Visibility Attributes
Reference for visibility control attributes.
Introduction
Section titled “Introduction”SimpleDTO provides visibility attributes:
- #[Hidden] - Always hide property
- #[Visible(callback)] - Conditionally visible
- 18 Conditional Attributes - See Conditional Attributes
Hidden Attribute
Section titled “Hidden Attribute”Properties marked as hidden are never included in serialization:
use Event4u\DataHelpers\SimpleDTO\Attributes\Hidden;
#[Hidden]public readonly string $password;
#[Hidden]public readonly string $apiToken;Visible Attribute
Section titled “Visible Attribute”Conditionally visible based on callback:
use Event4u\DataHelpers\SimpleDTO\Attributes\Visible;
#[Visible(callback: 'canViewEmail')]public readonly string $email;
private function canViewEmail(mixed $context): bool{ return $context?->role === 'admin';}Static Callback
Section titled “Static Callback”#[Visible(callback: [PermissionChecker::class, 'canViewEmail'])]public readonly string $email;Laravel Gate
Section titled “Laravel Gate”#[Visible(gate: 'view-email')]public readonly string $email;Symfony Voter
Section titled “Symfony Voter”#[Visible(voter: 'view', attribute: 'email')]public readonly string $email;Conditional Attributes
Section titled “Conditional Attributes”See Conditional Attributes for 18 conditional attributes:
#[WhenAuth] // Show when authenticated#[WhenRole('admin')] // Show when user has role#[WhenCan('view-email')] // Show when user has permission#[WhenValue('status', 'active')] // Show when property equals valueReal-World Example
Section titled “Real-World Example”class UserProfileDTO extends SimpleDTO{ public function __construct( public readonly string $name,
#[WhenAuth] public readonly ?string $email = null,
#[Hidden] public readonly string $password,
#[WhenRole('admin')] public readonly ?string $ipAddress = null, ) {}}Best Practices
Section titled “Best Practices”Always Hide Sensitive Data
Section titled “Always Hide Sensitive Data”// ✅ Good#[Hidden]public readonly string $password;
// ❌ Badpublic readonly string $password;Use Conditional Visibility
Section titled “Use Conditional Visibility”// ✅ Good#[WhenAuth]public readonly ?string $email;Security Checklist
Section titled “Security Checklist”- All passwords are hidden
- All API tokens are hidden
- PII is encrypted or hidden
- Email/phone only visible when authenticated
- Admin data only visible to admins
See Also
Section titled “See Also”- Security & Visibility - Security guide
- Conditional Attributes - Conditional visibility