Add endpoint to retrieve stored object content

- Introduced `/1.0/doc-store/stored-object/{uuid}` endpoint to fetch the content of a stored object by UUID. - Implemented access control using `StoredObjectRoleEnum::SEE` permission. - Added OpenAPI specification for the new endpoint, including path parameter `uuid` and response codes `200` and `403`.
2026-03-03 04:29:40 +00:00 · 2026-02-23 13:48:12 +01:00
parent 8a9a25ea43
commit dca59a9254
2 changed files with 38 additions and 0 deletions
--- a/src/Bundle/ChillDocStoreBundle/Controller/StoredObjectApiController.php
+++ b/src/Bundle/ChillDocStoreBundle/Controller/StoredObjectApiController.php
@@ -12,6 +12,7 @@ declare(strict_types=1);
 namespace Chill\DocStoreBundle\Controller;

 use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\MainBundle\CRUD\Controller\ApiController;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -53,4 +54,17 @@ class StoredObjectApiController extends ApiController
            json: true
        );
    }
+
+    #[Route('/api/1.0/doc-store/stored-object/{uuid}', methods: ['GET'])]
+    public function getStoredObject(StoredObject $storedObject): JsonResponse
+    {
+        if (!$this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
+            throw new AccessDeniedHttpException();
+        }
+
+        return new JsonResponse(
+            $this->serializer->serialize($storedObject, 'json', [AbstractNormalizer::GROUPS => ['read']]),
+            json: true
+        );
+    }
 }
--- a/src/Bundle/ChillDocStoreBundle/chill.api.specs.yaml
+++ b/src/Bundle/ChillDocStoreBundle/chill.api.specs.yaml
@@ -54,6 +54,30 @@ paths:
                422:
                    description: "Invalid data"

+    /1.0/doc-store/stored-object/{uuid}:
+        get:
+            tags:
+                - storedobject
+            summary: Get the content of a stored object
+            parameters:
+                -   in: path
+                    name: uuid
+                    required: true
+                    allowEmptyValue: false
+                    description: The UUID of the storedObject
+                    schema:
+                        type: string
+                        format: uuid
+            responses:
+                200:
+                    description: "OK"
+                    content:
+                        application/json:
+                            schema:
+                                $ref: "#/components/schemas/StoredObject"
+                403:
+                    description: "Unauthorized"
+
    /1.0/doc-store/stored-object/{uuid}/is-ready:
        get:
            tags: