1
votes

I'm following the example / documentation closely trying to set up a resource that only its owner can access, and I get this error:

"hydra:description": "Notice: Undefined property: ApiPlatform\Core\Bridge\Doctrine\Orm\Paginator::$owner",

JWT authentication per se seems to work fine.

my resource is defined like this:

/**
 * @ORM\Entity
 * @ApiResource(
 *     attributes={"access_control"="is_granted('ROLE_USER') and object.owner == user"},
 *     collectionOperations={"get"},
 *     itemOperations={"get"},
 *     )
 */

Security and user provider and everything is set up exactly as in the api-platform or Symfony documentation.

The property owner is defined as:

/**
 * @var User The owner
 *
 * @ORM\ManyToOne(targetEntity=User::class)
 */
public $owner;

What am I doing wrong?

1

1 Answers

1
votes

I think this would work on your itemOperation GET, but not on your collectionOperation. The reason is that "object" in this case will the the collection of User objects, which is represented as the Paginator class.