TeddyRoncin
commented
2 years ago The same error occurs on route DELETE /users/{id}. It seems like all routes which need to fetch a single User (maybe other Entities ?) have this problem
Open TeddyRoncin opened 2 years ago
TeddyRoncin
commented
2 years ago The same error occurs on route DELETE /users/{id}. It seems like all routes which need to fetch a single User (maybe other Entities ?) have this problem
TeddyRoncin
commented
1 year ago I think the problem might be that the ApiPlatform\Symfony\EventListener\ReadListener listener is called before the security checks. The ReadListener is called when the kernel.request event is called, with a priority of 4. It may be possible to modify the order of events by fetching the main instance of Symfony\Component\EventDispatcher\EventDispatcher to add and remove listeners.
Description
When you make a request on route
GET users/{id}, API returns an error 404 (Resource not found), even if user was found. It should return an error 401 (Unauthorized), both in the case the user does not exist and in the case it does existThere is a problem that occurs in the same situation when doing tests :
However, the problem is not the same, this is an error, and the problem I described earlier was a bug
Investigation of the issue
I tried changing function
This fix does not change anything in a normal call. It seems like by changing this function, the
supportsof classApp\DataProvider\UserDataVisibilityItemDataProviderto make it also check for login :$checkLogin = $this->security->getUser() != null;. This fixes the issue in tests :getItemmethod of the same class is not called anymore (which is the behaviour we would expect). But APIPlateform still returns a 404 code instead of a 401 code