fix: exception to status on error resource

features/main/exception_to_status.feature

@@ -31,3 +31,10 @@ Feature: Using exception_to_status config
     Then the response status code should be 400
     And the response should be in JSON
     And the header "Content-Type" should be equal to "application/problem+json; charset=utf-8"
+
+  @!mongodb
+  Scenario: Override validation exception status code from delete operation
+    When I add "Content-Type" header equal to "application/ld+json"
+    And I send a "DELETE" request to "/error_with_overriden_status"
+    Then the response status code should be 403
+    And the JSON node "status" should be equal to 403

src/Action/EntrypointAction.php

@@ -42,7 +42,7 @@ public function __invoke(Request $request = null)
     {
         if ($this->provider && $this->processor) {
             $context = ['request' => $request];
-            $operation = new Get(class: Entrypoint::class, provider: fn () => new Entrypoint($this->resourceNameCollectionFactory->create()));
+            $operation = new Get(read: true, serialize: true, class: Entrypoint::class, provider: fn () => new Entrypoint($this->resourceNameCollectionFactory->create()));
             $body = $this->provider->provide($operation, [], $context);
 
             return $this->processor->process($body, $operation, [], $context);

src/ApiResource/Error.php

@@ -48,7 +48,7 @@ class Error extends \Exception implements ProblemExceptionInterface, HttpExcepti
     public function __construct(
         private readonly string $title,
         private readonly string $detail,
-        #[ApiProperty(identifier: true)] private readonly int $status,
+        #[ApiProperty(identifier: true)] private int $status,
         private readonly array $originalTrace,
         private ?string $instance = null,
         private string $type = 'about:blank',
@@ -132,6 +132,11 @@ public function getStatus(): ?int
         return $this->status;
     }
 
+    public function setStatus(int $status): void
+    {
+        $this->status = $status;
+    }
+
     #[Groups(['jsonld', 'jsonproblem', 'legacy_jsonproblem'])]
     public function getDetail(): ?string
     {

src/Documentation/Action/DocumentationAction.php

@@ -78,7 +78,7 @@ private function getOpenApiDocumentation(array $context, string $format, Request
     {
         if ($this->provider && $this->processor) {
             $context['request'] = $request;
-            $operation = new Get(class: OpenApi::class, provider: fn () => $this->openApiFactory->__invoke($context), normalizationContext: [ApiGatewayNormalizer::API_GATEWAY => $context['api_gateway'] ?? null], outputFormats: $this->documentationFormats);
+            $operation = new Get(class: OpenApi::class, read: true, serialize: true, provider: fn () => $this->openApiFactory->__invoke($context), normalizationContext: [ApiGatewayNormalizer::API_GATEWAY => $context['api_gateway'] ?? null], outputFormats: $this->documentationFormats);
             if ('html' === $format) {
                 $operation = $operation->withProcessor('api_platform.swagger_ui.processor')->withWrite(true);
             }
@@ -104,6 +104,8 @@ private function getHydraDocumentation(array $context, Request $request): Docume
             $context['request'] = $request;
             $operation = new Get(
                 class: Documentation::class,
+                read: true,
+                serialize: true,
                 provider: fn () => new Documentation($this->resourceNameCollectionFactory->create(), $this->title, $this->description, $this->version)
             );
 

src/JsonLd/Action/ContextAction.php

@@ -61,7 +61,8 @@ public function __invoke(string $shortName, Request $request = null): array|Resp
                 outputFormats: ['jsonld' => ['application/ld+json']],
                 validate: false,
                 provider: fn () => $this->getContext($shortName),
-                serialize: false
+                serialize: false,
+                read: true
             );
             $context = ['request' => $request];
             $jsonLdContext = $this->provider->provide($operation, [], $context);

src/Metadata/Exception/ProblemExceptionInterface.php

@@ -28,6 +28,8 @@ public function getTitle(): ?string;
 
     public function getStatus(): ?int;
 
+    public function setStatus(int $status): void;
+
     public function getDetail(): ?string;
 
     public function getInstance(): ?string;

src/State/Provider/ReadProvider.php

@@ -49,7 +49,8 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
         }
 
         $request = ($context['request'] ?? null);
-        if (!($operation->canRead() ?? true) || (!$operation->getUriVariables() && !$request?->isMethodSafe())) {
+
+        if (!$operation->canRead()) {
             return null;
         }
 

src/Symfony/Controller/MainController.php

@@ -16,6 +16,7 @@
 use ApiPlatform\Api\UriVariablesConverterInterface;
 use ApiPlatform\Exception\InvalidIdentifierException;
 use ApiPlatform\Exception\InvalidUriVariableException;
+use ApiPlatform\Metadata\HttpOperation;
 use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
 use ApiPlatform\State\ProcessorInterface;
 use ApiPlatform\State\ProviderInterface;
@@ -62,6 +63,14 @@ public function __invoke(Request $request): Response
             $operation = $operation->withValidate(!$request->isMethodSafe() && !$request->isMethod('DELETE'));
         }
 
+        if (null === $operation->canRead() && $operation instanceof HttpOperation) {
+            $operation = $operation->withRead($operation->getUriVariables() || $request?->isMethodSafe());
+        }
+
+        if (null === $operation->canDeserialize() && $operation instanceof HttpOperation) {
+            $operation = $operation->withDeserialize(\in_array($operation->getMethod(), ['POST', 'PUT', 'PATCH'], true));
+        }
+
         $body = $this->provider->provide($operation, $uriVariables, $context);
 
         // The provider can change the Operation, extract it again from the Request attributes
@@ -84,6 +93,10 @@ public function __invoke(Request $request): Response
             $operation = $operation->withWrite(!$request->isMethodSafe());
         }
 
+        if (null === $operation->canSerialize()) {
+            $operation = $operation->withSerialize(true);
+        }
+
         return $this->processor->process($body, $operation, $uriVariables, $context);
     }
 }

src/Symfony/EventListener/ErrorListener.php

@@ -16,6 +16,7 @@
 use ApiPlatform\Api\IdentifiersExtractorInterface;
 use ApiPlatform\ApiResource\Error;
 use ApiPlatform\Metadata\Error as ErrorOperation;
+use ApiPlatform\Metadata\Exception\ProblemExceptionInterface;
 use ApiPlatform\Metadata\HttpOperation;
 use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
 use ApiPlatform\Metadata\ResourceClassResolverInterface;
@@ -64,32 +65,44 @@ protected function duplicateRequest(\Throwable $exception, Request $request): Re
         $apiOperation = $this->initializeOperation($request);
         $format = $this->getRequestFormat($request, $this->errorFormats, false);
 
-        if ($this->resourceClassResolver?->isResourceClass($exception::class)) {
-            $resourceCollection = $this->resourceMetadataCollectionFactory->create($exception::class);
-
-            $operation = null;
-            foreach ($resourceCollection as $resource) {
-                foreach ($resource->getOperations() as $op) {
-                    foreach ($op->getOutputFormats() as $key => $value) {
-                        if ($key === $format) {
-                            $operation = $op;
-                            break 3;
+        if ($this->resourceMetadataCollectionFactory) {
+            if ($this->resourceClassResolver?->isResourceClass($exception::class)) {
+                $resourceCollection = $this->resourceMetadataCollectionFactory->create($exception::class);
+
+                $operation = null;
+                foreach ($resourceCollection as $resource) {
+                    foreach ($resource->getOperations() as $op) {
+                        foreach ($op->getOutputFormats() as $key => $value) {
+                            if ($key === $format) {
+                                $operation = $op;
+                                break 3;
+                            }
                         }
                     }
                 }
-            }
 
-            // No operation found for the requested format, we take the first available
-            if (!$operation) {
-                $operation = $resourceCollection->getOperation();
+                // No operation found for the requested format, we take the first available
+                if (!$operation) {
+                    $operation = $resourceCollection->getOperation();
+                }
+                $errorResource = $exception;
+                if ($errorResource instanceof ProblemExceptionInterface) {
+                    $statusCode = $this->getStatusCode($apiOperation, $request, $operation, $exception);
+                    if ($operation instanceof HttpOperation) {
+                        $operation = $operation->withStatus($statusCode);
+                    }
+                    $errorResource->setStatus($statusCode);
+                }
+            } else {
+                // Create a generic, rfc7807 compatible error according to the wanted format
+                $operation = $this->resourceMetadataCollectionFactory->create(Error::class)->getOperation($this->getFormatOperation($format));
+                // status code may be overriden by the exceptionToStatus option
+                $statusCode = $this->getStatusCode($apiOperation, $request, $operation, $exception);
+                if ($operation instanceof HttpOperation) {
+                    $operation = $operation->withStatus($statusCode);
+                }
+                $errorResource = Error::createFromException($exception, $statusCode);
             }
-            $errorResource = $exception;
-        } elseif ($this->resourceMetadataCollectionFactory) {
-            // Create a generic, rfc7807 compatible error according to the wanted format
-            /** @var HttpOperation $operation */
-            $operation = $this->resourceMetadataCollectionFactory->create(Error::class)->getOperation($this->getFormatOperation($format));
-            $operation = $operation->withStatus($this->getStatusCode($apiOperation, $request, $operation, $exception));
-            $errorResource = Error::createFromException($exception, $operation->getStatus());
         } else {
             /** @var HttpOperation $operation */
             $operation = new ErrorOperation(name: '_api_errors_problem', class: Error::class, outputFormats: ['jsonld' => ['application/ld+json']], normalizationContext: ['groups' => ['jsonld'], 'skip_null_values' => true]);

src/Symfony/State/DeserializeProvider.php

@@ -51,10 +51,7 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
             return $data;
         }
 
-        if (
-            !($operation->canDeserialize() ?? true)
-            || !\in_array($method = $operation->getMethod(), ['POST', 'PUT', 'PATCH'], true)
-        ) {
+        if (!$operation->canDeserialize()) {
             return $data;
         }
 
@@ -74,10 +71,11 @@ public function provide(Operation $operation, array $uriVariables = [], array $c
             throw new UnsupportedMediaTypeHttpException('Format not supported.');
         }
 
+        $method = $operation->getMethod();
+
         if (
             null !== $data
-            && (
-                'POST' === $method
+            && ('POST' === $method
                 || 'PATCH' === $method
                 || ('PUT' === $method && !($operation->getExtraProperties()['standard_put'] ?? false))
             )

src/Symfony/State/SerializeProcessor.php

@@ -36,7 +36,7 @@ public function __construct(private readonly ProcessorInterface $processor, priv
 
     public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = [])
     {
-        if ($data instanceof Response || !($operation->canSerialize() ?? true) || !($request = $context['request'] ?? null)) {
+        if ($data instanceof Response || !$operation->canSerialize() || !($request = $context['request'] ?? null)) {
             return $this->processor->process($data, $operation, $uriVariables, $context);
         }
 

src/Symfony/Validator/Exception/ValidationException.php

@@ -41,6 +41,8 @@
 )]
 final class ValidationException extends BaseValidationException implements ConstraintViolationListAwareExceptionInterface, \Stringable, ProblemExceptionInterface
 {
+    private int $status = 422;
+
     public function __construct(private readonly ConstraintViolationListInterface $constraintViolationList, string $message = '', int $code = 0, \Throwable $previous = null, string $errorTitle = null)
     {
         parent::__construct($message ?: $this->__toString(), $code, $previous, $errorTitle);
@@ -119,7 +121,12 @@ public function getDetail(): ?string
     #[Groups(['jsonld', 'json', 'legacy_jsonproblem', 'legacy_json'])]
     public function getStatus(): ?int
     {
-        return 422;
+        return $this->status;
+    }
+
+    public function setStatus(int $status): void
+    {
+        $this->status = $status;
     }
 
     #[Groups(['jsonld', 'json'])]

tests/Fixtures/TestBundle/ApiResource/ErrorWithOverridenStatus.php

@@ -0,0 +1,32 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Tests\Fixtures\TestBundle\ApiResource;
+
+use ApiPlatform\Metadata\Delete;
+use ApiPlatform\Symfony\Validator\Exception\ValidationException;
+use Symfony\Component\Validator\ConstraintViolationList;
+
+#[Delete(
+    uriTemplate: '/error_with_overriden_status',
+    read: true,
+    provider: [ErrorWithOverridenStatus::class, 'throw'],
+    exceptionToStatus: [ValidationException::class => 403]
+)]
+class ErrorWithOverridenStatus
+{
+    public static function throw(): void
+    {
+        throw new ValidationException(new ConstraintViolationList());
+    }
+}

tests/Fixtures/TestBundle/Entity/DummyExceptionToStatus.php

@@ -20,11 +20,13 @@
 use ApiPlatform\Metadata\Put;
 use ApiPlatform\Tests\Fixtures\TestBundle\Exception\NotFoundException;
 use ApiPlatform\Tests\Fixtures\TestBundle\Filter\RequiredFilter;
+use ApiPlatform\Tests\Fixtures\TestBundle\State\DummyExceptionToStatusProvider;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 #[ApiResource(
     exceptionToStatus: [NotFoundHttpException::class => 400],
+    provider: DummyExceptionToStatusProvider::class,
     operations: [
         new Get(uriTemplate: '/dummy_exception_to_statuses/{id}', exceptionToStatus: [NotFoundException::class => 404]),
         new Put(uriTemplate: '/dummy_exception_to_statuses/{id}'),

tests/Symfony/Bundle/Test/ApiTestCaseTest.php

@@ -29,7 +29,8 @@ class ApiTestCaseTest extends ApiTestCase
 {
     public function testAssertJsonContains(): void
     {
-        self::createClient()->request('GET', '/');
+        $client = self::createClient();
+        $client->request('GET', '/');
         $this->assertJsonContains(['@context' => '/contexts/Entrypoint']);
     }