Crutch-fixing PostController::showAction() exception handling with 404 instead of 403 exception.

app/config/security.yml

@@ -9,11 +9,4 @@ security:
             security: false
 
         default:
-            # Needs to be changed if authentication is added
-            # Also it needs to be carefully checked that after enabling security here
-            # \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException() doesn't start to replace 403 by 401 exceptions
-            # for all users
-            # For example \Skobkin\Bundle\PointToolsBundle\Controller\PostController::showAction() can return AccessDeniedException and this logic must be saved
-            # After enabling authentication
-            security: false
-            #anonymous: true
+            anonymous: true

src/Skobkin/Bundle/PointToolsBundle/Controller/PostController.php

@@ -16,7 +16,13 @@ class PostController extends AbstractController
     public function showAction(Post $post, PostRepository $postRepository): Response
     {
         if ((!$post->getAuthor()->isPublic()) || $post->getAuthor()->isWhitelistOnly()) {
-            throw $this->createAccessDeniedException('Author\'s blog is private.');
+            /**
+             * Throwing 404 instead of 403 because of
+             * @see \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException()
+             * starts to replace 403 by 401 exceptions for anonymous users and tries to authenticate them.
+             */
+            throw $this->createNotFoundException('Author\'s blog is private.');
+            //throw $this->createAccessDeniedException('Author\'s blog is private.');
         }
 
         return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [

tests/Skobkin/PointToolsBundle/Controller/PostControllerTest.php

@@ -62,21 +62,21 @@ class PostControllerTest extends WebTestCase
     {
         $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
 
-        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
+        $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private user\'s post');
     }
 
     public function testWhitelistOnlyUserPostForbidden()
     {
         $client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
 
-        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
+        $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for whitelist-only user\'s post');
     }
 
     public function testPrivateWhitelistOnlyUserPostForbidden()
     {
         $client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
 
-        $this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
+        $this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private whitelist-only user\'s post');
     }
 
     private function createClientForPostId(string $id): Client