Relay Core Bundle Laravel Package

• Update and require api-platform 2.7 See https://api-platform.com/docs/core/upgrade-guide/ for changes and how to migrate to the newer systems. Note that we don't set metadata_backward_compatibility_layer to false yet, so all old interfaces should still work.

• The OpenAPI docs now use their own Keycloak client Javascript module instead of using the one from the configured Keycloak server. This change was required due to Keycloak 22 planning to no longer provide the Javscript module.

• extension: add registerLoggingChannel() for registering a new logging channel
• logging: Allow disabling log masking via registerLoggingChannel() for specific channels
• bundle: this bundle now depends on the monolog bundle and requires it to be loaded

• cron: The dbp:relay:core:cron command will no longer run all jobs the first time it is called when the cache is empty.
• cron: The dbp:relay:core:cron command gained --force option which forces it to run all jobs, independent of their schedule.
• cron: There is a new dbp:relay:core:cron:list command which lists all registered cron jobs and related meta data.

• The logging context now includes the active symfony route name

• api-docs: compatibility fixes for relay-auth-bundle v0.1.12

• new Locale service for setting a locale from a requests and forwarding to other services

• dbp:relay:core:migrate: Work around issues in DoctrineMigrationsBundle which sometimes led to migrations being skipped.

• new dbp:relay:core:migrate command
• start of a new authorization framework

• Temporarily restrict api-platform/core to < 2.7.0

• extension: add registerEntityManager() for registering doctrine entity managers

• The core bundle will now set the Symfony locale based on the "Accept-Language" HTTP header.
• Moved the documentation to https://github.com/digital-blueprint/handbook to avoid general documentation being split/duplicated in two places.

• AbstractDataProvider: throw 500 instead of 400 in case a filter exception occurs on creation of a filter from a prepared filter (defined in bundle config).
• Rest/Query/Filter: also allow filter shortcuts with only path and operator for operators that don't have/need a value: "filter[path][operator]=IS_NULL"

• Make sure AbstractAuthorizationService::isGrantedRole and isGrantedResourcePermission always return a boolean value

• Add functions to the authorization test utils

• AbstractDataProvider: fix empty array source data value

• AbstractLocalDataEventSubscriber: allow to access nested attributes of the source data using keys with dot notation (e.g. "user.email")

• Add routePrefix support to addExposeHeader/addAllowHeader
• Update frontend (API docs) dependencies

• AbstractDataProvider: throw 500 instead of 400 in case of a filter exception occurs on creation of a filter from a prepared filter (defined in bundle config).

• Add a workaround to the data providers for situations where they are called by a IriConverterInterface.getResourceFromIri(...), where resource_class and groups are not set in the context

• Fix a missing service error in case there is no doctrine bundle loaded.

• MigratePostEvent gained an array of migrations that were run, keyed by entity manager name.
• The "core:check-health" CLI command gained a --skip option to skip specific health checks.

• Add Tools::createAddressArray to standardize the format of address objects provided over the API
• Rest/Query/Filter: fix the condition operator being ignored for condition shortcuts

• Add DateTimeUtcNormalizer normalizer/datetimenormalizer which is more strict than the builtin one for parsing, always converts to UTC, and outputs strings with milliseconds by default.

• Rest/Query/Filter: Update filter syntax group → logical, conjunction → operator
• Rest/Query/Filter: Add condition operators NOT_EQUALS and IS_NOT_NULL
• Rest/Query/Sort: Replace array storage of sort fields by SortField objects
• LocalData/AbstractLocalDataEventSubscriber: Apply local data attribute path mapping to sort attribute paths (like for filter attribute paths)

• Throw a 403 forbidden error if the user doesn't have read access to a local data attribute instead of setting it null.
• Fix ExtensionTrait::addPathToHide not having any effect.
• doctrine: add DateImmutableUtcType and DateTimeImmutableUtcType for UTC date/datetime handling

• Rest\Query\Filter: fix mapConditionNodes for ConstantNode nodes
• Rest\Query\Filter: add operator type 'HAS' to check if an array contains a certain value

• LocalDataPostEvent: add options for, e.g. localized local data attributes
• LocalData: add optional entity_short_name attribute to local data and local data subscriber configuration to specify the entity the local data attribute is defined for. It can be omitted if the local data attribute is defined for all entities or there is only one entity using local data attributes.
• AbstractLocalDataEventSubscriber: allow overriding the getting of the local data attribute value, e.g. for attributes that can be provided by a data connector, but whose values are not included in the source system's standard set of attributes.

• TestUtils: allow passing the URI variables of the current request to DataProviderTester and DataProcessorTester

• Add support for Symfony 7.4
• Add support for symfony/monolog-bundle 4
• Remove various deprecated classes and methods:
  • AbstractEntityDeNormalizer
  • AbstractGetAttributeSubscriber
  • Tools::decodeJSON
  • Tools::dumpTrace
  • AbstractStateProvider
  • NamedEntityInterface

• don't ship all subclasses of AbstractAuthorizationService with an EntityNormalizer
• implement ResetInterface::reset where possible for kernel testing
• offer TestAuthorizationService::reset for manual reset of request caches for non-kernel tests
• remove deprecate policies from authorization config in favor of roles and resource_permissions (deprecated since v0.1.188)

• deprecate UserAuthTrait in favor of TestClient

• Inject the EntityNormalizer into AbstractAuthorizationService for testing to avoid null references
• TestClient: offer a method to reset the request caches of a given AbstractAuthorizationService service

• Restore missing dependency on symfony/asset

• api-docs: update vendored bundle, move from rollup to rolldown for bundling
• Drop support for api-platform v3
• Move dependencies to split api-platform packages

• Add support for kevinrob/guzzle-cache-middleware v7, drop support for v4

• Allow configuration of identifier name for DataProviderTester and DataProcessorTester
• Remove strict dependency on doctrine migrations bundle

• Allow HEAD for CORS requests as well
• Drop workaround for broken CORS headers with Apache <=2.4.47 for 304 responses since no one should be using such old Apache versions anymore.

• AbstractAuthorizationService: add authorization expressions on setupAccessControlPolicies instead of replacing them (allows subclasses of AbstractDataProvider to define authorization expressions without being replaced internally)
• AbstractLocalDataEventSubscriber: map local data attribute paths in filter to their respective source attribute paths
• add FilterTools
• Decorate the 'doctrine.migrations.migrations_factory' service to be able to inject the service container into doctrine migration subclasses.
• Add AbstractEntityManagerMigration which gets injected the service container and is meant to be subclassed by doctrine migrations versions

• Rework user attribute provision: Change UserAttributeProviderInterface from "get-all-available-attributes" to "has-get-attribute"

• Deprecate QueryHelper::getEntities and add QueryHelper::getEntitiesPageNumberBased and QueryHelper::getEntitiesPageStartIndexBased and

• rest/query/filters: validate filter operators and values on construction of ConditionNode

• deprecate Pagination::getAllResults and introduce Pagination::getAllResultsPageNumberBased and Pagination::getAllResultsPageStartIndexBased

• Fix an internal error when requesting /errors/XXX

• support both api-platform 3 and 4

• add MigratePostEvent that is fired after a successful DB migration
• support both api-platform 3 and 4

• Add support for Api-Platform v4

• filter query parameter syntax: require string values to be quoted with double quotes to be able to distinguish between strings and numeric/boolean values and be type safe
• force use filters (where force_use_policy evaluates to true) for get item operations as well, for get item and get collection to be consistent. NOTE: implementors are responsible to apply those filters in their overrides of getItemById (filters are found in the $options parameter, like for getPage).

• Drop support for PHP 8.1
• Drop support for Symfony 5
• Drop support for api-platform 3.2/3.3

• Add Rest/Tools: Centralize the fix for multipart/form-data PATCH requests (where parameters are not present by default)

• Remove enforced filters (as introduced in v0.1.200) and update prepared filters such that they now have a use_policy (is the current user allowed to request the filter?) and a force_use_policy (is the usage of the filter forced for the current user?)

• Add Rest/Query/Parameters:getBool helper function and tests
• Removed long deprecated GuzzleTools class
• Removed long deprecated Helpers\Locale class

• Rest/Query/Filter: automatically simplify the filter tree on filter creation to simplify the filter and remove constant nodes which might not be supported by the data source system

• Rest/Query/Filter: Append a constant 'false' node when an 'inArray' condition with an empty array is appended to a filter tree

• Add enforced filters which, when configured, are always applied for collection GET requests and allows for the restriction of results based on the logger-in user's authorization attributes

• Make QueryHelper::addFilter work for JOINS (where there are multiple entity aliases)
• Add preserveItemKeys filter to Pagination::getPage()
• Remove UserAttributeService::getUserAttribute method. Note that the service is only intended to deliver the currently logged-in user's attributes

• TestUserSession: allow setting up a service account user session for unit tests

• cron: print information about the cron jobs being run and their status to stdout instead of just logging them.
• The UserSessionInterface set up via UserAuthWebTrait and UserAuthTrait now behaves like a real user session in more cases, fixing various inconsistencies.
• Drop support for psalm

• Add method isGetRequest to AbstractStateProvider and isRootGetRequest to StateTrait
• Refactor tests

• Add Doctrine/QueryHelper utility class
• Update test utils

• Add DoctrineConfiguration to help bundles with the Doctrine setup
• Add test utilities (like the TestEntityManager) to help bundles to test using an in-memory database

• Add support for PHP 8.4
• Fix EntityNormalizer to work with entity relations (child entities)
• The deprecated bundle config key "messenger_transport_dsn" has been removed. Use "queue_dsn" instead.
• Fix install scripts failing in some cases where a worker queue was required but none was configured. Instead fail in the health checks only, in all cases.

• Rename to AuthorizationConfigDefinition::addResourcePermission
• Expose test token constant

• Update the vendored JS bundle containing the API docs login component. Most importantly this updates the Keycloak JS adapter to the latest version.

• Divide access control policies into 'roles' (resource dependent) and 'resource permissions' (resource dependent), deprecating 'policies', which can be both. This helps to do things more intelligently and efficiently, since 'roles' can be evaluated per class, as opposed 'resource permissions' which are evaluated per resource instance.
• Add support for showing additional output (normalization) groups depending on roles/resource permissions/arbitrary conditions

• Work around Symfony doctrine annotation detection getting a false positive in this bundle. It would try to load the annotations driver in that case, which no longer exists in newer doctrine.

• Remove conflict with doctrine/dbal v4, now that all dependencies are compatible with it

• Restore default ErrorProvider behavior which leaves exceptions that already are api-platform resources untouched

• hide 'description' attribute when serialization API errors
• Restore the ApiError API from v0.1.182
• Fix ApiError not serializing the description in debug mode for 5xx errors

• inject custom ErrorProvider to continue sending 'hydra:' error attributes which were removed in api-platfrom 3.4.2

• make ApiError an api-platform ErrorResource, remove the custom ApiError normalizer, and set rfc_7807_compliant_errors to true (backwards compatibility flag which will be removed in api-platform 4)
• Dropped support for api-platform v2. v3.2 is now the oldest supported version.

• Fix filters (query parameters) not being passed to implementors of AbstractDataProcessor
• Add CustomControllerTrait to facilitate custom controller to require authentication

• Fix fetching of user attributes in an unauthorized context.

• UserSessionInterface gained a new isServiceAccount() method to allow for distinguishing between user and service accounts.
• UserSessionInterface gained a new getSessionCacheTTL() which is the same as the old getSessionTTL() method, but with a more descriptive name.

Note that the OIDC connector needs to be updated to be compatible with this new version.

• Ensure that for ApiError the errorDetails property is always serialized as an object
• For ApiError make sure that either both errorId and errorDetails are set or none of them when serialized as JSON.

• Remove dependency on symfony/contracts
• Port to PHPUnit 10

• add support for sort query parameter for GET collection requests (for extenders of AbstractDataProvider)
• allow enabling/disabling filter/prepared filter/sort via AbstractDataProvider config

• The "dbp/relay-auth-bundle" has been replaced by the "dbp/relay-core-connector-oidc-bundle". Check out the https://github.com/digital-blueprint/relay-core-connector-oidc-bundle/blob/main/CHANGELOG.md for a migration guide.
• composer: Add a conflict with the old "dbp/relay-auth-bundle".

• modernize code
• add Filter:mapConditionNodes method to be able to replace certain condition nodes (e.g. for local data mapping)

• Enhance test utilities
• Add unit tests for DataProviderTester and DataProcessorTester
• Allow setup with custom user identifier and attributes for DataProviderTester and DataProcessorTester

• AbstractDataProvider: Do not require AbstractDataProvider::isUserGrantedOperationAccess to be overridden anymore. Instead, assume that all operations require the user to be authenticated, throwing 401 otherwise. This behavior can be overridden using AbstractDataProvider::requiresAuthentication. Introduce a new method AbstractDataProvider::isCurrentUserGrantedOperationAccess that can be overridden to forbid access to certain operations (throwing 403)
• add TestClient to TestUtils, which can be used for internal API testing

• Update code style
• TestAuthenticator: Return 401 instead of 403 on authentication failure

• replace deprecate ContextAwareNormalizeInterface by NormalizedInterface

• Add UserAttributeProviderExInterface to allow for more flexible attribute providers

• Improvements to the fix in v0.1.166 for the API docs auto-login

• Fix the API docs auto-login with api-platform v3.3.6+

• Update the vendored JS bundle containing the API docs login component. Most importantly this updates the Keycloak JS adapter to the latest version.

• Remove remaining internal uses of Doctrine annotations and related dependencies

• Make TestUserSession public again (it had users after all)

• facilitate usage of DataProvider/DataProcessorTester

• add support for GET item operation without (or constant) identifier to AbstractDataProvider

• add isPolicy/AttributeDefined and getPolicy/AttributeNames access functions to AbstractAuthorizationService

• The core bundle now configures Symfony to log PHP errors in all cases, not just when the environment is "dev". In addition the logging levels of each PHP error is synced with the improved Symfony 7 defaults.
• The worker queue now configures a failure transport by default in all cases. This means after a message failed multiple times it will not be thrown out but moved to the failure transport. The failure transport uses the same connection as the main transport so no configuration change is needed.

• Fix various Symfony/api-platform deprecation warnings

• Add support for monolog v3

• Fix a regression from v0.1.154 where UserAuthTrait (this is used in unit tests only) would log the user in before the authentication.

• Restore support for api-platform 3.2

• Remove support for api-platform 3.2 for now as some regressions have surfaced.
• Add regression tests to avoid similar issues in the future.

• Add preliminary support for api-platform 3.2

• Conflict with carbonphp/carbon-doctrine-types v3 to work around composer issues

• Conflict with doctrine/dbal v4 to work around composer issues

• Set a timeout of 20min for database migrations, because some migrations take a long time

• Add conflict for broken api-platform release

• Remove dependency on symfony/redis-messenger and ext-redis

• Add support for Symfony 6

• Restrict to monolog/monolog v2
• dev: replace abandoned composer-git-hooks with captainhook. Run vendor/bin/captainhook install -f to replace the old hooks with the new ones on an existing checkout.

• Various cleanups to remove deprecation warnings with Symfony 6

• Fix various Symfony 6 deprecation warnings

• composer: allow psr/http-message v1 again, to make rdepend updates easier

• Drop support for PHP 7.4/8.0

• Update to psalm v5

• Removed legacy API-Platform API: Dbp\Relay\CoreBundle\DataProvider\AbstractDataProvider Use Dbp\Relay\CoreBundle\Rest\AbstractDataProvider instead.

• Drop support for PHP 7.3

• health-checks: show a summary of all failed checks at the end
• Support kevinrob/guzzle-cache-middleware v5

• ExtensionTrait::addPathToHide() now optionally allows passing a method, for hiding things other then GET.

• Fix WholeResultPaginator::getItems(), it would return all items instead of the page
• AuthorizationConfigDefinition now sets all default policies automatically even if the bundle documentation contains no authorization section.

• Deprecate AbstractDataProvider

• Implement a workaround for Symfony not auto-creating the application cache for PDO backends, leading to lots of SQL errors in the logs on cache accesses.
• Add a health check for the application cache.

• Use the global "cache.app" adapter for caching instead of always using the filesystem adapter

• Sets 'metadata_backward_compatibility_layer' for api-platform to 'false'. This disables some legacy services and enables the new metadata system, which is the default in api-platform 3.x. See https://api-platform.com/docs/core/upgrade-guide/#the-metadata_backward_compatibility_layer-flag for more information in case there are any incompatibilities with your code.