fix(graphql): no validate on delete mutation (#6388)

* fix(graphql): validate before resolver, no validate on delete

fixes #6370

* use interface instead

* Revert "fix(graphql): resolver before validation"

This reverts commit b10c7c8.

* add note to changelog

Author: soyuka

CHANGELOG.md

@@ -38,6 +38,8 @@ if (null === $operation->canDeserialize()) {
 
 Previously listeners did the checks before reading our flags and you could not force the values. 
 
+When using GraphQl, with `event_listeners_backward_compatibility_layer: true`, mutation resolver gets called before validation, when using `false` (the future default) validation occurs on the user's input.
+
 ## v3.3.1 (pre-release)
 
 ### Bug fixes
@@ -466,6 +468,13 @@ Listeners will not get removed in API Platform 4 but will rather use our new Pro
 #[Post(read: true)] // to force reading even though it's a POST
 ```
 
+- `ApiPlatform\Api` got moved to `ApiPlatform\Metadata`
+
+- Adds `assertMercureUpdateMatchesJsonSchema(Update $update, array $topics, array|object|string $jsonSchema = '', bool $private = false, string $id = null, string $type = null, int $retry = null, string $message = '')`
+- The handle links feature is experimental
+
+When using GraphQl, with `event_listeners_backward_compatibility_layer: true`, mutation resolver gets called before validation, when using `false` (the future default) validation occurs on the user's input.
+
 ## v3.2.0-beta.2
 
 ### Bug fixes

features/graphql/mutation.feature

@@ -1036,18 +1036,19 @@ Feature: GraphQL mutation support
     And the JSON node "data.uploadMultipleMediaObject.mediaObject.contentUrl" should be equal to "test.gif"
 
   @!mongodb
-  Scenario: Mutation should run before validation
+  Scenario: Delete an invalid item through a mutation
     When I send the following GraphQL request:
     """
     mutation {
-      createActivityLog(input: {name: ""}) {
+      deleteActivityLog(input: {id: "/activity_logs/1"}) {
         activityLog {
-          name
+          id
         }
       }
     }
     """
     Then the response status code should be 200
     And the response should be in JSON
     And the header "Content-Type" should be equal to "application/json"
-    And the JSON node "data.createActivityLog.activityLog.name" should be equal to "hi"
+    And the JSON node "errors" should not exist
+    And the JSON node "data.deleteActivityLog.activityLog" should exist

src/GraphQl/Resolver/Factory/ResolverFactory.php

@@ -14,6 +14,7 @@
 namespace ApiPlatform\GraphQl\Resolver\Factory;
 
 use ApiPlatform\GraphQl\State\Provider\NoopProvider;
+use ApiPlatform\Metadata\DeleteOperationInterface;
 use ApiPlatform\Metadata\GraphQl\Mutation;
 use ApiPlatform\Metadata\GraphQl\Operation;
 use ApiPlatform\Metadata\GraphQl\Query;
@@ -75,7 +76,7 @@ private function resolve(?array $source, array $args, ResolveInfo $info, ?string
         $context = ['source' => $source, 'args' => $args, 'info' => $info, 'root_class' => $rootClass, 'graphql_context' => &$graphQlContext];
 
         if (null === $operation->canValidate()) {
-            $operation = $operation->withValidate($operation instanceof Mutation);
+            $operation = $operation->withValidate($operation instanceof Mutation && !$operation instanceof DeleteOperationInterface);
         }
 
         $body ??= $this->provider->provide($operation, [], $context);

src/Symfony/Bundle/Resources/config/graphql.xml

@@ -158,8 +158,8 @@
             <argument type="tagged_locator" tag="api_platform.parameter_provider" index-by="key" />
         </service>
 
-        <!-- Validation occurs at 200, we want validation to be after we reach custom resolvers -->
-        <service id="api_platform.graphql.state_provider.resolver" class="ApiPlatform\GraphQl\State\Provider\ResolverProvider" decorates="api_platform.graphql.state_provider" decoration-priority="220">
+        <!-- Validation occurs at 200, we want validation to be over when we reach custom resolvers -->
+        <service id="api_platform.graphql.state_provider.resolver" class="ApiPlatform\GraphQl\State\Provider\ResolverProvider" decorates="api_platform.graphql.state_provider" decoration-priority="190">
             <argument type="service" id="api_platform.graphql.state_provider.resolver.inner" />
             <argument type="service" id="api_platform.graphql.resolver_locator" />
         </service>

tests/Fixtures/TestBundle/ApiResource/Issue6354/ActivityLog.php

@@ -14,20 +14,31 @@
 namespace ApiPlatform\Tests\Fixtures\TestBundle\ApiResource\Issue6354;
 
 use ApiPlatform\Metadata\ApiResource;
-use ApiPlatform\Metadata\GraphQl\Mutation;
+use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\GraphQl\DeleteMutation;
+use ApiPlatform\Metadata\Operation;
 use Symfony\Component\Validator\Constraints\NotBlank;
 
 #[ApiResource(
+    operations: [
+        new Get(
+            provider: [self::class, 'provide']
+        ),
+    ],
     graphQlOperations: [
-        new Mutation(
-            resolver: 'app.graphql.mutation_resolver.activity_log',
-            name: 'create'
+        new DeleteMutation(
+            name: 'delete'
         ),
     ]
 )]
 class ActivityLog
 {
-    public function __construct(#[NotBlank()] public ?string $name = null)
+    public function __construct(public ?int $id = null, #[NotBlank()] public ?string $name = null)
+    {
+    }
+
+    public static function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
     {
+        return new self(1);
     }
 }

tests/Fixtures/TestBundle/ApiResource/Issue6354/CreateActivityLogResolver.php

@@ -455,8 +455,3 @@ services:
         tags:
             - name: 'api_platform.parameter_provider'
               key: 'ApiPlatform\Tests\Fixtures\TestBundle\Parameter\CustomGroupParameterProvider'
-
-    app.graphql.mutation_resolver.activity_log:
-        class: 'ApiPlatform\Tests\Fixtures\TestBundle\ApiResource\Issue6354\CreateActivityLogResolver'
-        tags:
-            - name: 'api_platform.graphql.resolver'