Merge 4.0

Author: soyuka

CHANGELOG.md

@@ -39,6 +39,14 @@ On write operations, we added the [expectsHeader](https://www.hydra-cg.com/spec/
 * [d0a442786](https://github.com/api-platform/core/commit/d0a44278630d201b91cbba0774a09f4eeaac88f7) feat(doctrine): enhance getLinksHandler with method validation and typo suggestions (#6874)
 * [f67f6f1ac](https://github.com/api-platform/core/commit/f67f6f1acb6476182c18a3503f2a8bc80ae89a0b)  feat(doctrine): doctrine filters like laravel eloquent filters  (#6775)
 
+## v4.0.16
+
+### Bug fixes
+
+* [dc4fc84ba](https://github.com/api-platform/core/commit/dc4fc84ba93e22b4f44a37e90a93c6d079c1c620) fix(graphql): securityAfterResolver not called
+
+### Features
+
 ## v4.0.15
 
 ### Bug fixes
@@ -291,6 +299,13 @@ Notes:
 
 * [0d5f35683](https://github.com/api-platform/core/commit/0d5f356839eb6aa9f536044abe4affa736553e76) feat(laravel): laravel component (#5882)
 
+## v3.4.16
+
+### Bug fixes
+
+* [dc4fc84ba](https://github.com/api-platform/core/commit/dc4fc84ba93e22b4f44a37e90a93c6d079c1c620) fix(graphql): securityAfterResolver not called
+* [9eb5c4e94](https://github.com/api-platform/core/commit/9eb5c4e941d0ebf59bc8ef5777b144db9b4a0899) fix(symfony): suggest `DocumentationAction` as replacement for deprecated `SwaggerUiAction` (#6894)
+
 ## v3.4.15
 
 ### Bug fixes
@@ -556,6 +571,13 @@ You should now install `api-platform/symfony` instead of `api-platform/core`.
 * [74986cb55](https://github.com/api-platform/core/commit/74986cb552182dc645bd1fc967faa0954dd59e0a) feat: inflector as service (#6447)
 * [b47edb2a4](https://github.com/api-platform/core/commit/b47edb2a499c34e79c167f963e3a626a3e9d040a) feat(serializer): context IRI in HAL or JsonApi format (#6215)
 
+## v3.3.15
+
+### Bug fixes
+
+* [dc4fc84ba](https://github.com/api-platform/core/commit/dc4fc84ba93e22b4f44a37e90a93c6d079c1c620) fix(graphql): securityAfterResolver not called 
+* [9eb5c4e94](https://github.com/api-platform/core/commit/9eb5c4e941d0ebf59bc8ef5777b144db9b4a0899) fix(symfony): suggest `DocumentationAction` as replacement for deprecated `SwaggerUiAction` (#6894)
+
 ## v3.3.14
 
 ### Bug fixes

docs/src/Kernel.php

@@ -164,9 +164,15 @@ public function executeMigrations(string $direction = Direction::UP): void
             $em = $this->getContainer()->get('doctrine.orm.entity_manager');
             $loader = new ExistingEntityManager($em);
             $dependencyFactory = DependencyFactory::fromEntityManager($confLoader, $loader);
+            $metadataStorage = $dependencyFactory->getMetadataStorage();
 
-            $dependencyFactory->getMetadataStorage()->ensureInitialized();
-            $executed = $dependencyFactory->getMetadataStorage()->getExecutedMigrations();
+            try {
+                $metadataStorage->ensureInitialized();
+            } catch (\Exception) {
+                // table exists
+            }
+
+            $executed = $metadataStorage->getExecutedMigrations();
 
             if ($executed->hasMigration(new Version($migrationClass)) && Direction::DOWN !== $direction) {
                 continue;

features/graphql/query.feature

@@ -677,3 +677,20 @@ Feature: GraphQL query support
     Then the response status code should be 200
     And the header "Content-Type" should be equal to "application/json"
     And the JSON node "data.getSecurityAfterResolver.name" should be equal to "test"
+
+
+  Scenario: Call security after resolver with 403 error (ensure /2 does not match securityAfterResolver)
+    When I send the following GraphQL request:
+    """"
+    {
+      getSecurityAfterResolver(id: "/security_after_resolvers/2") {
+        name
+      }
+    }
+    """
+    Then the response status code should be 200
+    And the response should be in JSON
+    And the header "Content-Type" should be equal to "application/json"
+    And the JSON node "errors[0].extensions.status" should be equal to 403
+    And the JSON node "errors[0].message" should be equal to "Access Denied."
+    And the JSON node "data.getSecurityAfterResolver.name" should not exist

src/Symfony/Bundle/SwaggerUi/SwaggerUiAction.php

@@ -26,7 +26,7 @@
 /**
  * Displays the swaggerui interface.
  *
- * @deprecated use ApiPlatform\Symfony\Bundle\SwaggerUi\Processor instead
+ * @deprecated use ApiPlatform\Symfony\Action\DocumentationAction instead
  *
  * @author Antoine Bluchet <[email protected]>
  */

src/Symfony/Security/State/AccessCheckerProvider.php

@@ -53,7 +53,7 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
 
                 $isGranted = $operation->getSecurityAfterResolver();
                 $message = $operation->getSecurityMessageAfterResolver();
-                // no break
+                break;
             default:
                 $isGranted = $operation->getSecurity();
                 $message = $operation->getSecurityMessage();

tests/Fixtures/TestBundle/ApiResource/Issue6427/SecurityAfterResolverResolver.php

@@ -23,6 +23,13 @@ final class SecurityAfterResolverResolver implements QueryItemResolverInterface
      */
     public function __invoke($item, array $context): SecurityAfterResolver
     {
+        $idUrl = $context['args']['id'];
+
+        if (str_contains($idUrl, '2')) {
+            // Unknown to simulate a 403 error
+            return new SecurityAfterResolver('2', 'nonexistent');
+        }
+
         return new SecurityAfterResolver('1', 'test');
     }
 }