Merge branch '2.4'

Author: dunglas

README.md

@@ -11,7 +11,7 @@ high performance API-first projects. Extend or override everything you want.
 
 [![Build Status](https://travis-ci.org/api-platform/core.svg?branch=master)](https://travis-ci.org/api-platform/core)
 [![Build status](https://ci.appveyor.com/api/projects/status/grwuyprts3wdqx5l?svg=true)](https://ci.appveyor.com/project/dunglas/dunglasapibundle)
-[![Coverage Status](https://coveralls.io/repos/github/api-platform/core/badge.svg)](https://coveralls.io/github/api-platform/core)
+[![codecov](https://codecov.io/gh/api-platform/core/branch/master/graph/badge.svg)](https://codecov.io/gh/api-platform/core)
 [![SymfonyInsight](https://insight.symfony.com/projects/92d78899-946c-4282-89a3-ac92344f9a93/mini.svg)](https://insight.symfony.com/projects/92d78899-946c-4282-89a3-ac92344f9a93)
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/api-platform/core/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/api-platform/core/?branch=master)
 

features/security/validate_incoming_content-types.feature

@@ -11,6 +11,6 @@ Feature: Validate incoming content type
     """
     something
     """
-    Then the response status code should be 406
+    Then the response status code should be 415
     And the header "Content-Type" should be equal to "application/ld+json; charset=utf-8"
     And the JSON node "hydra:description" should be equal to 'The content-type "text/plain" is not supported. Supported MIME types are "application/ld+json", "application/hal+json", "application/vnd.api+json", "application/xml", "text/xml", "application/json", "text/html".'

src/Bridge/Symfony/Bundle/Resources/public/init-swagger-ui.js

@@ -1,6 +1,6 @@
 'use strict';
 
-window.onload = () => {
+window.onload = function() {
     manageWebbyDisplay();
 
     new MutationObserver(function (mutations, self) {

src/EventListener/DeserializeListener.php

@@ -22,7 +22,7 @@
 use ApiPlatform\Core\Util\RequestAttributesExtractor;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException;
+use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 
@@ -65,6 +65,8 @@ public function __construct(SerializerInterface $serializer, SerializerContextBu
 
     /**
      * Deserializes the data sent in the requested format.
+     *
+     * @throws UnsupportedMediaTypeHttpException
      */
     public function onKernelRequest(GetResponseEvent $event): void
     {
@@ -104,7 +106,7 @@ public function onKernelRequest(GetResponseEvent $event): void
     /**
      * Extracts the format from the Content-Type header and check that it is supported.
      *
-     * @throws NotAcceptableHttpException
+     * @throws UnsupportedMediaTypeHttpException
      */
     private function getFormat(Request $request): string
     {
@@ -113,7 +115,7 @@ private function getFormat(Request $request): string
          */
         $contentType = $request->headers->get('CONTENT_TYPE');
         if (null === $contentType) {
-            throw new NotAcceptableHttpException('The "Content-Type" header must exist.');
+            throw new UnsupportedMediaTypeHttpException('The "Content-Type" header must exist.');
         }
 
         $format = $this->formatMatcher->getFormat($contentType);
@@ -125,7 +127,7 @@ private function getFormat(Request $request): string
                 }
             }
 
-            throw new NotAcceptableHttpException(sprintf(
+            throw new UnsupportedMediaTypeHttpException(sprintf(
                 'The content-type "%s" is not supported. Supported MIME types are "%s".',
                 $contentType,
                 implode('", "', $supportedMimeTypes)

src/Identifier/CompositeIdentifierParser.php

@@ -33,7 +33,7 @@ public static function parse(string $identifier): array
     {
         $matches = [];
         $identifiers = [];
-        $num = preg_match_all('/(\w+)=(?<=\w=)(.+?)(?=;\w+=)|(\w+)=([^;]+);?$/', $identifier, $matches, PREG_SET_ORDER);
+        $num = preg_match_all('/(\w+)=(?<=\w=)(.*?)(?=;\w+=)|(\w+)=([^;]*);?$/', $identifier, $matches, PREG_SET_ORDER);
 
         foreach ($matches as $i => $match) {
             if ($i === $num - 1) {

tests/Annotation/ApiResourceTest.php

@@ -27,7 +27,7 @@ class ApiResourceTest extends TestCase
     public function testConstruct()
     {
         $resource = new ApiResource([
-            'accessControl' => 'has_role("ROLE_FOO")',
+            'accessControl' => 'is_granted("ROLE_FOO")',
             'accessControlMessage' => 'You are not foo.',
             'attributes' => ['foo' => 'bar', 'validation_groups' => ['baz', 'qux'], 'cache_headers' => ['max_age' => 0, 'shared_max_age' => 0, 'vary' => ['Custom-Vary-1', 'Custom-Vary-2']]],
             'collectionOperations' => ['bar' => ['foo']],
@@ -71,7 +71,7 @@ public function testConstruct()
         $this->assertSame([], $resource->subresourceOperations);
         $this->assertSame(['query' => ['normalization_context' => ['groups' => ['foo', 'bar']]]], $resource->graphql);
         $this->assertEquals([
-            'access_control' => 'has_role("ROLE_FOO")',
+            'access_control' => 'is_granted("ROLE_FOO")',
             'access_control_message' => 'You are not foo.',
             'denormalization_context' => ['groups' => ['foo']],
             'fetch_partial' => true,
@@ -118,7 +118,7 @@ public function testApiResourceAnnotation()
         $this->assertEquals([
             'foo' => 'bar',
             'route_prefix' => '/whatever',
-            'access_control' => "has_role('ROLE_FOO')",
+            'access_control' => "is_granted('ROLE_FOO')",
             'access_control_message' => 'You are not foo.',
             'cache_headers' => ['max_age' => 0, 'shared_max_age' => 0, 'vary' => ['Custom-Vary-1', 'Custom-Vary-2']],
         ], $resource->attributes);

tests/EventListener/DeserializeListenerTest.php

@@ -23,7 +23,7 @@
 use Prophecy\Argument;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException;
+use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 
@@ -227,7 +227,7 @@ public function testContentNegotiation()
 
     public function testNotSupportedContentType()
     {
-        $this->expectException(NotAcceptableHttpException::class);
+        $this->expectException(UnsupportedMediaTypeHttpException::class);
         $this->expectExceptionMessage('The content-type "application/rdf+xml" is not supported. Supported MIME types are "application/ld+json", "text/xml".');
 
         $eventProphecy = $this->prophesize(GetResponseEvent::class);
@@ -257,7 +257,7 @@ public function testNotSupportedContentType()
 
     public function testNoContentType()
     {
-        $this->expectException(NotAcceptableHttpException::class);
+        $this->expectException(UnsupportedMediaTypeHttpException::class);
         $this->expectExceptionMessage('The "Content-Type" header must exist.');
 
         $eventProphecy = $this->prophesize(GetResponseEvent::class);

tests/Fixtures/AnnotatedClass.php

@@ -25,7 +25,7 @@
  *     graphql={"query"={"normalization_context"={"groups"={"foo", "bar"}}}},
  *     attributes={"foo"="bar", "route_prefix"="/whatever", "cache_headers"={"max_age"=0, "shared_max_age"=0, "vary"={"Custom-Vary-1", "Custom-Vary-2"}}},
  *     routePrefix="/foo",
- *     accessControl="has_role('ROLE_FOO')",
+ *     accessControl="is_granted('ROLE_FOO')",
  *     accessControlMessage="You are not foo."
  * )
  *

tests/Fixtures/TestBundle/Document/SecuredDummy.php

@@ -24,20 +24,20 @@
  * @author Alan Poulain <[email protected]>
  *
  * @ApiResource(
- *     attributes={"access_control"="has_role('ROLE_USER')"},
+ *     attributes={"access_control"="is_granted('ROLE_USER')"},
  *     collectionOperations={
  *         "get",
- *         "post"={"access_control"="has_role('ROLE_ADMIN')"}
+ *         "post"={"access_control"="is_granted('ROLE_ADMIN')"}
  *     },
  *     itemOperations={
- *         "get"={"access_control"="has_role('ROLE_USER') and object.getOwner() == user"},
- *         "put"={"access_control"="has_role('ROLE_USER') and previous_object.getOwner() == user"},
+ *         "get"={"access_control"="is_granted('ROLE_USER') and object.getOwner() == user"},
+ *         "put"={"access_control"="is_granted('ROLE_USER') and previous_object.getOwner() == user"},
  *     },
  *     graphql={
- *         "query"={"access_control"="has_role('ROLE_USER') and object.getOwner() == user"},
+ *         "query"={"access_control"="is_granted('ROLE_USER') and object.getOwner() == user"},
  *         "delete"={},
- *         "update"={"access_control"="has_role('ROLE_USER') and previous_object.getOwner() ==  user"},
- *         "create"={"access_control"="has_role('ROLE_ADMIN')", "access_control_message"="Only admins can create a secured dummy."}
+ *         "update"={"access_control"="is_granted('ROLE_USER') and previous_object.getOwner() ==  user"},
+ *         "create"={"access_control"="is_granted('ROLE_ADMIN')", "access_control_message"="Only admins can create a secured dummy."}
  *     }
  * )
  * @ODM\Document

tests/Fixtures/TestBundle/Entity/SecuredDummy.php

@@ -23,20 +23,20 @@
  * @author Kévin Dunglas <[email protected]>
  *
  * @ApiResource(
- *     attributes={"access_control"="has_role('ROLE_USER')"},
+ *     attributes={"access_control"="is_granted('ROLE_USER')"},
  *     collectionOperations={
  *         "get",
- *         "post"={"access_control"="has_role('ROLE_ADMIN')"}
+ *         "post"={"access_control"="is_granted('ROLE_ADMIN')"}
  *     },
  *     itemOperations={
- *         "get"={"access_control"="has_role('ROLE_USER') and object.getOwner() == user"},
- *         "put"={"access_control"="has_role('ROLE_USER') and previous_object.getOwner() ==  user"},
+ *         "get"={"access_control"="is_granted('ROLE_USER') and object.getOwner() == user"},
+ *         "put"={"access_control"="is_granted('ROLE_USER') and previous_object.getOwner() ==  user"},
  *     },
  *     graphql={
- *         "query"={"access_control"="has_role('ROLE_USER') and object.getOwner() == user"},
+ *         "query"={"access_control"="is_granted('ROLE_USER') and object.getOwner() == user"},
  *         "delete"={},
- *         "update"={"access_control"="has_role('ROLE_USER') and previous_object.getOwner() ==  user"},
- *         "create"={"access_control"="has_role('ROLE_ADMIN')", "access_control_message"="Only admins can create a secured dummy."}
+ *         "update"={"access_control"="is_granted('ROLE_USER') and previous_object.getOwner() ==  user"},
+ *         "create"={"access_control"="is_granted('ROLE_ADMIN')", "access_control_message"="Only admins can create a secured dummy."}
  *     }
  * )
  * @ORM\Entity