();
  746.         }
  748.         return $child['definition'];
  749.     }
  751.     private function write(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $pathstring $type): Response
  752.     {
  753.         $payload $this->getRequestBody($request);
  754.         $noContent = !$request->query->has('_response');
  755.         // safari bug prevents us from using the location header
  756.         $appendLocationHeader false;
  758.         if ($this->isCollection($payload)) {
  759.             throw new BadRequestHttpException('Only single write operations are supported. Please send the entities one by one or use the /sync api endpoint.');
  760.         }
  762.         $pathSegments $this->buildEntityPath($entityName$path$request->attributes->getInt('version'), $context, [WriteProtection::class]);
  764.         $last $pathSegments[\count($pathSegments) - 1];
  766.         if ($type === self::WRITE_CREATE && !empty($last['value'])) {
  767.             $methods = ['GET''PATCH''DELETE'];
  769.             throw new MethodNotAllowedHttpException($methodssprintf('No route found for "%s %s": Method Not Allowed (Allow: %s)'$request->getMethod(), $request->getPathInfo(), implode(', '$methods)));
  770.         }
  772.         if ($type === self::WRITE_UPDATE && isset($last['value'])) {
  773.             $payload['id'] = $last['value'];
  774.         }
  776.         $first array_shift($pathSegments);
  778.         if (\count($pathSegments) === 0) {
  779.             $definition $first['definition'];
  780.             $events $this->executeWriteOperation($definition$payload$context$type$request->attributes->getInt('version'));
  781.             $event $events->getEventByEntityName($definition->getEntityName());
  782.             $eventIds $event->getIds();
  783.             $entityId array_pop($eventIds);
  785.             if ($noContent) {
  786.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  787.             }
  789.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  790.             $criteria = new Criteria($event->getIds());
  791.             $entities $repository->search($criteria$context);
  793.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  794.         }
  796.         $child array_pop($pathSegments);
  798.         $parent $first;
  799.         if (!empty($pathSegments)) {
  800.             $parent array_pop($pathSegments);
  801.         }
  803.         /** @var EntityDefinition $definition */
  804.         $definition $child['definition'];
  806.         $association $child['field'];
  808.         $parentDefinition $parent['definition'];
  810.         /* @var Entity $entity */
  811.         if ($association instanceof OneToManyAssociationField) {
  812.             $foreignKey $definition->getFields()
  813.                 ->getByStorageName($association->getReferenceField());
  815.             $payload[$foreignKey->getPropertyName()] = $parent['value'];
  817.             $events $this->executeWriteOperation($definition$payload$context$type$request->attributes->getInt('version'));
  819.             if ($noContent) {
  820.                 return $responseFactory->createRedirectResponse($definition$parent['value'], $request$context);
  821.             }
  823.             $event $events->getEventByEntityName($definition->getEntityName());
  825.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  827.             $criteria = new Criteria($event->getIds());
  828.             $entities $repository->search($criteria$context);
  830.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  831.         }
  833.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  834.             $events $this->executeWriteOperation($definition$payload$context$type$request->attributes->getInt('version'));
  835.             $event $events->getEventByEntityName($definition->getEntityName());
  837.             $entityIds $event->getIds();
  838.             $entityId array_pop($entityIds);
  840.             $foreignKey $parentDefinition->getFields()->getByStorageName($association->getStorageName());
  842.             $payload = [
  843.                 'id' => $parent['value'],
  844.                 $foreignKey->getPropertyName() => $entityId,
  845.             ];
  847.             $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  848.             $repository->update([$payload], $context);
  850.             if ($noContent) {
  851.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  852.             }
  854.             $criteria = new Criteria($event->getIds());
  855.             $entities $repository->search($criteria$context);
  857.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  858.         }
  860.         /** @var ManyToManyAssociationField $manyToManyAssociation */
  861.         $manyToManyAssociation $association;
  863.         /** @var EntityDefinition|string $reference */
  864.         $reference $manyToManyAssociation->getToManyReferenceDefinition();
  866.         // check if we need to create the entity first
  867.         if (\count($payload) > || !\array_key_exists('id'$payload)) {
  868.             $events $this->executeWriteOperation($reference$payload$context$type$request->attributes->getInt('version'));
  869.             $event $events->getEventByEntityName($reference->getEntityName());
  871.             $ids $event->getIds();
  872.             $id array_shift($ids);
  873.         } else {
  874.             // only id provided - add assignment
  875.             $id $payload['id'];
  876.         }
  878.         $payload = [
  879.             'id' => $parent['value'],
  880.             $manyToManyAssociation->getPropertyName() => [
  881.                 ['id' => $id],
  882.             ],
  883.         ];
  885.         $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  886.         $repository->update([$payload], $context);
  888.         $repository $this->definitionRegistry->getRepository($reference->getEntityName());
  889.         $criteria = new Criteria([$id]);
  891.         $entities $repository->search($criteria$context);
  892.         $entity $entities->first();
  894.         if ($noContent) {
  895.             return $responseFactory->createRedirectResponse($reference$entity->getId(), $request$context);
  896.         }
  898.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context$appendLocationHeader);
  899.     }
  901.     private function executeWriteOperation(
  902.         EntityDefinition $entity,
  903.         array $payload,
  904.         Context $context,
  905.         string $type,
  906.         int $apiVersion
  907.     ): EntityWrittenContainerEvent {
  908.         $repository $this->definitionRegistry->getRepository($entity->getEntityName());
  910.         $conversionException = new ApiConversionException();
  911.         $payload $this->apiVersionConverter->convertPayload($entity$payload$apiVersion$conversionException);
  912.         $conversionException->tryToThrow();
  914.         $event $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$payload$entity$type): ?EntityWrittenContainerEvent {
  915.             if ($type === self::WRITE_CREATE) {
  916.                 return $repository->create([$payload], $context);
  917.             }
  919.             if ($type === self::WRITE_UPDATE) {
  920.                 return $repository->update([$payload], $context);
  921.             }
  923.             if ($type === self::WRITE_DELETE) {
  924.                 $event $repository->delete([$payload], $context);
  926.                 if (!empty($event->getErrors())) {
  927.                     throw new ResourceNotFoundException($entity->getEntityName(), $payload);
  928.                 }
  930.                 return $event;
  931.             }
  933.             return null;
  934.         });
  936.         if (!$event) {
  937.             throw new \RuntimeException('Unsupported write operation.');
  938.         }
  940.         return $event;
  941.     }
  943.     private function getAssociation(FieldCollection $fields, array $keys): AssociationField
  944.     {
  945.         $key array_shift($keys);
  947.         /** @var AssociationField $field */
  948.         $field $fields->get($key);
  950.         if (empty($keys)) {
  951.             return $field;
  952.         }
  954.         $reference $field->getReferenceDefinition();
  955.         $nested $reference->getFields();
  957.         return $this->getAssociation($nested$keys);
  958.     }
  960.     private function buildEntityPath(
  961.         string $entityName,
  962.         string $pathInfo,
  963.         int $apiVersion,
  964.         Context $context,
  965.         array $protections = [ReadProtection::class]
  966.     ): array {
  967.         $pathInfo str_replace('/extensions/''/'$pathInfo);
  968.         $exploded explode('/'$entityName '/' ltrim($pathInfo'/'));
  970.         $parts = [];
  971.         foreach ($exploded as $index => $part) {
  972.             if ($index 2) {
  973.                 continue;
  974.             }
  976.             if (empty($part)) {
  977.                 continue;
  978.             }
  980.             $value $exploded[$index 1] ?? null;
  982.             if (empty($parts)) {
  983.                 $part $this->urlToSnakeCase($part);
  984.             } else {
  985.                 $part $this->urlToCamelCase($part);
  986.             }
  988.             $parts[] = [
  989.                 'entity' => $part,
  990.                 'value' => $value,
  991.             ];
  992.         }
  994.         $parts array_filter($parts);
  995.         $first array_shift($parts);
  997.         try {
  998.             $root $this->definitionRegistry->getByEntityName($first['entity']);
  999.         } catch (DefinitionNotFoundException $e) {
  1000.             throw new NotFoundHttpException($e->getMessage(), $e);
  1001.         }
  1003.         $entities = [
  1004.             [
  1005.                 'entity' => $first['entity'],
  1006.                 'value' => $first['value'],
  1007.                 'definition' => $root,
  1008.                 'field' => null,
  1009.             ],
  1010.         ];
  1012.         foreach ($parts as $part) {
  1013.             /** @var AssociationField|null $field */
  1014.             $field $root->getFields()->get($part['entity']);
  1015.             if (!$field) {
  1016.                 $path implode('.'array_column($entities'entity')) . '.' $part['entity'];
  1018.                 throw new NotFoundHttpException(sprintf('Resource at path "%s" is not an existing relation.'$path));
  1019.             }
  1021.             if ($field instanceof ManyToManyAssociationField) {
  1022.                 $root $field->getToManyReferenceDefinition();
  1023.             } else {
  1024.                 $root $field->getReferenceDefinition();
  1025.             }
  1027.             $entities[] = [
  1028.                 'entity' => $part['entity'],
  1029.                 'value' => $part['value'],
  1030.                 'definition' => $field->getReferenceDefinition(),
  1031.                 'field' => $field,
  1032.             ];
  1033.         }
  1035.         $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entities$protections): void {
  1036.             $this->entityProtectionValidator->validateEntityPath($entities$protections$context);
  1037.         });
  1038.         $this->apiVersionConverter->validateEntityPath($entities$apiVersion);
  1040.         return $entities;
  1041.     }
  1043.     private function urlToSnakeCase(string $name): string
  1044.     {
  1045.         return str_replace('-''_'$name);
  1046.     }
  1048.     private function urlToCamelCase(string $name): string
  1049.     {
  1050.         $parts explode('-'$name);
  1051.         $parts array_map('ucfirst'$parts);
  1053.         return lcfirst(implode(''$parts));
  1054.     }
  1056.     /**
  1057.      * Return a nested array structure of based on the content-type
  1058.      */
  1059.     private function getRequestBody(Request $request): array
  1060.     {
  1061.         $contentType $request->headers->get('CONTENT_TYPE''');
  1062.         $semicolonPosition mb_strpos($contentType';');
  1064.         if ($semicolonPosition !== false) {
  1065.             $contentType mb_substr($contentType0$semicolonPosition);
  1066.         }
  1068.         try {
  1069.             switch ($contentType) {
  1070.                 case 'application/vnd.api+json':
  1071.                     return $this->serializer->decode($request->getContent(), 'jsonapi');
  1072.                 case 'application/json':
  1073.                     return $request->request->all();
  1074.             }
  1075.         } catch (InvalidArgumentException UnexpectedValueException $exception) {
  1076.             throw new BadRequestHttpException($exception->getMessage());
  1077.         }
  1079.         throw new UnsupportedMediaTypeHttpException(sprintf('The Content-Type "%s" is unsupported.'$contentType));
  1080.     }
  1082.     private function isCollection(array $array): bool
  1083.     {
  1084.         return array_keys($array) === range(0, \count($array) - 1);
  1085.     }
  1087.     private function hasScope(Request $requeststring $scopeIdentifier): bool
  1088.     {
  1089.         $scopes array_flip($request->attributes->get(PlatformRequest::ATTRIBUTE_OAUTH_SCOPES));
  1091.         return isset($scopes[$scopeIdentifier]);
  1092.     }
  1094.     private function getEntityDefinition(string $entityName): EntityDefinition
  1095.     {
  1096.         try {
  1097.             $entityDefinition $this->definitionRegistry->getByEntityName($entityName);
  1098.         } catch (DefinitionNotFoundException $e) {
  1099.             throw new NotFoundHttpException($e->getMessage(), $e);
  1100.         }
  1102.         return $entityDefinition;
  1103.     }
  1105.     private function validateAclPermissions(Context $contextEntityDefinition $entitystring $privilege): ?string
  1106.     {
  1107.         $resource $entity->getEntityName();
  1109.         if ($entity instanceof EntityTranslationDefinition) {
  1110.             $resource $entity->getParentDefinition()->getEntityName();
  1111.         }
  1113.         if (!$context->isAllowed($resource ':' $privilege)) {
  1114.             return $resource ':' $privilege;
  1115.         }
  1117.         return null;
  1118.     }
  1120.     private function validatePathSegments(Context $context, array $pathSegmentsstring $privilege): array
  1121.     {
  1122.         $child array_pop($pathSegments);
  1124.         $missing = [];
  1126.         foreach ($pathSegments as $segment) {
  1127.             // you need detail privileges for every parent entity
  1128.             $missing[] = $this->validateAclPermissions(
  1129.                 $context,
  1130.                 $this->getDefinitionForPathSegment($segment),
  1131.                 AclRoleDefinition::PRIVILEGE_READ
  1132.             );
  1133.         }
  1135.         $missing[] = $this->validateAclPermissions($context$this->getDefinitionForPathSegment($child), $privilege);
  1137.         return array_unique(array_filter($missing));
  1138.     }
  1140.     private function getDefinitionForPathSegment(array $segment): EntityDefinition
  1141.     {
  1142.         $definition $segment['definition'];
  1144.         if ($segment['field'] instanceof ManyToManyAssociationField) {
  1145.             $definition $segment['field']->getToManyReferenceDefinition();
  1146.         }
  1148.         return $definition;
  1149.     }
  1151.     private function checkIfRouteAvailableInApiVersion(string $entityint $version): void
  1152.     {
  1153.         if (!$this->apiVersionConverter->isAllowed($entitynull$version)) {
  1154.             throw new NotFoundHttpException();
  1155.         }
  1156.     }
  1157. }