Skip to content

Commit b82f9ac

Browse files
vinceAmstoutzvinceAmstoutz
authored
fix(openapi): not forbidden response on openAPI doc (api-platform#6886)
1 parent f8dae8e commit b82f9ac

File tree

3 files changed

+51
-1
lines changed

3 files changed

+51
-1
lines changed

src/OpenApi/Factory/OpenApiFactory.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -408,6 +408,10 @@ private function collectPaths(ApiResource $resource, ResourceMetadataCollection
408408
}
409409
}
410410

411+
if (true === $overrideResponses && !isset($existingResponses[403]) && $operation->getSecurity()) {
412+
$openapiOperation = $openapiOperation->withResponse(403, new Response('Forbidden'));
413+
}
414+
411415
if (true === $overrideResponses && !$operation instanceof CollectionOperationInterface && 'POST' !== $operation->getMethod()) {
412416
if (!isset($existingResponses[404])) {
413417
$openapiOperation = $openapiOperation->withResponse(404, new Response('Resource not found'));

src/OpenApi/Tests/Factory/OpenApiFactoryTest.php

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@
5959
use ApiPlatform\OpenApi\Tests\Fixtures\Dummy;
6060
use ApiPlatform\OpenApi\Tests\Fixtures\DummyErrorResource;
6161
use ApiPlatform\OpenApi\Tests\Fixtures\DummyFilter;
62+
use ApiPlatform\OpenApi\Tests\Fixtures\Issue6872\Diamond;
6263
use ApiPlatform\OpenApi\Tests\Fixtures\OutputDto;
6364
use ApiPlatform\State\Pagination\PaginationOptions;
6465
use ApiPlatform\Tests\Fixtures\TestBundle\ApiResource\WithParameter;
@@ -85,6 +86,7 @@ public function testInvoke(): void
8586
$baseOperation = (new HttpOperation())->withTypes(['http://schema.example.com/Dummy'])->withInputFormats(self::OPERATION_FORMATS['input_formats'])->withOutputFormats(self::OPERATION_FORMATS['output_formats'])->withClass(Dummy::class)->withOutput([
8687
'class' => OutputDto::class,
8788
])->withPaginationClientItemsPerPage(true)->withShortName('Dummy')->withDescription('This is a dummy');
89+
8890
$dummyResourceWebhook = (new ApiResource())->withOperations(new Operations([
8991
'dummy webhook' => (new Get())->withUriTemplate('/dummy/{id}')->withShortName('short')->withOpenapi(new Webhook('first webhook')),
9092
'an other dummy webhook' => (new Post())->withUriTemplate('/dummies')->withShortName('short something')->withOpenapi(new Webhook('happy webhook', new Model\PathItem(post: new Operation(
@@ -272,13 +274,23 @@ public function testInvoke(): void
272274
]))->withOperation($baseOperation),
273275
]));
274276

277+
$diamondResource = (new ApiResource())
278+
->withOperations(new Operations([
279+
'getDiamondCollection' => (new GetCollection(uriTemplate: '/diamonds'))
280+
->withSecurity("is_granted('ROLE_USER')")
281+
->withOperation($baseOperation),
282+
'putDiamond' => (new Put(uriTemplate: '/diamond/{id}'))
283+
->withOperation($baseOperation),
284+
]));
285+
275286
$resourceNameCollectionFactoryProphecy = $this->prophesize(ResourceNameCollectionFactoryInterface::class);
276-
$resourceNameCollectionFactoryProphecy->create()->shouldBeCalled()->willReturn(new ResourceNameCollection([Dummy::class, WithParameter::class]));
287+
$resourceNameCollectionFactoryProphecy->create()->shouldBeCalled()->willReturn(new ResourceNameCollection([Dummy::class, WithParameter::class, Diamond::class]));
277288

278289
$resourceCollectionMetadataFactoryProphecy = $this->prophesize(ResourceMetadataCollectionFactoryInterface::class);
279290
$resourceCollectionMetadataFactoryProphecy->create(Dummy::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(Dummy::class, [$dummyResource, $dummyResourceWebhook]));
280291
$resourceCollectionMetadataFactoryProphecy->create(DummyErrorResource::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(DummyErrorResource::class, [new ApiResource(operations: [new ErrorOperation(name: 'err', description: 'nice one!')])]));
281292
$resourceCollectionMetadataFactoryProphecy->create(WithParameter::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(WithParameter::class, [$parameterResource]));
293+
$resourceCollectionMetadataFactoryProphecy->create(Diamond::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(Diamond::class, [$diamondResource]));
282294

283295
$propertyNameCollectionFactoryProphecy = $this->prophesize(PropertyNameCollectionFactoryInterface::class);
284296
$propertyNameCollectionFactoryProphecy->create(Dummy::class, Argument::any())->shouldBeCalled()->willReturn(new PropertyNameCollection(['id', 'name', 'description', 'dummyDate', 'enum']));
@@ -1171,5 +1183,20 @@ public function testInvoke(): void
11711183
],
11721184
deprecated: false
11731185
), $paths->getPath('/erroredDummies')->getGet());
1186+
1187+
$diamondsGetPath = $paths->getPath('/diamonds');
1188+
$diamondGetOperation = $diamondsGetPath->getGet();
1189+
$diamondGetResponses = $diamondGetOperation->getResponses();
1190+
1191+
$this->assertNotNull($diamondGetOperation);
1192+
$this->assertArrayHasKey('403', $diamondGetResponses);
1193+
$this->assertSame('Forbidden', $diamondGetResponses['403']->getDescription());
1194+
1195+
$diamondsPutPath = $paths->getPath('/diamond/{id}');
1196+
$diamondPutOperation = $diamondsPutPath->getPut();
1197+
$diamondPutResponses = $diamondPutOperation->getResponses();
1198+
1199+
$this->assertNotNull($diamondPutOperation);
1200+
$this->assertArrayNotHasKey('403', $diamondPutResponses);
11741201
}
11751202
}

src/OpenApi/Tests/Fixtures/Issue6872/Diamond.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the API Platform project.
5+
*
6+
* (c) Kévin Dunglas <[email protected]>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
declare(strict_types=1);
13+
14+
namespace ApiPlatform\OpenApi\Tests\Fixtures\Issue6872;
15+
16+
class Diamond
17+
{
18+
public float $weight;
19+
}

0 commit comments

Comments
 (0)