php - Symfony 5 Serializer - How to not expose whole database

Solution:

Symfony serializer has built-in Ignore strategy (https://symfony.com/doc/current/components/serializer.html#ignoring-attributes)

you can ignore the attribute directly from the model.

use Symfony\Component\Serializer\Annotation\Ignore;

class Presentation
{
    /**
     * @Ignore()
     */
    public $zoomUser;


    //...
}

or by using context.

use Symfony\Component\Serializer\Encoder\JsonEncoder;
use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
use Symfony\Component\Serializer\Normalizer\ObjectNormalizer;
use Symfony\Component\Serializer\Serializer;

$normalizer = new ObjectNormalizer();
$encoder = new JsonEncoder();

$serializer = new Serializer([$normalizer], [$encoder]);
$serializer->serialize($presentation, 'json', [AbstractNormalizer::IGNORED_ATTRIBUTES => ['zoomUser']]);

Solution:

We switched to JMS Serializer Bundle where setting the max. depth is very simple and helps us a lot.

https://jmsyst.com/bundles/JMSSerializerBundle

For Symfony serializer, the only way is to use serialization groups.