Add native Http-based attribute support (Deprecate SensioFrameworkExtraBundle) #45415
Conversation
|
Wow big PR thanks for tackling this! |
|
In case it needs to be lazy and central, it might be a good idea to incorporate it in the Routing component. It would make it possible for the attributes to be placed in an already existing cache, whichever configuration format the developer uses to configure their routes. Plus it would make the following possible when attribute support is disabled: return function (RoutingConfigurator $routes) {
$routes->add('foo', '/foo')
->controller([BlogApiController::class, 'show'])
->attributes([
new Cache(maxage: 15),
new Template(template: 'templates/foo.html.twig')
])
;
};See https://github.com/sensiolabs/SensioFrameworkExtraBundle/issues/140 for this being requested 10 years ago. |
|
Routing is mostly unaware of the concept of controllers so I wouldn't add to it. HttpKernel is just fine for that to me. |
There was a problem hiding this comment.
The plan is to remove paramConverter but we never finished it (see #40333 (comment)).
We also have issues (ie. #40333) because of conflict between paramConvert + Argument Resolver (I didn't checked if this PR solved this issue)
I have the feeling that ParamConverter and ArgumentResolver provide the same features, or, at least, in most of the cases are used in the same way (ie Entity resolver). They are confusing for end-users and IMHO one should and one should be removed.
I'm 👍 for deprecating the SensioFrameworkExtraBundle, and finishing the migration to ArgumentResover
For the record, there is PR that adds support for Doctrine Entity (#43854). 😞 I need to find time to finish it.
|
Thank you very much for all the effort you've put into this PR! One reason why FrameworkExtraBundle should be deprecated was that Symfony already has a replacement for the ParamConverter mechanism: https://symfony.com/doc/current/controller/argument_value_resolver.html Now in your PR, I see that ParamConverters have been resurrected. Can you please have a look if you can build those attributes with argument value resolvers instead? |
|
See #45457 for the controller attribute mechanism suggested by Nicolas :) |
|
The best practices docs tells us not to use the It makes me question whether |
|
Also, I would not migrated the To me, this should rather be left out, adding a few advanced features to IsGranted: |
|
@codedmonkey would you be up to resume this work on top of #46001? It'd suggest splitting this PR in many, one per attribute. |
|
I'll see what I can do :) |
|
Cool thanks, I'm looking forward to your PRs 🙏 |
This PR was merged into the 6.2 branch. Discussion ---------- [Security] Add `#[IsGranted()]` | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Part of #44705 | License | MIT | Doc PR | - Extracted from #45415 (and modernized a lot). I did not implement the proposals from Stof to keep this first iteration simple. I'd appreciate help to improve the attribute in a follow up PR 🙏 Commits ------- bf8d75e [Security] Add `#[IsGranted()]`
…nder arrays returned by controllers (nicolas-grekas) This PR was merged into the 6.2 branch. Discussion ---------- [TwigBridge] Add `#[Template()]` to describe how to render arrays returned by controllers | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Part of #44705 | License | MIT | Doc PR | - Extracted from #45415 (and modernized a lot). Unlike the``@Template`` annotation, this attribute mandates a template name as argument. This removes the need for any template-guesser logic, making things explicit. Using the attribute also turns `FormInterface` instances into `FormView`, adjusting the status code to 422 when a non-valid form is found in the parameters, similarly to what `AbstractController::render()` does. Commits ------- c252606 [TwigBridge] Add `#[Template()]` to describe how to render arrays returned by controllers
…HTTP cache headers on controllers (nicolas-grekas) This PR was merged into the 6.2 branch. Discussion ---------- [HttpKernel] Add `#[Cache()]` to describe the default HTTP cache headers on controllers | Q | A | ------------- | --- | Branch? | 6.2 | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | Part of #44705 | License | MIT | Doc PR | - Extracted from #45415 (and modernized a lot). I'd appreciate any help for porting the other attributes following this leading PR 🙏 Commits ------- acd4fa7 [HttpKernel] Add `#[Cache]` to describe the default HTTP cache headers on controllers
|
@nicolas-grekas I think you've got them all covered since the ParamConverter and Security annotations have been discusses and rejected by the community. Thank you for all the hard work :) |
While annotations have been part of the Symfony experience for years, support for this has always been dependent of separate libraries. Because of concerns over performance, annotations used by controllers have up to this point been part of SensioFrameworkExtraBundle. With the addition of attributes to PHP, this can finally be addressed directly.
This PR takes the annotation classes and services from SensioFrameworkExtraBundle and adds them to the Symfony core as attribute-based services. Each attribute and their related services have been moved to the most appropriate component:
Cache➡️Symfony\Component\HttpKernel\Attribute\CacheEntity➡️Symfony\Bridge\Doctrine\Attribute\EntityIsGranted➡️Symfony\Component\Security\Attribute\IsGrantedParamConverter➡️Symfony\Component\HttpKernel\Attribute\ParamConverterSecurity➡️Symfony\Component\Security\Attribute\SecurityTemplate➡️Symfony\Bridge\Twig\Attribute\TemplateSimilarly, services have been divided over the FrameworkBundle, SecurityBundle and TwigBundle for their respective attributes (the DoctrineBundle has to be updated as well).
Originally, the SensioFrameworkExtraBundle used the
ControllerListenerclass to loop through the configured controller annotations and add its metadata to the request in it'sattributesparameter bag, after which a separate event listener would pick up the metadata for a specific annotation to execute the expected logic. Because the event listeners now reside in different components there isn't any way to handle all attributes at once, so each listener is now responsible for reading the attributes on the controller for itself.Drawbacks
There are a few small drawbacks by deprecating the SensioFrameworkExtraBundle.
It used to be possible to disable support for each attribute individually, but since a toggle for this wasn't added when integrating the
Routeannotation in Symfony, I didn't add those here either. There is a difference though, routing attributes are (usually) only read during compilation and are cached afterwards. The attributes added in this PR are all read at runtime. Additionally, each event listener has to read the the controller class for attributes separately and is added to the container by default. I am not qualified to say what impact this will have on general performance.Annotations that are based on the
ConfigurationInterfacefrom the SensioFrameworkExtraBundle have their metadata stored in the request'sattributesparameter bag. Because the event listeners get the metadata directly from the controller now, this has been removed for most attributes in this PR. This means it's no longer possible to manipulate this metadata before the respective event listener, which is technically a BC break. In the case where metadata is used by its event listener from multiple events, the metadata is still stored in the request.Remaining Tasks
Entityattribute services to DoctrineBundle