From c958c86bfa12711d2772a77dc1e0b77b41bd4c9c Mon Sep 17 00:00:00 2001 From: lazer Date: Tue, 3 Jul 2018 01:16:09 +0300 Subject: [PATCH 1/3] Merge attributes from discriminator map only for abstact classes or interface --- .../Normalizer/ObjectNormalizer.php | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php index 6c9098528b67e..51efe2a559bd9 100644 --- a/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php @@ -142,14 +142,24 @@ protected function getAllowedAttributes($classOrObject, array $context, $attribu return false; } - if (null !== $this->classDiscriminatorResolver && null !== $discriminatorMapping = $this->classDiscriminatorResolver->getMappingForMappedObject($classOrObject)) { - $allowedAttributes[] = $attributesAsString ? $discriminatorMapping->getTypeProperty() : new AttributeMetadata($discriminatorMapping->getTypeProperty()); + $discriminatorMapping = $this->classDiscriminatorResolver ? $this->classDiscriminatorResolver->getMappingForMappedObject($classOrObject) : null; - foreach ($discriminatorMapping->getTypesMapping() as $class) { - $allowedAttributes = array_merge($allowedAttributes, parent::getAllowedAttributes($class, $context, $attributesAsString)); - } + if (!$discriminatorMapping) { + return $allowedAttributes; + } + + $allowedAttributes[] = $attributesAsString ? $discriminatorMapping->getTypeProperty() : new AttributeMetadata($discriminatorMapping->getTypeProperty()); + + $reflectionClass = new \ReflectionClass($classOrObject); + + if (!$reflectionClass->isAbstract() && !$reflectionClass->isInterface()) { + return $allowedAttributes; + } + + foreach ($discriminatorMapping->getTypesMapping() as $class) { + $allowedAttributes = \array_merge($allowedAttributes, parent::getAllowedAttributes($class, $context, $attributesAsString)); } - return $allowedAttributes; + return \array_unique($allowedAttributes); } } From 4281d5794bdb395d6c9268efd933095b129f582d Mon Sep 17 00:00:00 2001 From: lazer Date: Tue, 3 Jul 2018 01:16:52 +0300 Subject: [PATCH 2/3] Validate and Denormalize properties only for concrete class --- .../Serializer/Normalizer/AbstractObjectNormalizer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php index 7f8d341846f7d..67c3cd63d8034 100644 --- a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php @@ -256,7 +256,7 @@ public function denormalize($data, $class, $format = null, array $context = arra continue; } - $value = $this->validateAndDenormalize($class, $attribute, $value, $format, $context); + $value = $this->validateAndDenormalize(\get_class($class), $attribute, $value, $format, $context); try { $this->setAttributeValue($object, $attribute, $value, $format, $context); } catch (InvalidArgumentException $e) { From 9ed307444a6c6df8ecb7d7925315f0b40919f434 Mon Sep 17 00:00:00 2001 From: lazer Date: Tue, 3 Jul 2018 14:29:33 +0300 Subject: [PATCH 3/3] Validate and Denormalize only concrete class data --- .../Serializer/Normalizer/AbstractObjectNormalizer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php index 67c3cd63d8034..a76baa9faa2f9 100644 --- a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php @@ -256,7 +256,7 @@ public function denormalize($data, $class, $format = null, array $context = arra continue; } - $value = $this->validateAndDenormalize(\get_class($class), $attribute, $value, $format, $context); + $value = $this->validateAndDenormalize(\get_class($object), $attribute, $value, $format, $context); try { $this->setAttributeValue($object, $attribute, $value, $format, $context); } catch (InvalidArgumentException $e) {