Skip to content

Commit 9c12f73

Browse files
vinceAmstoutzvinceAmstoutz
committed
fix(openapi): not forbidden response on openAPI doc
1 parent f8dae8e commit 9c12f73

File tree

3 files changed

+52
-1
lines changed

3 files changed

+52
-1
lines changed

src/OpenApi/Factory/OpenApiFactory.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -408,6 +408,10 @@ private function collectPaths(ApiResource $resource, ResourceMetadataCollection
408408
}
409409
}
410410

411+
if (true === $overrideResponses && !isset($existingResponses[403]) && $operation->getSecurity()) {
412+
$openapiOperation = $openapiOperation->withResponse(403, new Response('Forbidden'));
413+
}
414+
411415
if (true === $overrideResponses && !$operation instanceof CollectionOperationInterface && 'POST' !== $operation->getMethod()) {
412416
if (!isset($existingResponses[404])) {
413417
$openapiOperation = $openapiOperation->withResponse(404, new Response('Resource not found'));

src/OpenApi/Tests/Factory/OpenApiFactoryTest.php

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@
5959
use ApiPlatform\OpenApi\Tests\Fixtures\Dummy;
6060
use ApiPlatform\OpenApi\Tests\Fixtures\DummyErrorResource;
6161
use ApiPlatform\OpenApi\Tests\Fixtures\DummyFilter;
62+
use ApiPlatform\OpenApi\Tests\Fixtures\Issue6872\Diamond;
6263
use ApiPlatform\OpenApi\Tests\Fixtures\OutputDto;
6364
use ApiPlatform\State\Pagination\PaginationOptions;
6465
use ApiPlatform\Tests\Fixtures\TestBundle\ApiResource\WithParameter;
@@ -85,6 +86,7 @@ public function testInvoke(): void
8586
$baseOperation = (new HttpOperation())->withTypes(['http://schema.example.com/Dummy'])->withInputFormats(self::OPERATION_FORMATS['input_formats'])->withOutputFormats(self::OPERATION_FORMATS['output_formats'])->withClass(Dummy::class)->withOutput([
8687
'class' => OutputDto::class,
8788
])->withPaginationClientItemsPerPage(true)->withShortName('Dummy')->withDescription('This is a dummy');
89+
8890
$dummyResourceWebhook = (new ApiResource())->withOperations(new Operations([
8991
'dummy webhook' => (new Get())->withUriTemplate('/dummy/{id}')->withShortName('short')->withOpenapi(new Webhook('first webhook')),
9092
'an other dummy webhook' => (new Post())->withUriTemplate('/dummies')->withShortName('short something')->withOpenapi(new Webhook('happy webhook', new Model\PathItem(post: new Operation(
@@ -272,13 +274,24 @@ public function testInvoke(): void
272274
]))->withOperation($baseOperation),
273275
]));
274276

277+
$diamondResource = (new ApiResource())
278+
->withOperations(new Operations([
279+
'getDiamondCollection' => (new GetCollection(uriTemplate: '/diamonds'))
280+
->withSecurity("is_granted('ROLE_USER')")
281+
->withOperation($baseOperation),
282+
'putDiamond' => (new Put(uriTemplate: '/diamond/{id}'))
283+
->withSecurity('')
284+
->withOperation($baseOperation),
285+
]));
286+
275287
$resourceNameCollectionFactoryProphecy = $this->prophesize(ResourceNameCollectionFactoryInterface::class);
276-
$resourceNameCollectionFactoryProphecy->create()->shouldBeCalled()->willReturn(new ResourceNameCollection([Dummy::class, WithParameter::class]));
288+
$resourceNameCollectionFactoryProphecy->create()->shouldBeCalled()->willReturn(new ResourceNameCollection([Dummy::class, WithParameter::class, Diamond::class]));
277289

278290
$resourceCollectionMetadataFactoryProphecy = $this->prophesize(ResourceMetadataCollectionFactoryInterface::class);
279291
$resourceCollectionMetadataFactoryProphecy->create(Dummy::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(Dummy::class, [$dummyResource, $dummyResourceWebhook]));
280292
$resourceCollectionMetadataFactoryProphecy->create(DummyErrorResource::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(DummyErrorResource::class, [new ApiResource(operations: [new ErrorOperation(name: 'err', description: 'nice one!')])]));
281293
$resourceCollectionMetadataFactoryProphecy->create(WithParameter::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(WithParameter::class, [$parameterResource]));
294+
$resourceCollectionMetadataFactoryProphecy->create(Diamond::class)->shouldBeCalled()->willReturn(new ResourceMetadataCollection(Diamond::class, [$diamondResource]));
282295

283296
$propertyNameCollectionFactoryProphecy = $this->prophesize(PropertyNameCollectionFactoryInterface::class);
284297
$propertyNameCollectionFactoryProphecy->create(Dummy::class, Argument::any())->shouldBeCalled()->willReturn(new PropertyNameCollection(['id', 'name', 'description', 'dummyDate', 'enum']));
@@ -1171,5 +1184,20 @@ public function testInvoke(): void
11711184
],
11721185
deprecated: false
11731186
), $paths->getPath('/erroredDummies')->getGet());
1187+
1188+
$diamondsGetPath = $paths->getPath('/diamonds');
1189+
$diamondGetOperation = $diamondsGetPath->getGet();
1190+
$diamondGetResponses = $diamondGetOperation->getResponses();
1191+
1192+
$this->assertNotNull($diamondGetOperation);
1193+
$this->assertArrayHasKey('403', $diamondGetResponses);
1194+
$this->assertSame('Forbidden', $diamondGetResponses['403']->getDescription());
1195+
1196+
$diamondsPutPath = $paths->getPath('/diamond/{id}');
1197+
$diamondPutOperation = $diamondsPutPath->getPut();
1198+
$diamondPutResponses = $diamondPutOperation->getResponses();
1199+
1200+
$this->assertNotNull($diamondPutOperation);
1201+
$this->assertArrayNotHasKey('403', $diamondPutResponses);
11741202
}
11751203
}

src/OpenApi/Tests/Fixtures/Issue6872/Diamond.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
<?php
2+
3+
/*
4+
* This file is part of the API Platform project.
5+
*
6+
* (c) Kévin Dunglas <[email protected]>
7+
*
8+
* For the full copyright and license information, please view the LICENSE
9+
* file that was distributed with this source code.
10+
*/
11+
12+
declare(strict_types=1);
13+
14+
namespace ApiPlatform\OpenApi\Tests\Fixtures\Issue6872;
15+
16+
class Diamond
17+
{
18+
public float $weight;
19+
}

0 commit comments

Comments
 (0)