Crutch-fixing PostController::showAction() exception handling with 404 instead of 403 exception.
This commit is contained in:
parent
44c4158602
commit
f598864d4d
|
@ -9,11 +9,4 @@ security:
|
|||
security: false
|
||||
|
||||
default:
|
||||
# Needs to be changed if authentication is added
|
||||
# Also it needs to be carefully checked that after enabling security here
|
||||
# \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException() doesn't start to replace 403 by 401 exceptions
|
||||
# for all users
|
||||
# For example \Skobkin\Bundle\PointToolsBundle\Controller\PostController::showAction() can return AccessDeniedException and this logic must be saved
|
||||
# After enabling authentication
|
||||
security: false
|
||||
#anonymous: true
|
||||
anonymous: true
|
||||
|
|
|
@ -16,7 +16,13 @@ class PostController extends AbstractController
|
|||
public function showAction(Post $post, PostRepository $postRepository): Response
|
||||
{
|
||||
if ((!$post->getAuthor()->isPublic()) || $post->getAuthor()->isWhitelistOnly()) {
|
||||
throw $this->createAccessDeniedException('Author\'s blog is private.');
|
||||
/**
|
||||
* Throwing 404 instead of 403 because of
|
||||
* @see \Symfony\Component\Security\Http\Firewall\ExceptionListener::handleAccessDeniedException()
|
||||
* starts to replace 403 by 401 exceptions for anonymous users and tries to authenticate them.
|
||||
*/
|
||||
throw $this->createNotFoundException('Author\'s blog is private.');
|
||||
//throw $this->createAccessDeniedException('Author\'s blog is private.');
|
||||
}
|
||||
|
||||
return $this->render('SkobkinPointToolsBundle:Post:show.html.twig', [
|
||||
|
|
|
@ -62,21 +62,21 @@ class PostControllerTest extends WebTestCase
|
|||
{
|
||||
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_USER);
|
||||
|
||||
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private user\'s post');
|
||||
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private user\'s post');
|
||||
}
|
||||
|
||||
public function testWhitelistOnlyUserPostForbidden()
|
||||
{
|
||||
$client = $this->createClientForPostId(LoadPostData::POST_ID_WL_USER);
|
||||
|
||||
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for whitelist-only user\'s post');
|
||||
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for whitelist-only user\'s post');
|
||||
}
|
||||
|
||||
public function testPrivateWhitelistOnlyUserPostForbidden()
|
||||
{
|
||||
$client = $this->createClientForPostId(LoadPostData::POST_ID_PR_WL_USER);
|
||||
|
||||
$this->assertTrue($client->getResponse()->isForbidden(), '403 response code for private whitelist-only user\'s post');
|
||||
$this->assertTrue($client->getResponse()->isNotFound(), '404 response code for private whitelist-only user\'s post');
|
||||
}
|
||||
|
||||
private function createClientForPostId(string $id): Client
|
||||
|
|
Loading…
Reference in a new issue