2020-11-20 - Add the login required annotation
INFO
This document represents an architecture decision record (ADR) and has been mirrored from the ADR section in our Shopware 6 repository. You can find the original version here
Context
Some routes for the sales-channel-api and the store-api/storefront depend on SalesChannelContext to identify whether the Customer is logged or not. For keeping clean code, consistency, and more easy to readable API. We create a new annotation for routing \Core\Framework\Routing\Annotation\LoginRequired.
Decision
With the store-api/storefront routing needs requiring logged in for access, developers need to define annotation @LoginRequired for API.
This annotation to the following:
@LoginRequired- This annotation is validating the
SalesChannelContexthas Customer return success, otherwise throwCustomerNotLoggedInException
- This annotation is validating the
@LoginRequired(allowGuest=true)- This annotation is validating the
SalesChannelContexthas Customer and allow Guest admits, otherwise throwCustomerNotLoggedInException
- This annotation is validating the
An example looks like the following:
/**
* @Since("6.0.0.0")
* @LoginRequired()
* @Route(path="/store-api/v{version}/account/logout", name="store-api.account.logout", methods={"POST"})
*/
/**
* @Since("6.2.0.0")
* @LoginRequired(allowGuest=true)
* @Route("/account/order/edit/{orderId}", name="frontend.account.edit-order.page", methods={"GET"})
*/Consequences
From the moment the LoginRequired annotation should be using every new store-api/storefront if the routing needs requiring logged in for access. If LoginRequired is not using, that means the store-api/storefront can accept without a login.
