API Platform bug reproducer: "object" is null during PATCH security
git clone git@github.com:weaverryan/api_platform_null_object_security_reproducer.git
cd api_platform_null_object_security_reproducer
composer install
php bin/phpunit
The key detail is the Cake.flavor
property, which has a security
expression:
#[ApiProperty(security: 'is_granted("FLAVOR", object)')]
private ?string $flavor = null;
The above commands will run 2 test cases:
A) A GET
operation. In this case, the object
is the Cake
object. This is
proven by a dump()
inside FlavorVoter
.
B) A PATCH
operation. In this case, the object
is null
during deserialization,
even though there IS an object that it's being deserialized into. This is
proven by a dump()
inside FlavorVoter
.