vendor/shopware/core/Framework/Api/Controller/ApiController.php line 420

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Controller;
  5. use OpenApi\Annotations as OA;
  6. use Shopware\Core\Defaults;
  7. use Shopware\Core\Framework\Api\Acl\AclCriteriaValidator;
  8. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  9. use Shopware\Core\Framework\Api\Converter\ApiVersionConverter;
  10. use Shopware\Core\Framework\Api\Converter\Exceptions\ApiConversionException;
  11. use Shopware\Core\Framework\Api\Exception\InvalidVersionNameException;
  12. use Shopware\Core\Framework\Api\Exception\LiveVersionDeleteException;
  13. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  14. use Shopware\Core\Framework\Api\Exception\NoEntityClonedException;
  15. use Shopware\Core\Framework\Api\Exception\ResourceNotFoundException;
  16. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  17. use Shopware\Core\Framework\Context;
  18. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Entity;
  20. use Shopware\Core\Framework\DataAbstractionLayer\EntityCollection;
  21. use Shopware\Core\Framework\DataAbstractionLayer\EntityDefinition;
  22. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\EntityProtectionValidator;
  23. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\ReadProtection;
  24. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\WriteProtection;
  25. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
  26. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  27. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  28. use Shopware\Core\Framework\DataAbstractionLayer\Exception\DefinitionNotFoundException;
  29. use Shopware\Core\Framework\DataAbstractionLayer\Exception\MissingReverseAssociation;
  30. use Shopware\Core\Framework\DataAbstractionLayer\Field\AssociationField;
  31. use Shopware\Core\Framework\DataAbstractionLayer\Field\Field;
  32. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToManyAssociationField;
  33. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToOneAssociationField;
  34. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToManyAssociationField;
  35. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToOneAssociationField;
  36. use Shopware\Core\Framework\DataAbstractionLayer\Field\TranslationsAssociationField;
  37. use Shopware\Core\Framework\DataAbstractionLayer\FieldCollection;
  38. use Shopware\Core\Framework\DataAbstractionLayer\MappingEntityDefinition;
  39. use Shopware\Core\Framework\DataAbstractionLayer\Search\CompositeEntitySearcher;
  40. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  41. use Shopware\Core\Framework\DataAbstractionLayer\Search\EntitySearchResult;
  42. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  43. use Shopware\Core\Framework\DataAbstractionLayer\Search\IdSearchResult;
  44. use Shopware\Core\Framework\DataAbstractionLayer\Search\RequestCriteriaBuilder;
  45. use Shopware\Core\Framework\DataAbstractionLayer\Write\CloneBehavior;
  46. use Shopware\Core\Framework\Feature;
  47. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  48. use Shopware\Core\Framework\Routing\Annotation\Since;
  49. use Shopware\Core\Framework\Routing\Exception\MissingRequestParameterException;
  50. use Shopware\Core\Framework\Uuid\Exception\InvalidUuidException;
  51. use Shopware\Core\Framework\Uuid\Uuid;
  52. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  53. use Symfony\Component\HttpFoundation\JsonResponse;
  54. use Symfony\Component\HttpFoundation\Request;
  55. use Symfony\Component\HttpFoundation\Response;
  56. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  57. use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
  58. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  59. use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
  60. use Symfony\Component\Routing\Annotation\Route;
  61. use Symfony\Component\Serializer\Exception\InvalidArgumentException;
  62. use Symfony\Component\Serializer\Exception\UnexpectedValueException;
  63. use Symfony\Component\Serializer\Serializer;
  65. /**
  66.  * @Route(defaults={"_routeScope"={"api"}})
  67.  */
  68. class ApiController extends AbstractController
  69. {
  70.     public const WRITE_UPDATE 'update';
  71.     public const WRITE_CREATE 'create';
  72.     public const WRITE_DELETE 'delete';
  74.     /**
  75.      * @var DefinitionInstanceRegistry
  76.      */
  77.     private $definitionRegistry;
  79.     /**
  80.      * @var Serializer
  81.      */
  82.     private $serializer;
  84.     /**
  85.      * @var RequestCriteriaBuilder
  86.      */
  87.     private $criteriaBuilder;
  89.     /**
  90.      * @var CompositeEntitySearcher
  91.      */
  92.     private $compositeEntitySearcher;
  94.     /**
  95.      * @var ApiVersionConverter
  96.      */
  97.     private $apiVersionConverter;
  99.     /**
  100.      * @var EntityProtectionValidator
  101.      */
  102.     private $entityProtectionValidator;
  104.     /**
  105.      * @var AclCriteriaValidator
  106.      */
  107.     private $criteriaValidator;
  109.     public function __construct(
  110.         DefinitionInstanceRegistry $definitionRegistry,
  111.         Serializer $serializer,
  112.         RequestCriteriaBuilder $criteriaBuilder,
  113.         CompositeEntitySearcher $compositeEntitySearcher,
  114.         ApiVersionConverter $apiVersionConverter,
  115.         EntityProtectionValidator $entityProtectionValidator,
  116.         AclCriteriaValidator $criteriaValidator
  117.     ) {
  118.         $this->definitionRegistry $definitionRegistry;
  119.         $this->serializer $serializer;
  120.         $this->criteriaBuilder $criteriaBuilder;
  121.         $this->compositeEntitySearcher $compositeEntitySearcher;
  122.         $this->apiVersionConverter $apiVersionConverter;
  123.         $this->entityProtectionValidator $entityProtectionValidator;
  124.         $this->criteriaValidator $criteriaValidator;
  125.     }
  127.     /**
  128.      * @Since("6.0.0.0")
  129.      * @OA\Get(
  130.      *      path="/_search",
  131.      *      summary="Search for multiple entites by a given term",
  132.      *      operationId="compositeSearch",
  133.      *      tags={"Admin Api"},
  134.      *      deprecated=true,
  135.      *      @OA\Parameter(
  136.      *          name="limit",
  137.      *          in="query",
  138.      *          description="Max amount of resources per entity",
  139.      *          @OA\Schema(type="integer"),
  140.      *      ),
  141.      *      @OA\Parameter(
  142.      *          name="term",
  143.      *          in="query",
  144.      *          description="The term to search for",
  145.      *          required=true,
  146.      *          @OA\Schema(type="string")
  147.      *      ),
  148.      *      @OA\Response(
  149.      *          response="200",
  150.      *          description="The list of found entities",
  151.      *          @OA\JsonContent(
  152.      *              type="array",
  153.      *              @OA\Items(
  154.      *                  type="object",
  155.      *                  @OA\Property(
  156.      *                      property="entity",
  157.      *                      type="string",
  158.      *                      description="The name of the entity",
  159.      *                  ),
  160.      *                  @OA\Property(
  161.      *                      property="total",
  162.      *                      type="integer",
  163.      *                      description="The total amount of search results for this entity",
  164.      *                  ),
  165.      *                  @OA\Property(
  166.      *                      property="entities",
  167.      *                      type="array",
  168.      *                      description="The found entities",
  169.      *                      @OA\Items(type="object", additionalProperties=true),
  170.      *                  ),
  171.      *              ),
  172.      *          ),
  173.      *      ),
  174.      *      @OA\Response(
  175.      *          response="400",
  176.      *          ref="#/components/responses/400"
  177.      *      ),
  178.      *     @OA\Response(
  179.      *          response="401",
  180.      *          ref="#/components/responses/401"
  181.      *      )
  182.      * )
  183.      * @Route("/api/_search", name="api.composite.search", methods={"GET","POST"})
  184.      *
  185.      * @deprecated tag:v6.5.0 - Will be removed in the next major
  186.      */
  187.     public function compositeSearch(Request $requestContext $context): JsonResponse
  188.     {
  189.         Feature::throwException('FEATURE_NEXT_18762''Will be removed in v6.5.0, use Shopware\Administration\Controller\AdminSearchController::search instead.');
  191.         $term = (string) $request->query->get('term');
  192.         if ($term === '') {
  193.             throw new MissingRequestParameterException('term');
  194.         }
  195.         $limit $request->query->getInt('limit'5);
  197.         $results $this->compositeEntitySearcher->search($term$limit$context);
  199.         foreach ($results as &$result) {
  200.             $definition $this->definitionRegistry->getByEntityName($result['entity']);
  201.             /** @var EntityCollection $entityCollection */
  202.             $entityCollection $result['entities'];
  203.             $entities = [];
  204.             foreach ($entityCollection->getElements() as $key => $entity) {
  205.                 $entities[$key] = $this->apiVersionConverter->convertEntity($definition$entity);
  206.             }
  207.             $result['entities'] = $entities;
  208.         }
  210.         return new JsonResponse(['data' => $results]);
  211.     }
  213.     /**
  214.      * @Since("6.0.0.0")
  215.      * @Route("/api/_action/clone/{entity}/{id}", name="api.clone", methods={"POST"}, requirements={
  216.      *     "version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  217.      * })
  218.      */
  219.     public function clone(Context $contextstring $entitystring $idRequest $request): JsonResponse
  220.     {
  221.         $behavior = new CloneBehavior(
  222.             $request->request->all('overwrites'),
  223.             $request->request->getBoolean('cloneChildren'true)
  224.         );
  226.         $entity $this->urlToSnakeCase($entity);
  228.         $definition $this->definitionRegistry->getByEntityName($entity);
  229.         $missing $this->validateAclPermissions($context$definitionAclRoleDefinition::PRIVILEGE_CREATE);
  230.         if ($missing) {
  231.             throw new MissingPrivilegeException([$missing]);
  232.         }
  234.         $eventContainer $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($definition$id$behavior): EntityWrittenContainerEvent {
  235.             /** @var EntityRepository $entityRepo */
  236.             $entityRepo $this->definitionRegistry->getRepository($definition->getEntityName());
  238.             return $entityRepo->clone($id$contextnull$behavior);
  239.         });
  241.         $event $eventContainer->getEventByEntityName($definition->getEntityName());
  242.         if (!$event) {
  243.             throw new NoEntityClonedException($entity$id);
  244.         }
  246.         $ids $event->getIds();
  247.         $newId array_shift($ids);
  249.         return new JsonResponse(['id' => $newId]);
  250.     }
  252.     /**
  253.      * @Since("6.0.0.0")
  254.      * @Route("/api/_action/version/{entity}/{id}", name="api.createVersion", methods={"POST"},
  255.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  256.      * })
  257.      */
  258.     public function createVersion(Request $requestContext $contextstring $entitystring $id): Response
  259.     {
  260.         $entity $this->urlToSnakeCase($entity);
  262.         $versionId $request->request->has('versionId') ? (string) $request->request->get('versionId') : null;
  263.         $versionName $request->request->has('versionName') ? (string) $request->request->get('versionName') : null;
  265.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  266.             throw new InvalidUuidException($versionId);
  267.         }
  269.         if ($versionName !== null && !ctype_alnum($versionName)) {
  270.             throw new InvalidVersionNameException();
  271.         }
  273.         try {
  274.             $entityDefinition $this->definitionRegistry->getByEntityName($entity);
  275.         } catch (DefinitionNotFoundException $e) {
  276.             throw new NotFoundHttpException($e->getMessage(), $e);
  277.         }
  279.         $versionId $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entityDefinition$id$versionName$versionId): string {
  280.             return $this->definitionRegistry->getRepository($entityDefinition->getEntityName())->createVersion($id$context$versionName$versionId);
  281.         });
  283.         return new JsonResponse([
  284.             'versionId' => $versionId,
  285.             'versionName' => $versionName,
  286.             'id' => $id,
  287.             'entity' => $entity,
  288.         ]);
  289.     }
  291.     /**
  292.      * @Since("6.0.0.0")
  293.      * @Route("/api/_action/version/merge/{entity}/{versionId}", name="api.mergeVersion", methods={"POST"},
  294.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "versionId"="[0-9a-f]{32}"
  295.      * })
  296.      */
  297.     public function mergeVersion(Context $contextstring $entitystring $versionId): JsonResponse
  298.     {
  299.         $entity $this->urlToSnakeCase($entity);
  301.         if (!Uuid::isValid($versionId)) {
  302.             throw new InvalidUuidException($versionId);
  303.         }
  305.         $entityDefinition $this->getEntityDefinition($entity);
  306.         $repository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  308.         // change scope to be able to update write protected fields
  309.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($repository$versionId): void {
  310.             $repository->merge($versionId$context);
  311.         });
  313.         return new JsonResponse(nullResponse::HTTP_NO_CONTENT);
  314.     }
  316.     /**
  317.      * @Since("6.0.0.0")
  318.      * @Route("/api/_action/version/{versionId}/{entity}/{entityId}", name="api.deleteVersion", methods={"POST"},
  319.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  320.      * })
  321.      */
  322.     public function deleteVersion(Context $contextstring $entitystring $entityIdstring $versionId): JsonResponse
  323.     {
  324.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  325.             throw new InvalidUuidException($versionId);
  326.         }
  328.         if ($versionId === Defaults::LIVE_VERSION) {
  329.             throw new LiveVersionDeleteException();
  330.         }
  332.         if ($entityId !== null && !Uuid::isValid($entityId)) {
  333.             throw new InvalidUuidException($entityId);
  334.         }
  336.         try {
  337.             $entityDefinition $this->definitionRegistry->getByEntityName($this->urlToSnakeCase($entity));
  338.         } catch (DefinitionNotFoundException $e) {
  339.             throw new NotFoundHttpException($e->getMessage(), $e);
  340.         }
  342.         $versionContext $context->createWithVersionId($versionId);
  344.         $entityRepository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  346.         $versionContext->scope(Context::CRUD_API_SCOPE, function (Context $versionContext) use ($entityId$entityRepository): void {
  347.             $entityRepository->delete([['id' => $entityId]], $versionContext);
  348.         });
  350.         $versionRepository $this->definitionRegistry->getRepository('version');
  351.         $versionRepository->delete([['id' => $versionId]], $context);
  353.         return new JsonResponse();
  354.     }
  356.     public function detail(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  357.     {
  358.         $pathSegments $this->buildEntityPath($entityName$path$context);
  359.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  361.         $root $pathSegments[0]['entity'];
  362.         $id $pathSegments[\count($pathSegments) - 1]['value'];
  364.         $definition $this->definitionRegistry->getByEntityName($root);
  366.         $associations array_column($pathSegments'entity');
  367.         array_shift($associations);
  369.         if (empty($associations)) {
  370.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  371.         } else {
  372.             $field $this->getAssociation($definition->getFields(), $associations);
  374.             $definition $field->getReferenceDefinition();
  375.             if ($field instanceof ManyToManyAssociationField) {
  376.                 $definition $field->getToManyReferenceDefinition();
  377.             }
  379.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  380.         }
  382.         $criteria = new Criteria();
  383.         $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  385.         $criteria->setIds([$id]);
  387.         // trigger acl validation
  388.         $missing $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  389.         $permissions array_unique(array_filter(array_merge($permissions$missing)));
  391.         if (!empty($permissions)) {
  392.             throw new MissingPrivilegeException($permissions);
  393.         }
  395.         $entity $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria$id): ?Entity {
  396.             return $repository->search($criteria$context)->get($id);
  397.         });
  399.         if ($entity === null) {
  400.             throw new ResourceNotFoundException($definition->getEntityName(), ['id' => $id]);
  401.         }
  403.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context);
  404.     }
  406.     public function searchIds(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  407.     {
  408.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  410.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): IdSearchResult {
  411.             return $repository->searchIds($criteria$context);
  412.         });
  414.         return new JsonResponse([
  415.             'total' => $result->getTotal(),
  416.             'data' => array_values($result->getIds()),
  417.         ]);
  418.     }
  420.     public function search(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  421.     {
  422.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  424.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  425.             return $repository->search($criteria$context);
  426.         });
  428.         $definition $this->getDefinitionOfPath($entityName$path$context);
  430.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  431.     }
  433.     public function list(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  434.     {
  435.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  437.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  438.             return $repository->search($criteria$context);
  439.         });
  441.         $definition $this->getDefinitionOfPath($entityName$path$context);
  443.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  444.     }
  446.     public function create(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  447.     {
  448.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_CREATE);
  449.     }
  451.     public function update(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  452.     {
  453.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_UPDATE);
  454.     }
  456.     public function delete(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  457.     {
  458.         $pathSegments $this->buildEntityPath($entityName$path$context, [WriteProtection::class]);
  460.         $last $pathSegments[\count($pathSegments) - 1];
  462.         $id $last['value'];
  464.         $first array_shift($pathSegments);
  466.         if (\count($pathSegments) === 0) {
  467.             //first api level call /product/{id}
  468.             $definition $first['definition'];
  470.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  472.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  473.         }
  475.         $child array_pop($pathSegments);
  476.         $parent $first;
  477.         if (!empty($pathSegments)) {
  478.             $parent array_pop($pathSegments);
  479.         }
  481.         $definition $child['definition'];
  483.         /** @var AssociationField $association */
  484.         $association $child['field'];
  486.         // DELETE api/product/{id}/manufacturer/{id}
  487.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  488.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  490.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  491.         }
  493.         // DELETE api/product/{id}/category/{id}
  494.         if ($association instanceof ManyToManyAssociationField) {
  495.             $local $definition->getFields()->getByStorageName(
  496.                 $association->getMappingLocalColumn()
  497.             );
  499.             $reference $definition->getFields()->getByStorageName(
  500.                 $association->getMappingReferenceColumn()
  501.             );
  503.             $mapping = [
  504.                 $local->getPropertyName() => $parent['value'],
  505.                 $reference->getPropertyName() => $id,
  506.             ];
  507.             /** @var EntityDefinition $parentDefinition */
  508.             $parentDefinition $parent['definition'];
  510.             if ($parentDefinition->isVersionAware()) {
  511.                 $versionField $parentDefinition->getEntityName() . 'VersionId';
  512.                 $mapping[$versionField] = $context->getVersionId();
  513.             }
  515.             if ($association->getToManyReferenceDefinition()->isVersionAware()) {
  516.                 $versionField $association->getToManyReferenceDefinition()->getEntityName() . 'VersionId';
  518.                 $mapping[$versionField] = Defaults::LIVE_VERSION;
  519.             }
  521.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE);
  523.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  524.         }
  526.         if ($association instanceof TranslationsAssociationField) {
  527.             /** @var EntityTranslationDefinition $refClass */
  528.             $refClass $association->getReferenceDefinition();
  530.             $refPropName $refClass->getFields()->getByStorageName($association->getReferenceField())->getPropertyName();
  531.             $refLanguagePropName $refClass->getPrimaryKeys()->getByStorageName($association->getLanguageField())->getPropertyName();
  533.             $mapping = [
  534.                 $refPropName => $parent['value'],
  535.                 $refLanguagePropName => $id,
  536.             ];
  538.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE);
  540.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  541.         }
  543.         if ($association instanceof OneToManyAssociationField) {
  544.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  546.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  547.         }
  549.         throw new \RuntimeException(sprintf('Unsupported association for field %s'$association->getPropertyName()));
  550.     }
  552.     private function resolveSearch(Request $requestContext $contextstring $entityNamestring $path): array
  553.     {
  554.         $pathSegments $this->buildEntityPath($entityName$path$context);
  555.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  557.         $first array_shift($pathSegments);
  559.         /** @var EntityDefinition|string $definition */
  560.         $definition $first['definition'];
  562.         if (!$definition) {
  563.             throw new NotFoundHttpException('The requested entity does not exist.');
  564.         }
  566.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  568.         $criteria = new Criteria();
  569.         if (empty($pathSegments)) {
  570.             $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  572.             // trigger acl validation
  573.             $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  574.             $permissions array_unique(array_filter(array_merge($permissions$nested)));
  576.             if (!empty($permissions)) {
  577.                 throw new MissingPrivilegeException($permissions);
  578.             }
  580.             return [$criteria$repository];
  581.         }
  583.         $child array_pop($pathSegments);
  584.         $parent $first;
  586.         if (!empty($pathSegments)) {
  587.             $parent array_pop($pathSegments);
  588.         }
  590.         $association $child['field'];
  592.         $parentDefinition $parent['definition'];
  594.         $definition $child['definition'];
  595.         if ($association instanceof ManyToManyAssociationField) {
  596.             $definition $association->getToManyReferenceDefinition();
  597.         }
  599.         $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  601.         if ($association instanceof ManyToManyAssociationField) {
  602.             //fetch inverse association definition for filter
  603.             $reverse $definition->getFields()->filter(
  604.                 function (Field $field) use ($association) {
  605.                     return $field instanceof ManyToManyAssociationField && $association->getMappingDefinition() === $field->getMappingDefinition();
  606.                 }
  607.             );
  609.             //contains now the inverse side association: category.products
  610.             $reverse $reverse->first();
  611.             if (!$reverse) {
  612.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  613.             }
  615.             $criteria->addFilter(
  616.                 new EqualsFilter(
  617.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  618.                     $parent['value']
  619.                 )
  620.             );
  622.             /** @var EntityDefinition $parentDefinition */
  623.             if ($parentDefinition->isVersionAware()) {
  624.                 $criteria->addFilter(
  625.                     new EqualsFilter(
  626.                         sprintf('%s.%s.versionId'$definition->getEntityName(), $reverse->getPropertyName()),
  627.                         $context->getVersionId()
  628.                     )
  629.                 );
  630.             }
  631.         } elseif ($association instanceof OneToManyAssociationField) {
  632.             /*
  633.              * Example
  634.              * Route:           /api/product/SW1/prices
  635.              * $definition:     \Shopware\Core\Content\Product\Definition\ProductPriceDefinition
  636.              */
  638.             //get foreign key definition of reference
  639.             $foreignKey $definition->getFields()->getByStorageName(
  640.                 $association->getReferenceField()
  641.             );
  643.             $criteria->addFilter(
  644.                 new EqualsFilter(
  645.                 //add filter to parent value: prices.productId = SW1
  646.                     $definition->getEntityName() . '.' $foreignKey->getPropertyName(),
  647.                     $parent['value']
  648.                 )
  649.             );
  650.         } elseif ($association instanceof ManyToOneAssociationField) {
  651.             /*
  652.              * Example
  653.              * Route:           /api/product/SW1/manufacturer
  654.              * $definition:     \Shopware\Core\Content\Product\Aggregate\ProductManufacturer\ProductManufacturerDefinition
  655.              */
  657.             //get inverse association to filter to parent value
  658.             $reverse $definition->getFields()->filter(
  659.                 function (Field $field) use ($parentDefinition) {
  660.                     return $field instanceof AssociationField && $parentDefinition === $field->getReferenceDefinition();
  661.                 }
  662.             );
  663.             $reverse $reverse->first();
  664.             if (!$reverse) {
  665.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  666.             }
  668.             $criteria->addFilter(
  669.                 new EqualsFilter(
  670.                 //filter inverse association to parent value:  manufacturer.products.id = SW1
  671.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  672.                     $parent['value']
  673.                 )
  674.             );
  675.         } elseif ($association instanceof OneToOneAssociationField) {
  676.             /*
  677.              * Example
  678.              * Route:           /api/order/xxxx/orderCustomer
  679.              * $definition:     \Shopware\Core\Checkout\Order\Aggregate\OrderCustomer\OrderCustomerDefinition
  680.              */
  682.             //get inverse association to filter to parent value
  683.             $reverse $definition->getFields()->filter(
  684.                 function (Field $field) use ($parentDefinition) {
  685.                     return $field instanceof OneToOneAssociationField && $parentDefinition === $field->getReferenceDefinition();
  686.                 }
  687.             );
  688.             $reverse $reverse->first();
  689.             if (!$reverse) {
  690.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  691.             }
  693.             $criteria->addFilter(
  694.                 new EqualsFilter(
  695.                 //filter inverse association to parent value:  order_customer.order_id = xxxx
  696.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  697.                     $parent['value']
  698.                 )
  699.             );
  700.         }
  702.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  704.         $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  705.         $permissions array_unique(array_filter(array_merge($permissions$nested)));
  707.         if (!empty($permissions)) {
  708.             throw new MissingPrivilegeException($permissions);
  709.         }
  711.         return [$criteria$repository];
  712.     }
  714.     private function getDefinitionOfPath(string $entityNamestring $pathContext $context): EntityDefinition
  715.     {
  716.         $pathSegments $this->buildEntityPath($entityName$path$context);
  718.         $first array_shift($pathSegments);
  720.         /** @var EntityDefinition|string $definition */
  721.         $definition $first['definition'];
  723.         if (empty($pathSegments)) {
  724.             return $definition;
  725.         }
  727.         $child array_pop($pathSegments);
  729.         $association $child['field'];
  731.         if ($association instanceof ManyToManyAssociationField) {
  732.             /*
  733.              * Example:
  734.              * route:           /api/product/SW1/categories
  735.              * $definition:     \Shopware\Core\Content\Category\CategoryDefinition
  736.              */
  737.             return $association->getToManyReferenceDefinition();
  738.         }
  740.         return $child['definition'];
  741.     }
  743.     private function write(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $pathstring $type): Response
  744.     {
  745.         $payload $this->getRequestBody($request);
  746.         $noContent = !$request->query->has('_response');
  747.         // safari bug prevents us from using the location header
  748.         $appendLocationHeader false;
  750.         if ($this->isCollection($payload)) {
  751.             throw new BadRequestHttpException('Only single write operations are supported. Please send the entities one by one or use the /sync api endpoint.');
  752.         }
  754.         $pathSegments $this->buildEntityPath($entityName$path$context, [WriteProtection::class]);
  756.         $last $pathSegments[\count($pathSegments) - 1];
  758.         if ($type === self::WRITE_CREATE && !empty($last['value'])) {
  759.             $methods = ['GET''PATCH''DELETE'];
  761.             throw new MethodNotAllowedHttpException($methodssprintf('No route found for "%s %s": Method Not Allowed (Allow: %s)'$request->getMethod(), $request->getPathInfo(), implode(', '$methods)));
  762.         }
  764.         if ($type === self::WRITE_UPDATE && isset($last['value'])) {
  765.             $payload['id'] = $last['value'];
  766.         }
  768.         $first array_shift($pathSegments);
  770.         if (\count($pathSegments) === 0) {
  771.             $definition $first['definition'];
  772.             $events $this->executeWriteOperation($definition$payload$context$type);
  773.             $event $events->getEventByEntityName($definition->getEntityName());
  774.             $eventIds $event->getIds();
  775.             $entityId array_pop($eventIds);
  777.             if ($definition instanceof MappingEntityDefinition) {
  778.                 return new Response(nullResponse::HTTP_NO_CONTENT);
  779.             }
  781.             if ($noContent) {
  782.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  783.             }
  785.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  786.             $criteria = new Criteria($event->getIds());
  787.             $entities $repository->search($criteria$context);
  789.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  790.         }
  792.         $child array_pop($pathSegments);
  794.         $parent $first;
  795.         if (!empty($pathSegments)) {
  796.             $parent array_pop($pathSegments);
  797.         }
  799.         /** @var EntityDefinition $definition */
  800.         $definition $child['definition'];
  802.         $association $child['field'];
  804.         $parentDefinition $parent['definition'];
  806.         if ($association instanceof OneToManyAssociationField) {
  807.             $foreignKey $definition->getFields()
  808.                 ->getByStorageName($association->getReferenceField());
  810.             $payload[$foreignKey->getPropertyName()] = $parent['value'];
  812.             $events $this->executeWriteOperation($definition$payload$context$type);
  814.             if ($noContent) {
  815.                 return $responseFactory->createRedirectResponse($definition$parent['value'], $request$context);
  816.             }
  818.             $event $events->getEventByEntityName($definition->getEntityName());
  820.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  822.             $criteria = new Criteria($event->getIds());
  823.             $entities $repository->search($criteria$context);
  825.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  826.         }
  828.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  829.             $events $this->executeWriteOperation($definition$payload$context$type);
  830.             $event $events->getEventByEntityName($definition->getEntityName());
  832.             $entityIds $event->getIds();
  833.             $entityId array_pop($entityIds);
  835.             $foreignKey $parentDefinition->getFields()->getByStorageName($association->getStorageName());
  837.             $payload = [
  838.                 'id' => $parent['value'],
  839.                 $foreignKey->getPropertyName() => $entityId,
  840.             ];
  842.             $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  843.             $repository->update([$payload], $context);
  845.             if ($noContent) {
  846.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  847.             }
  849.             $criteria = new Criteria($event->getIds());
  850.             $entities $repository->search($criteria$context);
  852.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  853.         }
  855.         /** @var ManyToManyAssociationField $manyToManyAssociation */
  856.         $manyToManyAssociation $association;
  858.         /** @var EntityDefinition|string $reference */
  859.         $reference $manyToManyAssociation->getToManyReferenceDefinition();
  861.         // check if we need to create the entity first
  862.         if (\count($payload) > || !\array_key_exists('id'$payload)) {
  863.             $events $this->executeWriteOperation($reference$payload$context$type);
  864.             $event $events->getEventByEntityName($reference->getEntityName());
  866.             $ids $event->getIds();
  867.             $id array_shift($ids);
  868.         } else {
  869.             // only id provided - add assignment
  870.             $id $payload['id'];
  871.         }
  873.         $payload = [
  874.             'id' => $parent['value'],
  875.             $manyToManyAssociation->getPropertyName() => [
  876.                 ['id' => $id],
  877.             ],
  878.         ];
  880.         $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  881.         $repository->update([$payload], $context);
  883.         $repository $this->definitionRegistry->getRepository($reference->getEntityName());
  884.         $criteria = new Criteria([$id]);
  886.         $entities $repository->search($criteria$context);
  887.         $entity $entities->first();
  889.         if ($noContent) {
  890.             return $responseFactory->createRedirectResponse($reference$entity->getId(), $request$context);
  891.         }
  893.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context$appendLocationHeader);
  894.     }
  896.     private function executeWriteOperation(
  897.         EntityDefinition $entity,
  898.         array $payload,
  899.         Context $context,
  900.         string $type
  901.     ): EntityWrittenContainerEvent {
  902.         $repository $this->definitionRegistry->getRepository($entity->getEntityName());
  904.         $conversionException = new ApiConversionException();
  905.         $payload $this->apiVersionConverter->convertPayload($entity$payload$conversionException);
  906.         $conversionException->tryToThrow();
  908.         $event $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$payload$entity$type): ?EntityWrittenContainerEvent {
  909.             if ($type === self::WRITE_CREATE) {
  910.                 return $repository->create([$payload], $context);
  911.             }
  913.             if ($type === self::WRITE_UPDATE) {
  914.                 return $repository->update([$payload], $context);
  915.             }
  917.             if ($type === self::WRITE_DELETE) {
  918.                 $event $repository->delete([$payload], $context);
  920.                 if (!empty($event->getErrors())) {
  921.                     throw new ResourceNotFoundException($entity->getEntityName(), $payload);
  922.                 }
  924.                 return $event;
  925.             }
  927.             return null;
  928.         });
  930.         if (!$event) {
  931.             throw new \RuntimeException('Unsupported write operation.');
  932.         }
  934.         return $event;
  935.     }
  937.     private function getAssociation(FieldCollection $fields, array $keys): AssociationField
  938.     {
  939.         $key array_shift($keys);
  941.         /** @var AssociationField $field */
  942.         $field $fields->get($key);
  944.         if (empty($keys)) {
  945.             return $field;
  946.         }
  948.         $reference $field->getReferenceDefinition();
  949.         $nested $reference->getFields();
  951.         return $this->getAssociation($nested$keys);
  952.     }
  954.     private function buildEntityPath(
  955.         string $entityName,
  956.         string $pathInfo,
  957.         Context $context,
  958.         array $protections = [ReadProtection::class]
  959.     ): array {
  960.         $pathInfo str_replace('/extensions/''/'$pathInfo);
  961.         $exploded explode('/'$entityName '/' ltrim($pathInfo'/'));
  963.         $parts = [];
  964.         foreach ($exploded as $index => $part) {
  965.             if ($index 2) {
  966.                 continue;
  967.             }
  969.             if (empty($part)) {
  970.                 continue;
  971.             }
  973.             $value $exploded[$index 1] ?? null;
  975.             if (empty($parts)) {
  976.                 $part $this->urlToSnakeCase($part);
  977.             } else {
  978.                 $part $this->urlToCamelCase($part);
  979.             }
  981.             $parts[] = [
  982.                 'entity' => $part,
  983.                 'value' => $value,
  984.             ];
  985.         }
  987.         $parts array_filter($parts);
  989.         /** @var array{'entity': string, 'value': string|null} $first */
  990.         $first array_shift($parts);
  992.         try {
  993.             $root $this->definitionRegistry->getByEntityName($first['entity']);
  994.         } catch (DefinitionNotFoundException $e) {
  995.             throw new NotFoundHttpException($e->getMessage(), $e);
  996.         }
  998.         $entities = [
  999.             [
  1000.                 'entity' => $first['entity'],
  1001.                 'value' => $first['value'],
  1002.                 'definition' => $root,
  1003.                 'field' => null,
  1004.             ],
  1005.         ];
  1007.         foreach ($parts as $part) {
  1008.             /** @var AssociationField|null $field */
  1009.             $field $root->getFields()->get($part['entity']);
  1010.             if (!$field) {
  1011.                 $path implode('.'array_column($entities'entity')) . '.' $part['entity'];
  1013.                 throw new NotFoundHttpException(sprintf('Resource at path "%s" is not an existing relation.'$path));
  1014.             }
  1016.             if ($field instanceof ManyToManyAssociationField) {
  1017.                 $root $field->getToManyReferenceDefinition();
  1018.             } else {
  1019.                 $root $field->getReferenceDefinition();
  1020.             }
  1022.             $entities[] = [
  1023.                 'entity' => $part['entity'],
  1024.                 'value' => $part['value'],
  1025.                 'definition' => $field->getReferenceDefinition(),
  1026.                 'field' => $field,
  1027.             ];
  1028.         }
  1030.         $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entities$protections): void {
  1031.             $this->entityProtectionValidator->validateEntityPath($entities$protections$context);
  1032.         });
  1034.         return $entities;
  1035.     }
  1037.     private function urlToSnakeCase(string $name): string
  1038.     {
  1039.         return str_replace('-''_'$name);
  1040.     }
  1042.     private function urlToCamelCase(string $name): string
  1043.     {
  1044.         $parts explode('-'$name);
  1045.         $parts array_map('ucfirst'$parts);
  1047.         return lcfirst(implode(''$parts));
  1048.     }
  1050.     /**
  1051.      * Return a nested array structure of based on the content-type
  1052.      */
  1053.     private function getRequestBody(Request $request): array
  1054.     {
  1055.         $contentType $request->headers->get('CONTENT_TYPE''');
  1056.         $semicolonPosition mb_strpos($contentType';');
  1058.         if ($semicolonPosition !== false) {
  1059.             $contentType mb_substr($contentType0$semicolonPosition);
  1060.         }
  1062.         try {
  1063.             switch ($contentType) {
  1064.                 case 'application/vnd.api+json':
  1065.                     return $this->serializer->decode($request->getContent(), 'jsonapi');
  1066.                 case 'application/json':
  1067.                     return $request->request->all();
  1068.             }
  1069.         } catch (InvalidArgumentException UnexpectedValueException $exception) {
  1070.             throw new BadRequestHttpException($exception->getMessage());
  1071.         }
  1073.         throw new UnsupportedMediaTypeHttpException(sprintf('The Content-Type "%s" is unsupported.'$contentType));
  1074.     }
  1076.     private function isCollection(array $array): bool
  1077.     {
  1078.         return array_keys($array) === range(0, \count($array) - 1);
  1079.     }
  1081.     private function getEntityDefinition(string $entityName): EntityDefinition
  1082.     {
  1083.         try {
  1084.             $entityDefinition $this->definitionRegistry->getByEntityName($entityName);
  1085.         } catch (DefinitionNotFoundException $e) {
  1086.             throw new NotFoundHttpException($e->getMessage(), $e);
  1087.         }
  1089.         return $entityDefinition;
  1090.     }
  1092.     private function validateAclPermissions(Context $contextEntityDefinition $entitystring $privilege): ?string
  1093.     {
  1094.         $resource $entity->getEntityName();
  1096.         if ($entity instanceof EntityTranslationDefinition) {
  1097.             $resource $entity->getParentDefinition()->getEntityName();
  1098.         }
  1100.         if (!$context->isAllowed($resource ':' $privilege)) {
  1101.             return $resource ':' $privilege;
  1102.         }
  1104.         return null;
  1105.     }
  1107.     private function validatePathSegments(Context $context, array $pathSegmentsstring $privilege): array
  1108.     {
  1109.         $child array_pop($pathSegments);
  1111.         $missing = [];
  1113.         foreach ($pathSegments as $segment) {
  1114.             // you need detail privileges for every parent entity
  1115.             $missing[] = $this->validateAclPermissions(
  1116.                 $context,
  1117.                 $this->getDefinitionForPathSegment($segment),
  1118.                 AclRoleDefinition::PRIVILEGE_READ
  1119.             );
  1120.         }
  1122.         $missing[] = $this->validateAclPermissions($context$this->getDefinitionForPathSegment($child), $privilege);
  1124.         return array_unique(array_filter($missing));
  1125.     }
  1127.     private function getDefinitionForPathSegment(array $segment): EntityDefinition
  1128.     {
  1129.         $definition $segment['definition'];
  1131.         if ($segment['field'] instanceof ManyToManyAssociationField) {
  1132.             $definition $segment['field']->getToManyReferenceDefinition();
  1133.         }
  1135.         return $definition;
  1136.     }
  1137. }