New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding a function that grabs the ID from the request #4591
Adding a function that grabs the ID from the request #4591
Conversation
@@ -157,7 +157,7 @@ public function batchActionDelete(ProxyQueryInterface $query) | |||
public function deleteAction($id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to suggest actually deleting the parameter in the action function as it is not used and a bit misleading
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll open a separate issue for this so it is at least logged
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #3970
Hey @catharsisjelly, thank you for contributing to Sonata!
It's normal since About the PR itself, I think it would be better to migrate this function ( Anyway, I'm almost sure that simply creating a new function into the controller won't be accepted. |
@jlamur No problem, thanks for taking a look and the feedback. I was looking for a quick solution to a situation that came up when using Sonata so hence the quick PR. I agree this could be farmed out to a service that does a very specific job possibly even resolving the object so I'll suggest it could be called |
Controller/CRUDController.php
Outdated
* | ||
* @return array | ||
*/ | ||
protected function getObjectIDFromRequest(Request $request) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
final?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you think this should be final
? If I make this final
then I can't override it which would defeat the reason I made it in the first place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, didn't read the full PR body 😅
Controller/CRUDController.php
Outdated
* | ||
* @return array | ||
*/ | ||
protected function getObjectIDFromRequest(Request $request) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-getObjectIDFromRequest
+getObjectIdFromRequest
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
any news here @catharsisjelly ? |
@OskarStark Sorry I missed the last bit of feedback but have updated the function name, is there anything else that needs changing/adding? |
@OskarStark Do you have any opinion on what I wrote before? |
Not adding anything to the |
@jlamur @OskarStark @greg0ire I'll move this out to a |
I've added the handle, was not sure where to put it so any advice on where you might want it. Test has been written, let me know if there is a better place to put it or you want to implement this differently. |
Route/RouteIdHandler.php
Outdated
{ | ||
return $request->get($admin->getIdParameter()); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please configure your IDE to always add a newline at end of file, this will make the red pictogram disappear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same for the test file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done and done, see next push
Route/RouteIdHandler.php
Outdated
use Sonata\AdminBundle\Admin\AdminInterface; | ||
use Symfony\Component\HttpFoundation\Request; | ||
|
||
class RouteIdHandler |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be final and implement an interface
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You want me to just make a RouteIdHandlerInterface
or something more generic?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to see your implementation, with the hash decoding, it will help understand what the purpose of this is, and maybe a better name.
Can you show the override with the hash decoding so we better understand the issue? |
@@ -27,6 +27,7 @@ | |||
<service id="sonata.admin.breadcrumbs_builder" class="Sonata\AdminBundle\Admin\BreadcrumbsBuilder"> | |||
<argument>%sonata.admin.configuration.breadcrumbs%</argument> | |||
</service> | |||
<service id="sonata.admin.route_id_handler" class="Sonata\AdminBundle\Route\RouteIdHandler"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be renamed to sonata.admin.default_route_id_handler
. sonata.admin.route_id_handler
should be an alias you would use for your custom implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This means that you would use it for every admin.
A short cookbook entry about it would be great! Required or not @greg0ire? |
What I had in mind was And then the |
@jlamur thank you that really helps clarify how it would be preferred to be done. I'm going home now but I'll make those changes as soon as I can. |
@jlamur this makes the admin class grow though. The goal in the future is to split it into components, that it would still know about first, but that we would make independent after that. Let's think hard about how we can avoid editing |
I think maybe the override by admin is not needed at first, what do you think? |
Securing route id's with HashId | ||
=============================== | ||
|
||
If you're working on an app where you need to hide the ID's from the routes then a good way to do ikt would be to use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- "ikt" => "it"
- "ID's" => "IDs"
return $hashId->decodeHex($request->get($admin->getIdParameter())); | ||
} | ||
} | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please comply with the sf docs standards:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, I've never written RST docs before, I will check the standard and work on the cookbook doc first so it will help understand the change that is needed.
The less you override, the better |
@jlamur is there no way to have the controller figure out things by giving it an admin and a route id handler? It could ask the latter to provide an encoded id, then call |
No, I really did mean outside the controller. Anything not dealing directly with HTTP should be outside the controller. |
My idea was this, to change
By the looks of it I can get the container in That's a little convoluted perhaps but before I go change it all I wanted to just check we all have the same idea |
@catharsisjelly I think it would be better to not touch the admin class, and avoid coupling it even more with the sf container, which looks like a mistake to me. IMO we should merge this as is, and ultimately move all the route generation outside the admin class, in a service implementing just https://github.com/sonata-project/SonataAdminBundle/blob/3.x/Admin/UrlGeneratorInterface.php . But this is too much to ask you IMO |
Could you please rebase your PR and fix merge conflicts? |
5e2a716
Could you please rebase your PR and fix merge conflicts? |
I seem to of royally foobar'ed the branch, I have another copy of it in the office. I'll force push that and rebase again on Monday.. DOH! |
Otherwise, use |
Changed functions that get the ID from Request in CRUDController to use this new service so that it can be replaced should the developer want to encode the Ids in their application for security measures
Branch no longer foobared.. Hurrah! |
@core23 please review again |
Congrats @catharsisjelly ! |
After Please investigate |
@wingsergey Please open a new issue with the full stack trace and bundle versions (or branch in this case, because this PR is not in any release). |
@wingsergey I'm not seeing this, when you open the ticket can you reference this PR so I can take a look |
…ject#4591)" This reverts commit 59ade03.
This reverts commit 59ade03.
Subject
Added a
RouteIdHandlerInterface
component that will allow developers to change how the ID is taken from the route in the request. By default, it will take the ID from the ID parameter. But the intention is to be able to easily add a component that will decode any encoded IDs. For example using something like HashIds to secure routes from users.Changelog