Validate `include` parameter

demos-europe / edt

Enables your PHP application to expose its entities as REST resources using the feature rich JSON:API specification as API. How and to whom your entities are exposed is highly customizable while minimizing boilerplate code.

MIT License

2 stars 1 forks source link

Validate `include` parameter #103

Open dresslerdemos opened 1 year ago

dresslerdemos commented 1 year ago

When the include parameter is allowed in a request it must be validated, ideally in the corresponding request class (ListRequest, GetRequest, …) by following the path and checking if each property is set as readable. If this is not possible it needs to be done in the DynamicTransformer.

[x] Things may be simpler to implement if the ExposableRelationshipTypeInterface interface is removed first.

See https://jsonapi.org/format/#fetching-includes

dresslerdemos commented 9 months ago

Note that depending on the implementation of this issue, the psr/log dependency may be fully removed, as it is currently needed in the DynamicTransformer only.