Security attributes for openAPI documentation

[Bartheyrman22]

Description
Evaluate the security attributes when building the openAPI documentation. This for Resources and Operations.

Example

<?php
// ApiPlatform\OpenApi\Factory\OpenApiFactory

// inside function collectPaths
if (null !== $security = $operation->getSecurity()) {
    $variables = [
        'trust_resolver' => $this->authenticationTrustResolver,
        'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function
    ];

    $granted = (bool) $this->expressionLanguage->evaluate($security, $variables);
    if (!$granted) {
        continue;
    }
}

[ricardoee]

@Bartheyrman22 If I understand your bug report, is this where the generation of the OpenAPI doc for the UI is not hiding endpoints where the security for either/both ApiResource and, for example, GetCollection evaluates to false, but the UI still shows the endpoint?

[Bartheyrman22]

@ricardoee Yes this is correct.

[soyuka]

Hi there's a flag on openapi to do something similar (implemented at #6945):

        new GetCollection(openapi: new Operation(extensionProperties: [OpenApiFactory::API_PLATFORM_TAG => ['internal', 'anotherone']])), 

Then you can filter the spec using /docs?filter_tags[]=internal or using the command --filter-tags=internal.