You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just tried to upgrade my project from 3.2.25 to 3.3.7.
In my project, I have the securityPostValidation attribute on several entities.
My tests failed, and I noticed that all security logic inside securityPostValidation was ignored and never applied.
I then tried all patch versions of api-platform/core and the bug was reproduced since 3.3.2 (and didn't occur in 3.3.0).
I noticed that adding use_symfony_listeners: false fixed the problem and that securityPostValidation was again called.
How to reproduce
Create an entity, and add this config.
#[Post(
denormalizationContext: ['groups' => ['link_type:collection:write']],
securityPostValidation: 'is_granted(false, object)',
)]
class LinkType
{
#[ORM\Column(length: 255)]
#[Gedmo\Versioned]
#[Groups([
'link_type:collection:read', 'link_type:item:read',
'link_type:collection:write', 'link_type:item:write',
])]
private string $name;
public function getName(): string
{
return $this->name;
}
public function setName(string $name): static
{
$this->name = $name;
return $this;
}
}
In config/packages/api_platform.yaml
use_symfony_listeners: false
Toggle use_symfony_listeners value and check your POST calls.
It succeeds when having value set to true while it should fail with the is_granted(false)
Possible Solution
I don't have the solution !
I'd like to keep using use_symfony_listeners: true for some time, until I replace everything that needs it.
Additional Context
Same problem when using ApiResource.operations to define my POST endpoint
The text was updated successfully, but these errors were encountered:
API Platform version(s) affected: 3.3.7
Description
Hey,
I just tried to upgrade my project from
3.2.25
to3.3.7
.In my project, I have the
securityPostValidation
attribute on several entities.My tests failed, and I noticed that all security logic inside
securityPostValidation
was ignored and never applied.I then tried all patch versions of
api-platform/core
and the bug was reproduced since3.3.2
(and didn't occur in3.3.0
).I noticed that adding
use_symfony_listeners: false
fixed the problem and thatsecurityPostValidation
was again called.How to reproduce
Create an entity, and add this config.
In
config/packages/api_platform.yaml
use_symfony_listeners: false
Toggle
use_symfony_listeners
value and check yourPOST
calls.It succeeds when having value set to
true
while it should fail with theis_granted(false)
Possible Solution
I don't have the solution !
I'd like to keep using
use_symfony_listeners: true
for some time, until I replace everything that needs it.Additional Context
Same problem when using
ApiResource.operations
to define myPOST
endpointThe text was updated successfully, but these errors were encountered: