core icon indicating copy to clipboard operation
core copied to clipboard

Published 20 hours ago verified publisher icon api-platform

Allow throwing an access denied exception on denormalization of secured properties

Open dwgebler opened this issue 5 months ago • 1 comments

Throw AccessDeniedException when security conditions for an operation or property aren't met on denormalize

Q A
Branch? main
Tickets Closes #7198
License MIT
Doc PR api-platform/docs#2170

Supports adding throw_on_access_denied (bool) as a value in extra_properties on an Operation or ApiProperty so that during denormalization, if any security condition is not met an AccessDeniedException is thrown instead of silently reverting the property to its previous value.

dwgebler avatar Jun 16 '25 13:06 dwgebler

Not sure what the reason is for failure:

PHPUnit\Framework\Exception: Class "ApiPlatform\Symfony\Security\Exception\AccessDeniedException" does not exist

Relevant tests pass locally and this class does exist in branch and main? https://github.com/api-platform/core/blob/main/src/Symfony/Security/Exception/AccessDeniedException.php

dwgebler avatar Jun 16 '25 14:06 dwgebler

Amazing contribution! Do you think that we can use ApiPlatform\Metadata\Exception\AccessDeniedException ? Indeed I'm trying to get rid of the Symfony\Exception namespace as its not compatible with Laravel.

soyuka avatar Jun 19 '25 08:06 soyuka

Amazing contribution! Do you think that we can use ApiPlatform\Metadata\Exception\AccessDeniedException ? Indeed I'm trying to get rid of the Symfony\Exception namespace as its not compatible with Laravel.

Ah @soyuka I see - because it's a new feature, I based my branch off main but the new AccessDeniedException in the Metadata namespace is only in 4.1 branch. What should I do here? Rebase to 4.1 or will the changes there be merged into main soon?

dwgebler avatar Jun 19 '25 14:06 dwgebler

It should be available on the main branch already, indeed you can rebase against main if you don't have the changes locally.

soyuka avatar Jun 20 '25 08:06 soyuka

It should be available on the main branch already, indeed you can rebase against main if you don't have the changes locally.

@soyuka yeah it is now, it wasn't when I first did the branch but after syncing my fork and updating, looks all good. I've added some lint fixes and updated another serializer test where this code change means prophecy needed an extra expectation, you have a few other CI failures on this PR; they don't appear related to me, but have a look at it again and let me know if anything else needs changing.

dwgebler avatar Jun 20 '25 09:06 dwgebler

Tyvm @dwgebler I'll soon release an alpha version of API Platform 4.2!

soyuka avatar Jun 20 '25 13:06 soyuka