Merge branch '3.x'

2025-02-09 02:59:27 +03:00 · 2020-12-17 00:06:17 +01:00 · 2020-12-17 00:06:17 +01:00 · ba3fe1cdfa
commit ba3fe1cdfa
parent a9e8db4af0 3895e17fe4
6 changed files with 58 additions and 2 deletions
--- a/ModelDescriber/ObjectModelDescriber.php
+++ b/ModelDescriber/ObjectModelDescriber.php
@ -72,10 +72,15 @@ class ObjectModelDescriber implements ModelDescriberInterface, ModelRegistryAwar
        $annotationsReader->updateDefinition($reflClass, $schema);

        $propertyInfoProperties = $this->propertyInfo->getProperties($class, $context);
+
        if (null === $propertyInfoProperties) {
            return;
        }

+        // Fix for https://github.com/nelmio/NelmioApiDocBundle/issues/1756
+        // The SerializerExtractor does expose private/protected properties for some reason, so we eliminate them here
+        $propertyInfoProperties = array_intersect($propertyInfoProperties, $this->propertyInfo->getProperties($class, []) ?? []);
+
        foreach ($propertyInfoProperties as $propertyName) {
            $serializedName = null !== $this->nameConverter ? $this->nameConverter->normalize($propertyName, $class, null, null !== $model->getGroups() ? ['groups' => $model->getGroups()] : []) : $propertyName;

@ -86,7 +91,7 @@ class ObjectModelDescriber implements ModelDescriberInterface, ModelRegistryAwar
                $serializedName = $annotationsReader->getPropertyName($reflection, $serializedName);
            }

-            $property = Util::getProperty($schema, $annotationsReader->getPropertyName($reflection, $serializedName));
+            $property = Util::getProperty($schema, $serializedName);

            // Interpret additional options
            $groups = $model->getGroups();
--- a/Tests/Functional/Entity/PrivateProtectedExposure.php
+++ b/Tests/Functional/Entity/PrivateProtectedExposure.php
@ -0,0 +1,30 @@
+<?php
+
+/*
+ * This file is part of the NelmioApiDocBundle package.
+ *
+ * (c) Nelmio
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Nelmio\ApiDocBundle\Tests\Functional\Entity;
+
+/**
+ * @author Guilhem N. <guilhem.niot@gmail.com>
+ */
+class PrivateProtectedExposure
+{
+    private $privateField;
+    protected $protectedField;
+
+    /**
+     * @var string
+     */
+    public $publicField;
+
+    protected function setProtected(string $thing)
+    {
+    }
+}
--- a/Tests/Functional/FunctionalTest.php
+++ b/Tests/Functional/FunctionalTest.php
@ -471,4 +471,19 @@ class FunctionalTest extends WebTestCase
        $operation = $this->getOperation('/api/article/{id}', 'get');
        $this->assertNull($operation->operationId);
    }
+
+    /**
+     * Related to https://github.com/nelmio/NelmioApiDocBundle/issues/1756
+     * Ensures private/protected properties are not exposed, just like the symfony serializer does.
+     */
+    public function testPrivateProtectedExposure()
+    {
+        // Ensure that groups are supported
+        $model = $this->getModel('PrivateProtectedExposure');
+        $this->assertCount(1, $model->properties);
+        $this->assertHasProperty('publicField', $model);
+        $this->assertNotHasProperty('privateField', $model);
+        $this->assertNotHasProperty('protectedField', $model);
+        $this->assertNotHasProperty('protected', $model);
+    }
 }
--- a/Tests/Functional/SwaggerUiTest.php
+++ b/Tests/Functional/SwaggerUiTest.php
@ -53,6 +53,7 @@ class SwaggerUiTest extends WebTestCase
        $expected['servers'] = [
            ['url' => 'http://api.example.com/app_dev.php'],
        ];
+
        $this->assertEquals($expected, json_decode($crawler->filterXPath('//script[@id="swagger-data"]')->text(), true)['spec']);
    }

--- a/Tests/Functional/TestKernel.php
+++ b/Tests/Functional/TestKernel.php
@ -19,6 +19,7 @@ use JMS\SerializerBundle\JMSSerializerBundle;
 use Nelmio\ApiDocBundle\NelmioApiDocBundle;
 use Nelmio\ApiDocBundle\Tests\Functional\Entity\BazingaUser;
 use Nelmio\ApiDocBundle\Tests\Functional\Entity\NestedGroup\JMSPicture;
+use Nelmio\ApiDocBundle\Tests\Functional\Entity\PrivateProtectedExposure;
 use Nelmio\ApiDocBundle\Tests\Functional\ModelDescriber\VirtualTypeClassDoesNotExistsHandlerDefinedDescriber;
 use Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle;
 use Symfony\Bundle\FrameworkBundle\FrameworkBundle;
@ -232,6 +233,10 @@ class TestKernel extends Kernel
            ],
            'models' => [
                'names' => [
+                    [
+                        'alias' => 'PrivateProtectedExposure',
+                        'type' => PrivateProtectedExposure::class,
+                    ],
                    [
                        'alias' => 'JMSPicture_mini',
                        'type' => JMSPicture::class,
--- a/composer.json
+++ b/composer.json
@ -43,7 +43,7 @@
        "doctrine/common": "^2.4",

        "api-platform/core": "^2.4",
-        "friendsofsymfony/rest-bundle": "^2.8|^3.0@dev",
+        "friendsofsymfony/rest-bundle": "^2.8|^3.0",
        "willdurand/hateoas-bundle": "^1.0|^2.0",
        "jms/serializer-bundle": "^2.3|^3.0",
        "jms/serializer": "^1.14|^3.0"