Skip to content

SecurityLink does not work with doctrine Entities #7797

@lyrixx

Description

@lyrixx

API Platform version(s) affected: 4.2.17

Description
We use the new feature about UriVariables, and it works well with DTO.
But with doctrine entities, it does not work as expected:

        new GetCollection(
            uriTemplate: '/redirection-plans/{plan}/pairings',
            uriVariables: [
                'plan' => new Link(
                    fromClass: Plan::class,
                    provider: ReadLinkParameterProvider::class,
                    security: "true", // We fake it, so simplify the reproducer !
                ),
            ],
            security: 'true', // Security is done at the uriVariable level
        ),

It genereted this kind of doctrine SQL:

SELECT o FROM App\Entity\Pairing o WHERE o_a1.id = :id_p1

Then it crashes:

[Semantical Error] line 0, col 41 near 'o_a1.id = :id_p1': Error: 'o_a1' is not defined.

How to reproduce
I created a reproducer, you clone it, install it, start a webserver, then run:

curl --request GET \
  --url https://127.0.0.1:8000/api/redirection-plans/3b78b4d3-f292-4876-85e4-7d5be788d18c/pairings

Possible Solution

I think the culprit is here:

$currentAlias = $fromClass === $entityClass ? $alias : $queryNameGenerator->generateJoinAlias($alias);
foreach ($identifierProperties as $identifierProperty) {
$placeholder = $queryNameGenerator->generateParameterName($identifierProperty);
$queryBuilder->andWhere("$currentAlias.$identifierProperty = :$placeholder");
$queryBuilder->setParameter($placeholder, $this->getIdentifierValue($identifiers, $hasCompositeIdentifiers ? $identifierProperty : null), $fromClassMetadata->getTypeOfField($identifierProperty));
}

This code lost some information, and use the queryNameGenerator to get the current alias. But there is no alias here (o) !

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions