vendor/shopware/core/Framework/Api/Controller/ApiController.php line 849

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Api\Controller;
  5. use Shopware\Core\Defaults;
  6. use Shopware\Core\Framework\Api\Acl\AclCriteriaValidator;
  7. use Shopware\Core\Framework\Api\Acl\Role\AclRoleDefinition;
  8. use Shopware\Core\Framework\Api\Converter\ApiVersionConverter;
  9. use Shopware\Core\Framework\Api\Converter\Exceptions\ApiConversionException;
  10. use Shopware\Core\Framework\Api\Exception\InvalidVersionNameException;
  11. use Shopware\Core\Framework\Api\Exception\LiveVersionDeleteException;
  12. use Shopware\Core\Framework\Api\Exception\MissingPrivilegeException;
  13. use Shopware\Core\Framework\Api\Exception\NoEntityClonedException;
  14. use Shopware\Core\Framework\Api\Exception\ResourceNotFoundException;
  15. use Shopware\Core\Framework\Api\Response\ResponseFactoryInterface;
  16. use Shopware\Core\Framework\Context;
  17. use Shopware\Core\Framework\DataAbstractionLayer\DefinitionInstanceRegistry;
  18. use Shopware\Core\Framework\DataAbstractionLayer\Entity;
  19. use Shopware\Core\Framework\DataAbstractionLayer\EntityCollection;
  20. use Shopware\Core\Framework\DataAbstractionLayer\EntityDefinition;
  21. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\EntityProtectionValidator;
  22. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\ReadProtection;
  23. use Shopware\Core\Framework\DataAbstractionLayer\EntityProtection\WriteProtection;
  24. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepository;
  25. use Shopware\Core\Framework\DataAbstractionLayer\EntityTranslationDefinition;
  26. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenContainerEvent;
  27. use Shopware\Core\Framework\DataAbstractionLayer\Exception\DefinitionNotFoundException;
  28. use Shopware\Core\Framework\DataAbstractionLayer\Exception\MissingReverseAssociation;
  29. use Shopware\Core\Framework\DataAbstractionLayer\Field\AssociationField;
  30. use Shopware\Core\Framework\DataAbstractionLayer\Field\Field;
  31. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToManyAssociationField;
  32. use Shopware\Core\Framework\DataAbstractionLayer\Field\ManyToOneAssociationField;
  33. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToManyAssociationField;
  34. use Shopware\Core\Framework\DataAbstractionLayer\Field\OneToOneAssociationField;
  35. use Shopware\Core\Framework\DataAbstractionLayer\Field\TranslationsAssociationField;
  36. use Shopware\Core\Framework\DataAbstractionLayer\FieldCollection;
  37. use Shopware\Core\Framework\DataAbstractionLayer\MappingEntityDefinition;
  38. use Shopware\Core\Framework\DataAbstractionLayer\Search\CompositeEntitySearcher;
  39. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  40. use Shopware\Core\Framework\DataAbstractionLayer\Search\EntitySearchResult;
  41. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  42. use Shopware\Core\Framework\DataAbstractionLayer\Search\IdSearchResult;
  43. use Shopware\Core\Framework\DataAbstractionLayer\Search\RequestCriteriaBuilder;
  44. use Shopware\Core\Framework\DataAbstractionLayer\Write\CloneBehavior;
  45. use Shopware\Core\Framework\Feature;
  46. use Shopware\Core\Framework\Log\Package;
  47. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  48. use Shopware\Core\Framework\Routing\Annotation\Since;
  49. use Shopware\Core\Framework\Routing\Exception\MissingRequestParameterException;
  50. use Shopware\Core\Framework\Uuid\Exception\InvalidUuidException;
  51. use Shopware\Core\Framework\Uuid\Uuid;
  52. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  53. use Symfony\Component\HttpFoundation\JsonResponse;
  54. use Symfony\Component\HttpFoundation\Request;
  55. use Symfony\Component\HttpFoundation\Response;
  56. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  57. use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
  58. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  59. use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
  60. use Symfony\Component\Routing\Annotation\Route;
  61. use Symfony\Component\Serializer\Exception\InvalidArgumentException;
  62. use Symfony\Component\Serializer\Exception\UnexpectedValueException;
  63. use Symfony\Component\Serializer\Serializer;
  65. /**
  66.  * @Route(defaults={"_routeScope"={"api"}})
  67.  */
  68. #[Package('core')]
  69. class ApiController extends AbstractController
  70. {
  71.     public const WRITE_UPDATE 'update';
  72.     public const WRITE_CREATE 'create';
  73.     public const WRITE_DELETE 'delete';
  75.     /**
  76.      * @var DefinitionInstanceRegistry
  77.      */
  78.     private $definitionRegistry;
  80.     /**
  81.      * @var Serializer
  82.      */
  83.     private $serializer;
  85.     /**
  86.      * @var RequestCriteriaBuilder
  87.      */
  88.     private $criteriaBuilder;
  90.     /**
  91.      * @var CompositeEntitySearcher
  92.      */
  93.     private $compositeEntitySearcher;
  95.     /**
  96.      * @var ApiVersionConverter
  97.      */
  98.     private $apiVersionConverter;
  100.     /**
  101.      * @var EntityProtectionValidator
  102.      */
  103.     private $entityProtectionValidator;
  105.     /**
  106.      * @var AclCriteriaValidator
  107.      */
  108.     private $criteriaValidator;
  110.     /**
  111.      * @internal
  112.      */
  113.     public function __construct(
  114.         DefinitionInstanceRegistry $definitionRegistry,
  115.         Serializer $serializer,
  116.         RequestCriteriaBuilder $criteriaBuilder,
  117.         CompositeEntitySearcher $compositeEntitySearcher,
  118.         ApiVersionConverter $apiVersionConverter,
  119.         EntityProtectionValidator $entityProtectionValidator,
  120.         AclCriteriaValidator $criteriaValidator
  121.     ) {
  122.         $this->definitionRegistry $definitionRegistry;
  123.         $this->serializer $serializer;
  124.         $this->criteriaBuilder $criteriaBuilder;
  125.         $this->compositeEntitySearcher $compositeEntitySearcher;
  126.         $this->apiVersionConverter $apiVersionConverter;
  127.         $this->entityProtectionValidator $entityProtectionValidator;
  128.         $this->criteriaValidator $criteriaValidator;
  129.     }
  131.     /**
  132.      * @Since("6.0.0.0")
  133.      * @Route("/api/_search", name="api.composite.search", methods={"GET","POST"})
  134.      *
  135.      * @deprecated tag:v6.5.0 - Will be removed in the next major
  136.      */
  137.     public function compositeSearch(Request $requestContext $context): JsonResponse
  138.     {
  139.         Feature::triggerDeprecationOrThrow(
  140.             'v6.5.0.0',
  141.             Feature::deprecatedMethodMessage(__CLASS____METHOD__'v6.5.0.0''Shopware\Administration\Controller\AdminSearchController::search()')
  142.         );
  144.         $term = (string) $request->query->get('term');
  145.         if ($term === '') {
  146.             throw new MissingRequestParameterException('term');
  147.         }
  148.         $limit $request->query->getInt('limit'5);
  150.         $results $this->compositeEntitySearcher->search($term$limit$context);
  152.         foreach ($results as &$result) {
  153.             $definition $this->definitionRegistry->getByEntityName($result['entity']);
  154.             /** @var EntityCollection<Entity> $entityCollection */
  155.             $entityCollection $result['entities'];
  156.             $entities = [];
  157.             foreach ($entityCollection->getElements() as $key => $entity) {
  158.                 $entities[$key] = $this->apiVersionConverter->convertEntity($definition$entity);
  159.             }
  160.             $result['entities'] = $entities;
  161.         }
  163.         return new JsonResponse(['data' => $results]);
  164.     }
  166.     /**
  167.      * @Since("6.0.0.0")
  168.      * @Route("/api/_action/clone/{entity}/{id}", name="api.clone", methods={"POST"}, requirements={
  169.      *     "version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  170.      * })
  171.      */
  172.     public function clone(Context $contextstring $entitystring $idRequest $request): JsonResponse
  173.     {
  174.         $behavior = new CloneBehavior(
  175.             $request->request->all('overwrites'),
  176.             $request->request->getBoolean('cloneChildren'true)
  177.         );
  179.         $entity $this->urlToSnakeCase($entity);
  181.         $definition $this->definitionRegistry->getByEntityName($entity);
  182.         $missing $this->validateAclPermissions($context$definitionAclRoleDefinition::PRIVILEGE_CREATE);
  183.         if ($missing) {
  184.             throw new MissingPrivilegeException([$missing]);
  185.         }
  187.         $eventContainer $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($definition$id$behavior): EntityWrittenContainerEvent {
  188.             /** @var EntityRepository $entityRepo */
  189.             $entityRepo $this->definitionRegistry->getRepository($definition->getEntityName());
  191.             return $entityRepo->clone($id$contextnull$behavior);
  192.         });
  194.         $event $eventContainer->getEventByEntityName($definition->getEntityName());
  195.         if (!$event) {
  196.             throw new NoEntityClonedException($entity$id);
  197.         }
  199.         $ids $event->getIds();
  200.         $newId array_shift($ids);
  202.         return new JsonResponse(['id' => $newId]);
  203.     }
  205.     /**
  206.      * @Since("6.0.0.0")
  207.      * @Route("/api/_action/version/{entity}/{id}", name="api.createVersion", methods={"POST"},
  208.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  209.      * })
  210.      */
  211.     public function createVersion(Request $requestContext $contextstring $entitystring $id): Response
  212.     {
  213.         $entity $this->urlToSnakeCase($entity);
  215.         $versionId $request->request->has('versionId') ? (string) $request->request->get('versionId') : null;
  216.         $versionName $request->request->has('versionName') ? (string) $request->request->get('versionName') : null;
  218.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  219.             throw new InvalidUuidException($versionId);
  220.         }
  222.         if ($versionName !== null && !ctype_alnum($versionName)) {
  223.             throw new InvalidVersionNameException();
  224.         }
  226.         try {
  227.             $entityDefinition $this->definitionRegistry->getByEntityName($entity);
  228.         } catch (DefinitionNotFoundException $e) {
  229.             throw new NotFoundHttpException($e->getMessage(), $e);
  230.         }
  232.         $versionId $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entityDefinition$id$versionName$versionId): string {
  233.             return $this->definitionRegistry->getRepository($entityDefinition->getEntityName())->createVersion($id$context$versionName$versionId);
  234.         });
  236.         return new JsonResponse([
  237.             'versionId' => $versionId,
  238.             'versionName' => $versionName,
  239.             'id' => $id,
  240.             'entity' => $entity,
  241.         ]);
  242.     }
  244.     /**
  245.      * @Since("6.0.0.0")
  246.      * @Route("/api/_action/version/merge/{entity}/{versionId}", name="api.mergeVersion", methods={"POST"},
  247.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "versionId"="[0-9a-f]{32}"
  248.      * })
  249.      */
  250.     public function mergeVersion(Context $contextstring $entitystring $versionId): JsonResponse
  251.     {
  252.         $entity $this->urlToSnakeCase($entity);
  254.         if (!Uuid::isValid($versionId)) {
  255.             throw new InvalidUuidException($versionId);
  256.         }
  258.         $entityDefinition $this->getEntityDefinition($entity);
  259.         $repository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  261.         // change scope to be able to update write protected fields
  262.         $context->scope(Context::SYSTEM_SCOPE, function (Context $context) use ($repository$versionId): void {
  263.             $repository->merge($versionId$context);
  264.         });
  266.         return new JsonResponse(nullResponse::HTTP_NO_CONTENT);
  267.     }
  269.     /**
  270.      * @Since("6.0.0.0")
  271.      * @Route("/api/_action/version/{versionId}/{entity}/{entityId}", name="api.deleteVersion", methods={"POST"},
  272.      *     requirements={"version"="\d+", "entity"="[a-zA-Z-]+", "id"="[0-9a-f]{32}"
  273.      * })
  274.      */
  275.     public function deleteVersion(Context $contextstring $entitystring $entityIdstring $versionId): JsonResponse
  276.     {
  277.         if ($versionId !== null && !Uuid::isValid($versionId)) {
  278.             throw new InvalidUuidException($versionId);
  279.         }
  281.         if ($versionId === Defaults::LIVE_VERSION) {
  282.             throw new LiveVersionDeleteException();
  283.         }
  285.         if ($entityId !== null && !Uuid::isValid($entityId)) {
  286.             throw new InvalidUuidException($entityId);
  287.         }
  289.         try {
  290.             $entityDefinition $this->definitionRegistry->getByEntityName($this->urlToSnakeCase($entity));
  291.         } catch (DefinitionNotFoundException $e) {
  292.             throw new NotFoundHttpException($e->getMessage(), $e);
  293.         }
  295.         $versionContext $context->createWithVersionId($versionId);
  297.         $entityRepository $this->definitionRegistry->getRepository($entityDefinition->getEntityName());
  299.         $versionContext->scope(Context::CRUD_API_SCOPE, function (Context $versionContext) use ($entityId$entityRepository): void {
  300.             $entityRepository->delete([['id' => $entityId]], $versionContext);
  301.         });
  303.         $versionRepository $this->definitionRegistry->getRepository('version');
  304.         $versionRepository->delete([['id' => $versionId]], $context);
  306.         return new JsonResponse();
  307.     }
  309.     public function detail(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  310.     {
  311.         $pathSegments $this->buildEntityPath($entityName$path$context);
  312.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  314.         $root $pathSegments[0]['entity'];
  315.         $id $pathSegments[\count($pathSegments) - 1]['value'];
  317.         $definition $this->definitionRegistry->getByEntityName($root);
  319.         $associations array_column($pathSegments'entity');
  320.         array_shift($associations);
  322.         if (empty($associations)) {
  323.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  324.         } else {
  325.             $field $this->getAssociation($definition->getFields(), $associations);
  327.             $definition $field->getReferenceDefinition();
  328.             if ($field instanceof ManyToManyAssociationField) {
  329.                 $definition $field->getToManyReferenceDefinition();
  330.             }
  332.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  333.         }
  335.         $criteria = new Criteria();
  336.         $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  338.         $criteria->setIds([$id]);
  340.         // trigger acl validation
  341.         $missing $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  342.         $permissions array_unique(array_filter(array_merge($permissions$missing)));
  344.         if (!empty($permissions)) {
  345.             throw new MissingPrivilegeException($permissions);
  346.         }
  348.         $entity $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria$id): ?Entity {
  349.             return $repository->search($criteria$context)->get($id);
  350.         });
  352.         if ($entity === null) {
  353.             throw new ResourceNotFoundException($definition->getEntityName(), ['id' => $id]);
  354.         }
  356.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context);
  357.     }
  359.     public function searchIds(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  360.     {
  361.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  363.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): IdSearchResult {
  364.             return $repository->searchIds($criteria$context);
  365.         });
  367.         return new JsonResponse([
  368.             'total' => $result->getTotal(),
  369.             'data' => array_values($result->getIds()),
  370.         ]);
  371.     }
  373.     public function search(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  374.     {
  375.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  377.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  378.             return $repository->search($criteria$context);
  379.         });
  381.         $definition $this->getDefinitionOfPath($entityName$path$context);
  383.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  384.     }
  386.     public function list(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  387.     {
  388.         [$criteria$repository] = $this->resolveSearch($request$context$entityName$path);
  390.         $result $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$criteria): EntitySearchResult {
  391.             return $repository->search($criteria$context);
  392.         });
  394.         $definition $this->getDefinitionOfPath($entityName$path$context);
  396.         return $responseFactory->createListingResponse($criteria$result$definition$request$context);
  397.     }
  399.     public function create(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  400.     {
  401.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_CREATE);
  402.     }
  404.     public function update(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  405.     {
  406.         return $this->write($request$context$responseFactory$entityName$pathself::WRITE_UPDATE);
  407.     }
  409.     public function delete(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $path): Response
  410.     {
  411.         $pathSegments $this->buildEntityPath($entityName$path$context, [WriteProtection::class]);
  413.         $last $pathSegments[\count($pathSegments) - 1];
  415.         $id $last['value'];
  417.         $first array_shift($pathSegments);
  419.         if (\count($pathSegments) === 0) {
  420.             //first api level call /product/{id}
  421.             $definition $first['definition'];
  423.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  425.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  426.         }
  428.         $child array_pop($pathSegments);
  429.         $parent $first;
  430.         if (!empty($pathSegments)) {
  431.             $parent array_pop($pathSegments);
  432.         }
  434.         $definition $child['definition'];
  436.         /** @var AssociationField $association */
  437.         $association $child['field'];
  439.         // DELETE api/product/{id}/manufacturer/{id}
  440.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  441.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  443.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  444.         }
  446.         // DELETE api/product/{id}/category/{id}
  447.         if ($association instanceof ManyToManyAssociationField) {
  448.             $local $definition->getFields()->getByStorageName(
  449.                 $association->getMappingLocalColumn()
  450.             );
  452.             $reference $definition->getFields()->getByStorageName(
  453.                 $association->getMappingReferenceColumn()
  454.             );
  456.             $mapping = [
  457.                 $local->getPropertyName() => $parent['value'],
  458.                 $reference->getPropertyName() => $id,
  459.             ];
  460.             /** @var EntityDefinition $parentDefinition */
  461.             $parentDefinition $parent['definition'];
  463.             if ($parentDefinition->isVersionAware()) {
  464.                 $versionField $parentDefinition->getEntityName() . 'VersionId';
  465.                 $mapping[$versionField] = $context->getVersionId();
  466.             }
  468.             if ($association->getToManyReferenceDefinition()->isVersionAware()) {
  469.                 $versionField $association->getToManyReferenceDefinition()->getEntityName() . 'VersionId';
  471.                 $mapping[$versionField] = Defaults::LIVE_VERSION;
  472.             }
  474.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE);
  476.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  477.         }
  479.         if ($association instanceof TranslationsAssociationField) {
  480.             /** @var EntityTranslationDefinition $refClass */
  481.             $refClass $association->getReferenceDefinition();
  483.             $refPropName $refClass->getFields()->getByStorageName($association->getReferenceField())->getPropertyName();
  484.             $refLanguagePropName $refClass->getPrimaryKeys()->getByStorageName($association->getLanguageField())->getPropertyName();
  486.             $mapping = [
  487.                 $refPropName => $parent['value'],
  488.                 $refLanguagePropName => $id,
  489.             ];
  491.             $this->executeWriteOperation($definition$mapping$contextself::WRITE_DELETE);
  493.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  494.         }
  496.         if ($association instanceof OneToManyAssociationField) {
  497.             $this->executeWriteOperation($definition, ['id' => $id], $contextself::WRITE_DELETE);
  499.             return $responseFactory->createRedirectResponse($definition$id$request$context);
  500.         }
  502.         throw new \RuntimeException(sprintf('Unsupported association for field %s'$association->getPropertyName()));
  503.     }
  505.     private function resolveSearch(Request $requestContext $contextstring $entityNamestring $path): array
  506.     {
  507.         $pathSegments $this->buildEntityPath($entityName$path$context);
  508.         $permissions $this->validatePathSegments($context$pathSegmentsAclRoleDefinition::PRIVILEGE_READ);
  510.         $first array_shift($pathSegments);
  512.         /** @var EntityDefinition|string $definition */
  513.         $definition $first['definition'];
  515.         if (!$definition) {
  516.             throw new NotFoundHttpException('The requested entity does not exist.');
  517.         }
  519.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  521.         $criteria = new Criteria();
  522.         if (empty($pathSegments)) {
  523.             $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  525.             // trigger acl validation
  526.             $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  527.             $permissions array_unique(array_filter(array_merge($permissions$nested)));
  529.             if (!empty($permissions)) {
  530.                 throw new MissingPrivilegeException($permissions);
  531.             }
  533.             return [$criteria$repository];
  534.         }
  536.         $child array_pop($pathSegments);
  537.         $parent $first;
  539.         if (!empty($pathSegments)) {
  540.             $parent array_pop($pathSegments);
  541.         }
  543.         $association $child['field'];
  545.         $parentDefinition $parent['definition'];
  547.         $definition $child['definition'];
  548.         if ($association instanceof ManyToManyAssociationField) {
  549.             $definition $association->getToManyReferenceDefinition();
  550.         }
  552.         $criteria $this->criteriaBuilder->handleRequest($request$criteria$definition$context);
  554.         if ($association instanceof ManyToManyAssociationField) {
  555.             //fetch inverse association definition for filter
  556.             $reverse $definition->getFields()->filter(
  557.                 function (Field $field) use ($association) {
  558.                     return $field instanceof ManyToManyAssociationField && $association->getMappingDefinition() === $field->getMappingDefinition();
  559.                 }
  560.             );
  562.             //contains now the inverse side association: category.products
  563.             $reverse $reverse->first();
  564.             if (!$reverse) {
  565.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  566.             }
  568.             $criteria->addFilter(
  569.                 new EqualsFilter(
  570.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  571.                     $parent['value']
  572.                 )
  573.             );
  575.             /** @var EntityDefinition $parentDefinition */
  576.             if ($parentDefinition->isVersionAware()) {
  577.                 $criteria->addFilter(
  578.                     new EqualsFilter(
  579.                         sprintf('%s.%s.versionId'$definition->getEntityName(), $reverse->getPropertyName()),
  580.                         $context->getVersionId()
  581.                     )
  582.                 );
  583.             }
  584.         } elseif ($association instanceof OneToManyAssociationField) {
  585.             /*
  586.              * Example
  587.              * Route:           /api/product/SW1/prices
  588.              * $definition:     \Shopware\Core\Content\Product\Definition\ProductPriceDefinition
  589.              */
  591.             //get foreign key definition of reference
  592.             $foreignKey $definition->getFields()->getByStorageName(
  593.                 $association->getReferenceField()
  594.             );
  596.             $criteria->addFilter(
  597.                 new EqualsFilter(
  598.                 //add filter to parent value: prices.productId = SW1
  599.                     $definition->getEntityName() . '.' $foreignKey->getPropertyName(),
  600.                     $parent['value']
  601.                 )
  602.             );
  603.         } elseif ($association instanceof ManyToOneAssociationField) {
  604.             /*
  605.              * Example
  606.              * Route:           /api/product/SW1/manufacturer
  607.              * $definition:     \Shopware\Core\Content\Product\Aggregate\ProductManufacturer\ProductManufacturerDefinition
  608.              */
  610.             //get inverse association to filter to parent value
  611.             $reverse $definition->getFields()->filter(
  612.                 function (Field $field) use ($parentDefinition) {
  613.                     return $field instanceof AssociationField && $parentDefinition === $field->getReferenceDefinition();
  614.                 }
  615.             );
  616.             $reverse $reverse->first();
  617.             if (!$reverse) {
  618.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  619.             }
  621.             $criteria->addFilter(
  622.                 new EqualsFilter(
  623.                 //filter inverse association to parent value:  manufacturer.products.id = SW1
  624.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  625.                     $parent['value']
  626.                 )
  627.             );
  628.         } elseif ($association instanceof OneToOneAssociationField) {
  629.             /*
  630.              * Example
  631.              * Route:           /api/order/xxxx/orderCustomer
  632.              * $definition:     \Shopware\Core\Checkout\Order\Aggregate\OrderCustomer\OrderCustomerDefinition
  633.              */
  635.             //get inverse association to filter to parent value
  636.             $reverse $definition->getFields()->filter(
  637.                 function (Field $field) use ($parentDefinition) {
  638.                     return $field instanceof OneToOneAssociationField && $parentDefinition === $field->getReferenceDefinition();
  639.                 }
  640.             );
  641.             $reverse $reverse->first();
  642.             if (!$reverse) {
  643.                 throw new MissingReverseAssociation($definition->getEntityName(), $parentDefinition);
  644.             }
  646.             $criteria->addFilter(
  647.                 new EqualsFilter(
  648.                 //filter inverse association to parent value:  order_customer.order_id = xxxx
  649.                     sprintf('%s.%s.id'$definition->getEntityName(), $reverse->getPropertyName()),
  650.                     $parent['value']
  651.                 )
  652.             );
  653.         }
  655.         $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  657.         $nested $this->criteriaValidator->validate($definition->getEntityName(), $criteria$context);
  658.         $permissions array_unique(array_filter(array_merge($permissions$nested)));
  660.         if (!empty($permissions)) {
  661.             throw new MissingPrivilegeException($permissions);
  662.         }
  664.         return [$criteria$repository];
  665.     }
  667.     private function getDefinitionOfPath(string $entityNamestring $pathContext $context): EntityDefinition
  668.     {
  669.         $pathSegments $this->buildEntityPath($entityName$path$context);
  671.         $first array_shift($pathSegments);
  673.         /** @var EntityDefinition|string $definition */
  674.         $definition $first['definition'];
  676.         if (empty($pathSegments)) {
  677.             return $definition;
  678.         }
  680.         $child array_pop($pathSegments);
  682.         $association $child['field'];
  684.         if ($association instanceof ManyToManyAssociationField) {
  685.             /*
  686.              * Example:
  687.              * route:           /api/product/SW1/categories
  688.              * $definition:     \Shopware\Core\Content\Category\CategoryDefinition
  689.              */
  690.             return $association->getToManyReferenceDefinition();
  691.         }
  693.         return $child['definition'];
  694.     }
  696.     private function write(Request $requestContext $contextResponseFactoryInterface $responseFactorystring $entityNamestring $pathstring $type): Response
  697.     {
  698.         $payload $this->getRequestBody($request);
  699.         $noContent = !$request->query->has('_response');
  700.         // safari bug prevents us from using the location header
  701.         $appendLocationHeader false;
  703.         if ($this->isCollection($payload)) {
  704.             throw new BadRequestHttpException('Only single write operations are supported. Please send the entities one by one or use the /sync api endpoint.');
  705.         }
  707.         $pathSegments $this->buildEntityPath($entityName$path$context, [WriteProtection::class]);
  709.         $last $pathSegments[\count($pathSegments) - 1];
  711.         if ($type === self::WRITE_CREATE && !empty($last['value'])) {
  712.             $methods = ['GET''PATCH''DELETE'];
  714.             throw new MethodNotAllowedHttpException($methodssprintf('No route found for "%s %s": Method Not Allowed (Allow: %s)'$request->getMethod(), $request->getPathInfo(), implode(', '$methods)));
  715.         }
  717.         if ($type === self::WRITE_UPDATE && isset($last['value'])) {
  718.             $payload['id'] = $last['value'];
  719.         }
  721.         $first array_shift($pathSegments);
  723.         if (\count($pathSegments) === 0) {
  724.             $definition $first['definition'];
  725.             $events $this->executeWriteOperation($definition$payload$context$type);
  726.             $event $events->getEventByEntityName($definition->getEntityName());
  727.             $eventIds $event->getIds();
  728.             $entityId array_pop($eventIds);
  730.             if ($definition instanceof MappingEntityDefinition) {
  731.                 return new Response(nullResponse::HTTP_NO_CONTENT);
  732.             }
  734.             if ($noContent) {
  735.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  736.             }
  738.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  739.             $criteria = new Criteria($event->getIds());
  740.             $entities $repository->search($criteria$context);
  742.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  743.         }
  745.         $child array_pop($pathSegments);
  747.         $parent $first;
  748.         if (!empty($pathSegments)) {
  749.             $parent array_pop($pathSegments);
  750.         }
  752.         /** @var EntityDefinition $definition */
  753.         $definition $child['definition'];
  755.         $association $child['field'];
  757.         $parentDefinition $parent['definition'];
  759.         if ($association instanceof OneToManyAssociationField) {
  760.             $foreignKey $definition->getFields()
  761.                 ->getByStorageName($association->getReferenceField());
  763.             $payload[$foreignKey->getPropertyName()] = $parent['value'];
  765.             $events $this->executeWriteOperation($definition$payload$context$type);
  767.             if ($noContent) {
  768.                 return $responseFactory->createRedirectResponse($definition$parent['value'], $request$context);
  769.             }
  771.             $event $events->getEventByEntityName($definition->getEntityName());
  773.             $repository $this->definitionRegistry->getRepository($definition->getEntityName());
  775.             $criteria = new Criteria($event->getIds());
  776.             $entities $repository->search($criteria$context);
  778.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  779.         }
  781.         if ($association instanceof ManyToOneAssociationField || $association instanceof OneToOneAssociationField) {
  782.             $events $this->executeWriteOperation($definition$payload$context$type);
  783.             $event $events->getEventByEntityName($definition->getEntityName());
  785.             $entityIds $event->getIds();
  786.             $entityId array_pop($entityIds);
  788.             $foreignKey $parentDefinition->getFields()->getByStorageName($association->getStorageName());
  790.             $payload = [
  791.                 'id' => $parent['value'],
  792.                 $foreignKey->getPropertyName() => $entityId,
  793.             ];
  795.             $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  796.             $repository->update([$payload], $context);
  798.             if ($noContent) {
  799.                 return $responseFactory->createRedirectResponse($definition$entityId$request$context);
  800.             }
  802.             $criteria = new Criteria($event->getIds());
  803.             $entities $repository->search($criteria$context);
  805.             return $responseFactory->createDetailResponse($criteria$entities->first(), $definition$request$context$appendLocationHeader);
  806.         }
  808.         /** @var ManyToManyAssociationField $manyToManyAssociation */
  809.         $manyToManyAssociation $association;
  811.         /** @var EntityDefinition|string $reference */
  812.         $reference $manyToManyAssociation->getToManyReferenceDefinition();
  814.         // check if we need to create the entity first
  815.         if (\count($payload) > || !\array_key_exists('id'$payload)) {
  816.             $events $this->executeWriteOperation($reference$payload$context$type);
  817.             $event $events->getEventByEntityName($reference->getEntityName());
  819.             $ids $event->getIds();
  820.             $id array_shift($ids);
  821.         } else {
  822.             // only id provided - add assignment
  823.             $id $payload['id'];
  824.         }
  826.         $payload = [
  827.             'id' => $parent['value'],
  828.             $manyToManyAssociation->getPropertyName() => [
  829.                 ['id' => $id],
  830.             ],
  831.         ];
  833.         $repository $this->definitionRegistry->getRepository($parentDefinition->getEntityName());
  834.         $repository->update([$payload], $context);
  836.         $repository $this->definitionRegistry->getRepository($reference->getEntityName());
  837.         $criteria = new Criteria([$id]);
  839.         $entities $repository->search($criteria$context);
  840.         $entity $entities->first();
  842.         if ($noContent) {
  843.             return $responseFactory->createRedirectResponse($reference$entity->getId(), $request$context);
  844.         }
  846.         return $responseFactory->createDetailResponse($criteria$entity$definition$request$context$appendLocationHeader);
  847.     }
  849.     private function executeWriteOperation(
  850.         EntityDefinition $entity,
  851.         array $payload,
  852.         Context $context,
  853.         string $type
  854.     ): EntityWrittenContainerEvent {
  855.         $repository $this->definitionRegistry->getRepository($entity->getEntityName());
  857.         $conversionException = new ApiConversionException();
  858.         $payload $this->apiVersionConverter->convertPayload($entity$payload$conversionException);
  859.         $conversionException->tryToThrow();
  861.         $event $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($repository$payload$entity$type): ?EntityWrittenContainerEvent {
  862.             if ($type === self::WRITE_CREATE) {
  863.                 return $repository->create([$payload], $context);
  864.             }
  866.             if ($type === self::WRITE_UPDATE) {
  867.                 return $repository->update([$payload], $context);
  868.             }
  870.             if ($type === self::WRITE_DELETE) {
  871.                 $event $repository->delete([$payload], $context);
  873.                 if (!empty($event->getErrors())) {
  874.                     throw new ResourceNotFoundException($entity->getEntityName(), $payload);
  875.                 }
  877.                 return $event;
  878.             }
  880.             return null;
  881.         });
  883.         if (!$event) {
  884.             throw new \RuntimeException('Unsupported write operation.');
  885.         }
  887.         return $event;
  888.     }
  890.     private function getAssociation(FieldCollection $fields, array $keys): AssociationField
  891.     {
  892.         $key array_shift($keys);
  894.         /** @var AssociationField $field */
  895.         $field $fields->get($key);
  897.         if (empty($keys)) {
  898.             return $field;
  899.         }
  901.         $reference $field->getReferenceDefinition();
  902.         $nested $reference->getFields();
  904.         return $this->getAssociation($nested$keys);
  905.     }
  907.     private function buildEntityPath(
  908.         string $entityName,
  909.         string $pathInfo,
  910.         Context $context,
  911.         array $protections = [ReadProtection::class]
  912.     ): array {
  913.         $pathInfo str_replace('/extensions/''/'$pathInfo);
  914.         $exploded explode('/'$entityName '/' ltrim($pathInfo'/'));
  916.         $parts = [];
  917.         foreach ($exploded as $index => $part) {
  918.             if ($index 2) {
  919.                 continue;
  920.             }
  922.             if (empty($part)) {
  923.                 continue;
  924.             }
  926.             $value $exploded[$index 1] ?? null;
  928.             if (empty($parts)) {
  929.                 $part $this->urlToSnakeCase($part);
  930.             } else {
  931.                 $part $this->urlToCamelCase($part);
  932.             }
  934.             $parts[] = [
  935.                 'entity' => $part,
  936.                 'value' => $value,
  937.             ];
  938.         }
  940.         /** @var array{'entity': string, 'value': string|null} $first */
  941.         $first array_shift($parts);
  943.         try {
  944.             $root $this->definitionRegistry->getByEntityName($first['entity']);
  945.         } catch (DefinitionNotFoundException $e) {
  946.             throw new NotFoundHttpException($e->getMessage(), $e);
  947.         }
  949.         $entities = [
  950.             [
  951.                 'entity' => $first['entity'],
  952.                 'value' => $first['value'],
  953.                 'definition' => $root,
  954.                 'field' => null,
  955.             ],
  956.         ];
  958.         foreach ($parts as $part) {
  959.             /** @var AssociationField|null $field */
  960.             $field $root->getFields()->get($part['entity']);
  961.             if (!$field) {
  962.                 $path implode('.'array_column($entities'entity')) . '.' $part['entity'];
  964.                 throw new NotFoundHttpException(sprintf('Resource at path "%s" is not an existing relation.'$path));
  965.             }
  967.             if ($field instanceof ManyToManyAssociationField) {
  968.                 $root $field->getToManyReferenceDefinition();
  969.             } else {
  970.                 $root $field->getReferenceDefinition();
  971.             }
  973.             $entities[] = [
  974.                 'entity' => $part['entity'],
  975.                 'value' => $part['value'],
  976.                 'definition' => $field->getReferenceDefinition(),
  977.                 'field' => $field,
  978.             ];
  979.         }
  981.         $context->scope(Context::CRUD_API_SCOPE, function (Context $context) use ($entities$protections): void {
  982.             $this->entityProtectionValidator->validateEntityPath($entities$protections$context);
  983.         });
  985.         return $entities;
  986.     }
  988.     private function urlToSnakeCase(string $name): string
  989.     {
  990.         return str_replace('-''_'$name);
  991.     }
  993.     private function urlToCamelCase(string $name): string
  994.     {
  995.         $parts explode('-'$name);
  996.         $parts array_map('ucfirst'$parts);
  998.         return lcfirst(implode(''$parts));
  999.     }
  1001.     /**
  1002.      * Return a nested array structure of based on the content-type
  1003.      */
  1004.     private function getRequestBody(Request $request): array
  1005.     {
  1006.         $contentType $request->headers->get('CONTENT_TYPE''');
  1007.         $semicolonPosition mb_strpos($contentType';');
  1009.         if ($semicolonPosition !== false) {
  1010.             $contentType mb_substr($contentType0$semicolonPosition);
  1011.         }
  1013.         try {
  1014.             switch ($contentType) {
  1015.                 case 'application/vnd.api+json':
  1016.                     return $this->serializer->decode($request->getContent(), 'jsonapi');
  1017.                 case 'application/json':
  1018.                     return $request->request->all();
  1019.             }
  1020.         } catch (InvalidArgumentException UnexpectedValueException $exception) {
  1021.             throw new BadRequestHttpException($exception->getMessage());
  1022.         }
  1024.         throw new UnsupportedMediaTypeHttpException(sprintf('The Content-Type "%s" is unsupported.'$contentType));
  1025.     }
  1027.     private function isCollection(array $array): bool
  1028.     {
  1029.         return array_keys($array) === range(0\count($array) - 1);
  1030.     }
  1032.     private function getEntityDefinition(string $entityName): EntityDefinition
  1033.     {
  1034.         try {
  1035.             $entityDefinition $this->definitionRegistry->getByEntityName($entityName);
  1036.         } catch (DefinitionNotFoundException $e) {
  1037.             throw new NotFoundHttpException($e->getMessage(), $e);
  1038.         }
  1040.         return $entityDefinition;
  1041.     }
  1043.     private function validateAclPermissions(Context $contextEntityDefinition $entitystring $privilege): ?string
  1044.     {
  1045.         $resource $entity->getEntityName();
  1047.         if ($entity instanceof EntityTranslationDefinition) {
  1048.             $resource $entity->getParentDefinition()->getEntityName();
  1049.         }
  1051.         if (!$context->isAllowed($resource ':' $privilege)) {
  1052.             return $resource ':' $privilege;
  1053.         }
  1055.         return null;
  1056.     }
  1058.     private function validatePathSegments(Context $context, array $pathSegmentsstring $privilege): array
  1059.     {
  1060.         $child array_pop($pathSegments);
  1062.         $missing = [];
  1064.         foreach ($pathSegments as $segment) {
  1065.             // you need detail privileges for every parent entity
  1066.             $missing[] = $this->validateAclPermissions(
  1067.                 $context,
  1068.                 $this->getDefinitionForPathSegment($segment),
  1069.                 AclRoleDefinition::PRIVILEGE_READ
  1070.             );
  1071.         }
  1073.         $missing[] = $this->validateAclPermissions($context$this->getDefinitionForPathSegment($child), $privilege);
  1075.         return array_unique(array_filter($missing));
  1076.     }
  1078.     private function getDefinitionForPathSegment(array $segment): EntityDefinition
  1079.     {
  1080.         $definition $segment['definition'];
  1082.         if ($segment['field'] instanceof ManyToManyAssociationField) {
  1083.             $definition $segment['field']->getToManyReferenceDefinition();
  1084.         }
  1086.         return $definition;
  1087.     }
  1088. }