Adding a function that grabs the ID from the request

[catharsisjelly]

Subject

Added a RouteIdHandlerInterface component that will allow developers to change how the ID is taken from the route in the request. By default, it will take the ID from the ID parameter. But the intention is to be able to easily add a component that will decode any encoded IDs. For example using something like HashIds to secure routes from users.

Changelog

### Added
- RouteIdHandler that decides how to process the ID in the route on CRUDController

[catharsisjelly]

I wanted to suggest actually deleting the parameter in the action function as it is not used and a bit misleading

[catharsisjelly]

I'll open a separate issue for this so it is at least logged

[catharsisjelly]

See #3970

[jlamur]

Hey @catharsisjelly, thank you for contributing to Sonata!

I'm targeting 3.x as it is the main branch I use, when I tried to switch it to 2.x the PR became huge and I got scared.

It's normal since 2.x is not maintained anymore. The purpose of this sentence in the PR template is to make sure you target master if your changes are not BC, and 3.x if they are. 2.x is never targeted.

---

About the PR itself, I think it would be better to migrate this function (CRUDController::getObjectIDFromRequest(...)) into the AbstractAdmin or even better IMO, you could create a new component (for example something like RouteIdHandler). Let other contributors decide what's best.

Anyway, I'm almost sure that simply creating a new function into the controller won't be accepted.

[catharsisjelly]

@jlamur No problem, thanks for taking a look and the feedback. I was looking for a quick solution to a situation that came up when using Sonata so hence the quick PR. I agree this could be farmed out to a service that does a very specific job possibly even resolving the object so I'll suggest it could be called ObjectResolver or ObjectIDResolver into the mix. I'll be happy to do this and then pull in the service via the container. Will wait for guidance from other Sonata peeps before changing though.

[core23]

final?

[catharsisjelly]

Why do you think this should be final? If I make this final then I can't override it which would defeat the reason I made it in the first place.

[core23]

Sorry, didn't read the full PR body 😅

[core23]

-getObjectIDFromRequest
+getObjectIdFromRequest

[catharsisjelly]

Done.

[OskarStark]

any news here @catharsisjelly ?

[catharsisjelly]

@OskarStark Sorry I missed the last bit of feedback but have updated the function name, is there anything else that needs changing/adding?

[jlamur]

@OskarStark Do you have any opinion on what I wrote before?

[OskarStark]

I like the idea of the RouteIdHandler, it could be very powerful, what do you think @core23 @greg0ire ?

[greg0ire]

Not adding anything to the AbstractAdmin is best, a new component would indeed be great. You would solve your issue by implementing the interface of this component as you see fit.

[catharsisjelly]

@jlamur @OskarStark @greg0ire I'll move this out to a RouteIdHandler service over the weekend if I find the time, thanks for the feedback

[catharsisjelly]

I've added the handle, was not sure where to put it so any advice on where you might want it. Test has been written, let me know if there is a better place to put it or you want to implement this differently.

[greg0ire]

Please configure your IDE to always add a newline at end of file, this will make the red pictogram disappear.

[greg0ire]

Same for the test file.

[catharsisjelly]

Done and done, see next push

[greg0ire]

Should be final and implement an interface

[catharsisjelly]

You want me to just make a RouteIdHandlerInterface or something more generic?

[greg0ire]

I'd like to see your implementation, with the hash decoding, it will help understand what the purpose of this is, and maybe a better name.

[greg0ire]

Can you show the override with the hash decoding so we better understand the issue?

[greg0ire]

This should be renamed to sonata.admin.default_route_id_handler. sonata.admin.route_id_handler should be an alias you would use for your custom implementation.

[greg0ire]

This means that you would use it for every admin.

[jlamur]

A short cookbook entry about it would be great! Required or not @greg0ire?

[jlamur]

What I had in mind was RouteIdHandlerInterface::getIdFromRequest(Request $request) and RouteIdHandlerInterface::getIdFromSubject($subject). Also the service would have been added to the admin like for example the ModelManager, and could be overriden for each admin or globally.

And then the Admin would have used the RouteIdHandlerInterface service to generate urls.

[catharsisjelly]

@jlamur thank you that really helps clarify how it would be preferred to be done. I'm going home now but I'll make those changes as soon as I can.

[greg0ire]

@jlamur this makes the admin class grow though. The goal in the future is to split it into components, that it would still know about first, but that we would make independent after that. Let's think hard about how we can avoid editing AbstractAdmin.php at all.

[greg0ire]

Related : #2286 #4440

[greg0ire]

I think maybe the override by admin is not needed at first, what do you think?

[greg0ire]

• "ikt" => "it"
• "ID's" => "IDs"

[greg0ire]

Please comply with the sf docs standards:

Each line should break approximately after the first word that crosses the 72nd character (so most lines end up being 72-78 characters);

[catharsisjelly]

Ah, I've never written RST docs before, I will check the standard and work on the cookbook doc first so it will help understand the change that is needed.

[greg0ire]

The less you override, the better

[jlamur]

@greg0ire You argued to not do it because it would make the admin class grow.

[greg0ire]

@jlamur is there no way to have the controller figure out things by giving it an admin and a route id handler? It could ask the latter to provide an encoded id, then call AbstractAdmin::generateUrl itself? But not calling generateObjectUrl would probably be a BC-break since that method is overriden, which means we should do that iff the route id handler is not the default one... ugly.

[greg0ire]

@greg0ire did you mean "outside the admin"?

No, I really did mean outside the controller. Anything not dealing directly with HTTP should be outside the controller.

[catharsisjelly]

My idea was this, to change generateObjectUrl to always use the handler so something like

public function generateObjectUrl($name, $object, array $parameters = [], $absolute = UrlGeneratorInterface::ABSOLUTE_PATH)
{
    $parameters['id'] = $this->container->get('sonata.admin.route_id_handler')->encode($this->getUrlsafeIdentifier($object));

    return $this->generateUrl($name, $parameters, $absolute);
}

By the looks of it I can get the container in AbstractAdmin by $this->getConfigurationPool()->getContainer()

That's a little convoluted perhaps but before I go change it all I wanted to just check we all have the same idea

[greg0ire]

@catharsisjelly I think it would be better to not touch the admin class, and avoid coupling it even more with the sf container, which looks like a mistake to me.

IMO we should merge this as is, and ultimately move all the route generation outside the admin class, in a service implementing just https://github.com/sonata-project/SonataAdminBundle/blob/3.x/Admin/UrlGeneratorInterface.php . But this is too much to ask you IMO

[SonataCI]

Could you please rebase your PR and fix merge conflicts?

[SonataCI]

Could you please rebase your PR and fix merge conflicts?

[catharsisjelly]

I seem to of royally foobar'ed the branch, I have another copy of it in the office. I'll force push that and rebase again on Monday.. DOH!

[greg0ire]

Otherwise, use git reflog and reset to a pre fuck-up state then force push

[catharsisjelly]

Branch no longer foobared.. Hurrah!

[greg0ire]

@core23 please review again

[greg0ire]

Congrats @catharsisjelly !

[wingsergey]

After composer update with this release I got [Symfony\Component\DependencyInjection\Exception\RuntimeException] Unable to resolve service "AppBundle\Admin\XxxAdmin": method "setRouteIdHandler()" does not exist.
On v3.23.0 all is ok.

Please investigate

[jlamur]

@wingsergey Please open a new issue with the full stack trace and bundle versions (or branch in this case, because this PR is not in any release).

[catharsisjelly]

@wingsergey I'm not seeing this, when you open the ticket can you reference this PR so I can take a look