-
-
Notifications
You must be signed in to change notification settings - Fork 868
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v3] Operation "_api_/xxx{._format}_get_collection\" not found for resource #5438
Comments
Hello @maks-rafalko, |
Not really, we just downgraded back to 3.1.2 unless we have a proper fix (in 3.1.4 I guess). But if you really need 3.1.3 - you can probably override this method (it's public) by your own normalizer and remove the lines I highlighted in my first message. |
I think we will also downgrade to 3.1.2 :/ Thank you Maks |
I have the same issue after upgrading from 2.7.9 to 2.7.10. |
I'll check this asap, best is to provide a PR with a failing behat test case so that I can fix that in a jinx and release it by friday! Thanks everyone and sorry for breaking this! |
Fix incoming, releasing tomorrow please @CODEheures upgrade to 3.x it's a pain to maintain 2.7 but I'll add the patch there also :D. |
can you test this: |
It works, our tests are green with this patch! |
API Platform version(s) affected: 3.1.3, 2.7.10 (3.1.2 works well). The bug was introduced here: 268c274#diff-d87efa25fbf52904daa06047002652f08645e3ad4a7f4985ffeec5a7c8e39c4fR118-R121
Description
After upgrading from 3.1.2 to 3.1.3 due to Security Vulnerability (GHSA-vr2x-7687-h6qv which is fixed in 5723d68), operations, declared on base class of Class Table Inheritance no longer work
How to reproduce
In order to reproduce the issue, we need just 2 classes from the Doctrine's example of Class Table Inheritance.
Base class
Person
(it is an API resource):Person.php
and child class
Employee
which extendsPerson
. This is also an API resource (it's important).Employee.php
Since we have
GetCollection
on a base class, we can call/api/people
endpoint (people
is a plural ofperson
) to get all children ofPerson
class - in our case it's just anEmployee
.To reproduce the bug, there should be 1 record in DB to run normalization process.
What is the cause introduced in 3.1.3 comparing o 3.1.2?
The cause are these lines:
core/src/Serializer/AbstractItemNormalizer.php
Lines 118 to 120 in a93573d
If I remove them - everything works as expected, just like in 3.1.2.
Since
$context['operation']
is removed in the lines above, later in the flow thisif
statements returnsfalse
and the code tries to find operation inResourceMetadataCollection
, which fails.core/src/Serializer/AbstractItemNormalizer.php
Lines 558 to 561 in a93573d
Possible Solution
I have no experience to understand a good solution, but at least the cause is known. Should
ResourceMetadataCollection
know about base class operations?Additional Context
The text was updated successfully, but these errors were encountered: