fix: added header "allow-post" only on resources with POST and header "allow" has now the right method.

Author: LaurentHuzard

features/main/ldp_resources.feature

@@ -93,8 +93,13 @@ public function process(mixed $data, Operation $operation, array $uriVariables =
             $headers['Accept-Patch'] = $acceptPatch;
         }
 
-        $headers['Accept-Post'] = 'text/turtle, application/ld+json';
-        $headers['Allow'] = $this->getAllowedMethods($context['resource_class'] ?? null);
+        $allowedMethods = $this->getAllowedMethods($context['resource_class'] ?? null, $operation->getUriTemplate());
+        $headers['Allow'] = implode(', ', $allowedMethods);
+
+        $outputFormats = $operation->getOutputFormats();
+        if (\is_array($outputFormats) && [] !== $outputFormats && \in_array('POST', $allowedMethods, true)) {
+            $headers['Accept-Post'] = implode(', ', array_merge(...array_values($outputFormats)));
+        }
 
         $method = $request->getMethod();
         $originalData = $context['original_data'] ?? null;
@@ -159,18 +164,20 @@ public function process(mixed $data, Operation $operation, array $uriVariables =
         );
     }
 
-    private function getAllowedMethods(?string $resourceClass): string
+    private function getAllowedMethods(?string $resourceClass, ?string $currentUriTemplate): array
     {
         $allowedMethods = self::DEFAULT_ALLOWED_METHOD;
-        if (null !== $resourceClass && null !== $this->resourceClassResolver && $this->resourceClassResolver->isResourceClass($resourceClass)) {
-            $resourceMetadataCollection = $this->resourceCollectionMetadataFactory ? $this->resourceCollectionMetadataFactory->create($resourceClass) : new ResourceMetadataCollection($resourceClass);
+        if (null !== $currentUriTemplate && null !== $resourceClass && $this->resourceClassResolver->isResourceClass($resourceClass)) {
+            $resourceMetadataCollection =$this->resourceCollectionMetadataFactory ? $this->resourceCollectionMetadataFactory->create($resourceClass) : new ResourceMetadataCollection($resourceClass);
             foreach ($resourceMetadataCollection as $resource) {
                 foreach ($resource->getOperations() as $operation) {
-                    $allowedMethods[] = $operation->getMethod();
+                    if ($operation->getUriTemplate() === $currentUriTemplate) {
+                        $allowedMethods[] = $operation->getMethod();
+                    }
                 }
             }
         }
 
-        return implode(', ', array_unique($allowedMethods));
+        return array_unique($allowedMethods);
     }
 }

src/State/Processor/RespondProcessor.php

@@ -16,8 +16,8 @@
 use ApiPlatform\Metadata\ApiResource;
 use ApiPlatform\Metadata\Delete;
 use ApiPlatform\Metadata\Get;
+use ApiPlatform\Metadata\GetCollection;
 use ApiPlatform\Metadata\HttpOperation;
-use ApiPlatform\Metadata\Patch;
 use ApiPlatform\Metadata\Post;
 use ApiPlatform\Metadata\Put;
 use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
@@ -42,6 +42,19 @@ protected function setUp(): void
             ->willReturn(true);
 
         $this->resourceMetadataCollectionFactory = $this->createMock(ResourceMetadataCollectionFactoryInterface::class);
+        $this->resourceMetadataCollectionFactory
+            ->method('create')
+            ->willReturn(
+                new ResourceMetadataCollection('DummyResource', [
+                    new ApiResource(operations: [
+                        new Get(uriTemplate: '/dummy_resources/{dummyResourceId}{._format}', name: 'get'),
+                        new GetCollection(uriTemplate: '/dummy_resources{._format}', name: 'get_collections'),
+                        new Post(uriTemplate: '/dummy_resources{._format}', name: 'post'),
+                        new Delete(uriTemplate: '/dummy_resources/{dummyResourceId}{._format}', name: 'delete'),
+                        new Put(uriTemplate: '/dummy_resources/{dummyResourceId}{._format}', name: 'put'),
+                    ]),
+                ])
+            );
 
         $this->processor = new RespondProcessor(
             null,
@@ -51,57 +64,36 @@ protected function setUp(): void
         );
     }
 
-    public function testHeadersAcceptPostIsSetCorrectly(): void
+    public function testHeadersAcceptPostIsReturnWhenPostAllowed(): void
     {
-        $this->resourceMetadataCollectionFactory
-            ->method('create')
-            ->willReturn(new ResourceMetadataCollection('DummyResourceClass'));
-
-        $operation = new HttpOperation('GET');
+        $operation = (new HttpOperation('GET', '/dummy_resources{._format}', outputFormats: ['jsonld' => ['application/ld+json'], 'json' => ['application/json']]));
         $context = [
-            'resource_class' => 'SomeResourceClass',
+            'resource_class' => 'DummyResource',
             'request' => $this->createGetRequest(),
         ];
 
         /** @var Response $response */
         $response = $this->processor->process(null, $operation, [], $context);
-
-        $this->assertSame('text/turtle, application/ld+json', $response->headers->get('Accept-Post'));
+        $this->assertSame('application/ld+json, application/json', $response->headers->get('Accept-Post'));
     }
 
-    public function testHeaderAllowHasHeadOptionsByDefault(): void
+    public function testHeadersAcceptPostIsNotSetWhenPostIsNotAllowed(): void
     {
-        $this->resourceMetadataCollectionFactory
-            ->method('create')
-            ->willReturn(new ResourceMetadataCollection('DummyResourceClass'));
-
-        $operation = new HttpOperation('GET');
+        $operation = (new HttpOperation('GET', '/dummy_resources/{dummyResourceId}{._format}'));
         $context = [
-            'resource_class' => 'SomeResourceClass',
+            'resource_class' => 'DummyResource',
             'request' => $this->createGetRequest(),
         ];
 
         /** @var Response $response */
         $response = $this->processor->process(null, $operation, [], $context);
 
-        $this->assertSame('OPTIONS, HEAD', $response->headers->get('Allow'));
+        $this->assertNull($response->headers->get('Accept-Post'));
     }
 
     public function testHeaderAllowReflectsResourceAllowedMethods(): void
     {
-        $this->resourceMetadataCollectionFactory
-            ->method('create')
-            ->willReturn(
-                new ResourceMetadataCollection('DummyResource', [
-                    new ApiResource(operations: [
-                        'get' => new Get(name: 'get'),
-                        'post' => new Post(name: 'post'),
-                        'delete' => new Delete(name: 'delete'),
-                    ]),
-                ])
-            );
-
-        $operation = new HttpOperation('GET');
+        $operation = (new HttpOperation('GET', '/dummy_resources{._format}'));
         $context = [
             'resource_class' => 'SomeResourceClass',
             'request' => $this->createGetRequest(),
@@ -115,30 +107,13 @@ public function testHeaderAllowReflectsResourceAllowedMethods(): void
         $this->assertStringContainsString('HEAD', $allowHeader);
         $this->assertStringContainsString('GET', $allowHeader);
         $this->assertStringContainsString('POST', $allowHeader);
-        $this->assertStringContainsString('DELETE', $allowHeader);
-        $this->assertStringNotContainsString('PATCH', $allowHeader);
-        $this->assertStringNotContainsString('PUT', $allowHeader);
-    }
-
-    public function testHeaderAllowReflectsAllowedResourcesGetPutPatch(): void
-    {
-        $this->resourceMetadataCollectionFactory
-            ->method('create')
-            ->willReturn(
-                new ResourceMetadataCollection('DummyResource', [
-                    new ApiResource(operations: [
-                        'get' => new Get(name: 'get'),
-                        'patch' => new Patch(name: 'patch'),
-                        'put' => new Put(name: 'put'),
-                    ]),
-                ])
-            );
+        $this->assertStringNotContainsString('DELETE', $allowHeader);
 
-        $operation = new HttpOperation('GET');
         $context = [
             'resource_class' => 'SomeResourceClass',
             'request' => $this->createGetRequest(),
         ];
+        $operation = (new HttpOperation('GET', '/dummy_resources/{dummyResourceId}{._format}'));
 
         /** @var Response $response */
         $response = $this->processor->process(null, $operation, [], $context);
@@ -147,10 +122,9 @@ public function testHeaderAllowReflectsAllowedResourcesGetPutPatch(): void
         $this->assertStringContainsString('OPTIONS', $allowHeader);
         $this->assertStringContainsString('HEAD', $allowHeader);
         $this->assertStringContainsString('GET', $allowHeader);
-        $this->assertStringContainsString('PATCH', $allowHeader);
         $this->assertStringContainsString('PUT', $allowHeader);
+        $this->assertStringContainsString('DELETE', $allowHeader);
         $this->assertStringNotContainsString('POST', $allowHeader);
-        $this->assertStringNotContainsString('DELETE', $allowHeader);
     }
 
     private function createGetRequest(): Request

src/State/Tests/Processor/RespondProcessorTest.php

@@ -24,9 +24,6 @@
 #[ORM\Entity]
 class DummyGetPostDeleteOperation
 {
-    /**
-     * @var int|null The id
-     */
     #[ORM\Column(type: 'integer')]
     #[ORM\Id]
     #[ORM\GeneratedValue(strategy: 'AUTO')]

tests/Fixtures/TestBundle/Entity/DummyGetPostDeleteOperation.php

@@ -0,0 +1,125 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Tests\Functional\State;
+
+use ApiPlatform\Symfony\Bundle\Test\ApiTestCase;
+use ApiPlatform\Tests\Fixtures\TestBundle\Entity\DummyGetPostDeleteOperation;
+use ApiPlatform\Tests\RecreateSchemaTrait;
+use ApiPlatform\Tests\SetupClassResourcesTrait;
+use Doctrine\ORM\EntityManagerInterface;
+use Doctrine\ORM\Tools\SchemaTool;
+
+class RespondProcessorTest extends ApiTestCase
+{
+    use RecreateSchemaTrait;
+    use SetupClassResourcesTrait;
+
+    /**
+     * @return class-string[]
+     */
+    public static function getResources(): array
+    {
+        return [DummyGetPostDeleteOperation::class];
+    }
+
+    public function testAllowHeadersForSingleResourceWithGetDelete(): void
+    {
+        $client = static::createClient();
+        $client->request('GET', '/dummy_get_post_delete_operations/1', [
+            'headers' => [
+                'Content-Type' => 'application/ld+json',
+            ],
+        ]);
+
+        $this->assertResponseHeaderSame('Allow', 'OPTIONS, HEAD, GET, DELETE');
+    }
+
+    public function testAllowHeadersForResourceCollectionReflectsAllowedMethods(): void
+    {
+        $client = static::createClient();
+        $client->request('GET', '/dummy_get_post_delete_operations', [
+            'headers' => [
+                'Content-Type' => 'application/ld+json',
+            ],
+        ]);
+
+        $this->assertResponseHeaderSame('allow', 'OPTIONS, HEAD, GET, POST');
+    }
+
+    public function testAcceptPostHeaderForResourceWithPostReflectsAllowedTypes(): void
+    {
+        $client = static::createClient();
+        $client->request('GET', '/dummy_get_post_delete_operations', [
+            'headers' => [
+                'Content-Type' => 'application/ld+json',
+            ],
+        ]);
+
+        $this->assertResponseHeaderSame('accept-post', 'application/ld+json, application/hal+json, application/vnd.api+json, application/xml, text/xml, application/json, text/html, application/graphql, multipart/form-data');
+    }
+
+    public function testAcceptPostHeaderDoesNotExistResourceWithoutPost(): void
+    {
+        $client = static::createClient();
+        $client->request('OPTIONS', '/dummy_get_post_delete_operations/1', [
+            'headers' => [
+                'Content-Type' => 'application/ld+json',
+            ],
+        ]);
+
+        $this->assertResponseNotHasHeader('accept-post');
+    }
+
+    protected function setUp(): void
+    {
+        self::bootKernel();
+
+        $container = static::getContainer();
+        $registry = $container->get('doctrine');
+        $manager = $registry->getManager();
+        if (!$manager instanceof EntityManagerInterface) {
+            return;
+        }
+
+        $classes = [$manager->getClassMetadata(DummyGetPostDeleteOperation::class)];
+
+        try {
+            $schemaTool = new SchemaTool($manager);
+            @$schemaTool->createSchema($classes);
+        } catch (\Exception $e) {
+            return;
+        }
+
+        $dummy = new DummyGetPostDeleteOperation();
+        $dummy->setName('Dummy');
+        $manager->persist($dummy);
+        $manager->flush();
+    }
+
+    protected function tearDown(): void
+    {
+        $container = static::getContainer();
+        $registry = $container->get('doctrine');
+        $manager = $registry->getManager();
+        if (!$manager instanceof EntityManagerInterface) {
+            return;
+        }
+
+        $classes = [$manager->getClassMetadata(DummyGetPostDeleteOperation::class)];
+
+        $schemaTool = new SchemaTool($manager);
+        @$schemaTool->dropSchema($classes);
+        parent::tearDown();
+    }
+}