Integration Points - run-time exclusion checking

[jmcclell]

I (like many others) am using the serializer package in a Symfony2 library to create a RESTful API.

Everything works swimmingly well, but there is one requirement I have that I am not able to figure out. I need to be able to exclude (or, inversely, expose) fields based on whether or not the end user has access to them. In my case, this depends on a Symfony Security expression.

I am having a very difficult time figuring out the best way to integrate such functionality.

The events seem to allow me to add data or change the data, but by that point I don't see how I could skip fields entirely. Even if I could, I don't see how I would be able to configure which fields should stay or go as there is no way to extend the property metadata with custom attributes. (That I can tell, anyway!)

Handlers don't work as they are just not meant for such a thing.

I have been running into road blocks trying to come up with a fairly elegant way of doing it, but the serializer codebase is still pretty foreign to me so I am just not seeing an easy path.

Does anyone have any recommendations? Or recommended ways that the codebase could be modified to provide greater extensibility? I'd be happy to take a crack at something along those lines if I knew I was headed in a feasible direction.

[stof]

The library already has exclusion stategies. All you need to do is implement a custom one for your needs

[schmittjoh]

I'd recommend to ask such questions on stackoverflow. That's usually better and you get more answers.

[jmcclell]

Of course. Thanks guys, I had tried SO prior and was only pointed toward using groups. stof's suggestion points me in the right direction.