I'm using Symfony5 with ApiPlatform
I'm using a Listener for multiple tasks including to do some authorization that I can't do in my voters.
So through a simple condition I verify what field of my entity is being modified.
I go through the modified fields, and check if they're different from the only field that can be modified.
here's how :
$modifiedValues = $eventArgs->getEntityManager()->getUnitOfWork()->getEntityChangeSet($eventArgs->getObject());
foreach ($modifiedValues as $key => $value) {
if ("statut" != $key) {
throw new AccessDeniedException('Vous ne pouvez pas modifier ce champ.');
}
}
Now I'm throwing an AccessDeniedException which I thought would return a 403 but actually return a 500.
The authorization part is actually working but I'm a bit bothered by this "exception" in my logic, cause other authorization rules will return either 200 or 403.
So my questions would be:
- Does anyone know why this exception behave this way ? If it's normal behavior or something's off
- Is there another way to return a
403 from this Listener ?
Thanks for your time!
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
