[RFC] Link Security

[KDederichs]

Description
Having the ability to add security checks to the Link Resource would be very convenient for subresources that are linked to a restircted resource.

From what I know it's currently not possible (see api-platform/api-platform#2168) to restrict sub resources that way unless you start building your own logic to extract the entity from the URI using aQueryCollectionExtensionInterface which isn't really that great though (also assuming that's a use case that's not THAT uncommon).

From digging around the code a bit it seems the Links are currently archived using query builder joins/conditions so I'm not sure how viable this would actually be using the current system, but it would be nice to have if it somehow could be hooked into Symfonies security systems.

Example
An example would be something like this:

#[ApiResource(
    uriTemplate: '/questions/{id}/answer', 
    uriVariables: [
        'id' => new Link(
            fromClass: Question::class,
            fromProperty: 'answer',
            security: "is_granted(SOME_VOTER, object)"
        )
    ], 
    operations: [new Get()]
)]

where you can call security operations on the object referenced in the voter.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.