-
-
Notifications
You must be signed in to change notification settings - Fork 311
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@ExclusionPolicy("all") is not respected by the parent classes #100
Comments
The exclusion policy is only applied to the class in which it is defined. This is the currently expected behavior, and I think it is also the easiest to understand. I might reconsider this if there are compelling reasons for not doing this though. If you don't want to create a dependency on this bundle, you could instead use for example YAML as a metadata source. |
In my opinion, said dependency is compelling enough. We've recently started migrating YAML metadata sources to Annotations to allow us to use Traits that come with mapped properties too. This is useful for cases such as "drop in" support for Facebook profile data. I think this is a really nice addition and I expect it to be a more generic practice in the future. Can't this behavior be an explicitly option set on the Annotation? |
How would you expose properties of the inherited class again? I haven't worked with traits yet, could you elaborate how annotations are superior to YAML there? |
You'd have to override those properties, as you have to do now (and this works). Here's an example with the
The
While I understand it might be the easiest way to understand the Regarding the Trait, this is a clear advantage as the ORM doesn't support loading YAML metadata files for traits. This drop in support for mapping will allow users to easily mix and organize different functionality driven classes for other interesting areas, such as persistence behaviors (timestampable, geolocatable, etc). Also, right now the At a glance, I don't see why this feature should not be supported for Annotations, since they're so nice to work with. |
The way how you expose properties does not work for private properties. There would be no way to expose any of them. However, you can achieve what you want by using YAML metadata (only for the serializer, Doctrine is not affected by this) for the parent class (for the child class, you can still use annotations). Regarding properties on traits, the serializer at the moment does not scan them, that's why they are not included there. |
I managed to do just that. I guess this is more towards the agnostic storage model pattern for bundles, specially due to the properties visibility problem you mentioned. It took me a while to get the YAML metadata Example:
As a side effect, this does also not allow overriding the metadata from
Would this work? What do you suggest? Finally, regarding traits, should I open an issue for them? |
Yes, you can open an issue for traits. I'm not using PHP 5.4, so don't expect anything all too soon on this, but keeping track of this is always a good idea. The FileLocator basically looks for the relative namespace (Doctrine does this as well btw, but supports both ways for BC reasons). You can overwrite the metadata location though (we have a recipe for this in the docs). |
Using the metadata override works for me. I would probably throw a Configuration error if the By the way, KnpLabs just published a nice post about Traits with concrete examples and code (see issue #102 for Traits support tracking). |
Improve yaml documentacion Fix schmittjoh#100
I find this confusing as well. I override properties from the parent, and have a default policy of exclude all. I even tried an explicit exclusion on the overriden property, and it's still exposed. For example, I'm using the FOSUserBundle, and my extended user object is exposing groups, even though I have an annotation telling it to exclude it. It also means that password hashes are exposed because the ExclusionPolicy only applies to the child class. Ideally a modification to ExclusionPolicy that allows excluding including parent would be ideal |
@schmittjoh it seems people have brought up compelling reasons to add this feature. 1.) We don't always have control over extended classes. Is this library still being maintained? Would you accept a PR? |
yes https://github.com/schmittjoh/serializer/graphs/contributors
yes, only if it solves properly the problem (how to achieve this is not yet clear), it is backward compatible and has proper tests. Regarding the "how", I do not have any brilliant idea to do it. Some ideas:
|
There was a talk about validation inheritance in symfony a few weeks ago. Amongs my suggestions the one below had most sense. |
@mvrhov can you make an example? did not get it |
If at least one serialization setting is written for the child this would mean that you need to repeat all from a parent that you need. If you don't define any, then the ones from the parent are used. |
Do you mean that you have to re-declare properties from parent classes? |
Yes. |
not the best option, with my proposal is not necessary |
Hi @goetas. Thanks for quick reply.
Not sure what mean. Did you mean to make the exclusion apply to all inherited classes like people in this issue brought up? That would definitely be a BC break like you said, I just don't know if that's what you meant but is a major version possible or in the works?
I like the The issue is that blacklisting values only goes as far as the values that you know at the time you made the policy. Someone can add a property later that the child isn't aware of so whitelisting is ideal IMO.
This works for the cases where you know what's being inherited and you know that won't change. That's not always the case.
Me neither! I'll try to dig in when I have some time. I just didn't see activity on this but I obviously wasn't looking in the right places. Thanks! |
Hi @goetas , I have exactly the same problem with the FOS User bundle as described by @timwhite , I'm not sure what you mean by
I use YAML instead of annotations but I still can not exclude parent properties, here's my yaml for
skills, subordinates and languages get properly excluded but not password of emailCanonical. I added those properties to my User entity, but even that way they're still exposed |
I can just confirm its really painful issue. Even if I add exclusion_policy: ALL and exclude: true in yml mapping for inherited property, serializer don't respect those. |
im not familiar with fos user bundle. if somebody is able to provide a failing test case, will do my best to fix it. |
In my case its just simple inherited class (InvoiceAddress extends Address) |
All the cases explained here are more or less simple... but all of them are different and failing maybe for small differences... if you can provide a minimal failing example, possibly as PR, would be great |
It would be much easier for me to give you example here.
yml mapping
Result of serialization would be like
but expected behavior was to only show taxNumber. |
Wrong expectation. The mapping is inherited. AFAIK this is documented. The other thing that's also documented is that you can only map the properties that are in a specific class. You cannot map the properties of a parent in a child. |
IMO it should inherit default exclusions. Using serialization groups is a great feature, but inheritance should be optional. And actually mapping isnt inherited (or I miss something). If I create mapping for inherited class (Address in this case) it wont be respected. |
Everything you write in a xxx.yml or xxx.xml is per class and it applies only on properties of that specific class. |
@Preclowski you need Address:
properties:
firstName:
exclude: true
lastName:
exclude: true As @mvrhov said, metadata are per class. |
I went a bit deeper in the issue.
This meas that if you want to influence the mapping for class, you have to define mapping information explicitly for that class (in YAML or XML). |
Ignoring some parent classes: CComponent, CModel, CActiveRecord
|
Better to use YAML or XML metdata for the CComponent CModel CActiveRecord classes intead of doing this with the builder |
@goetas can you provide a link to the documentation page or to an example page? |
I'm using the agnostic storage pattern for a bundle and I have three User classes:
When using the
@ExclusionPolicy("all")
on theProject\AuthenticationBundle\Entity\User
one would expect all properties of the parents to be also excluded. However, this is not the case and requires me to add the same exclusion policy on each parent, otherwise all the parent properties are serialized. This is a problem because I don't want to create a dependency like this for the bundles.The problem seems to lie in the way
AnnotationDriver
lists the class properties, since it doesn't take into account the parent class annotations, if set.Is there a workaround for this?
The text was updated successfully, but these errors were encountered: