diff --git a/src/Serializer/AbstractItemNormalizer.php b/src/Serializer/AbstractItemNormalizer.php index bafdba3a86a..c3ee964f81d 100644 --- a/src/Serializer/AbstractItemNormalizer.php +++ b/src/Serializer/AbstractItemNormalizer.php @@ -398,7 +398,9 @@ protected function isAllowedAttribute($classOrObject, $attribute, $format = null $propertyMetadata = $this->propertyMetadataFactory->create($context['resource_class'], $attribute, $options); $security = $propertyMetadata->getAttribute('security'); if ($this->resourceAccessChecker && $security) { - return $this->resourceAccessChecker->isGranted($attribute, $security); + return $this->resourceAccessChecker->isGranted($context['resource_class'], $security, [ + 'object' => $classOrObject, + ]); } return true; diff --git a/tests/Serializer/AbstractItemNormalizerTest.php b/tests/Serializer/AbstractItemNormalizerTest.php index e4a6c491474..6f1a882c8e6 100644 --- a/tests/Serializer/AbstractItemNormalizerTest.php +++ b/tests/Serializer/AbstractItemNormalizerTest.php @@ -230,7 +230,11 @@ public function testNormalizeWithSecuredProperty() $resourceClassResolverProphecy->getResourceClass($dummy, null)->willReturn(SecuredDummy::class); $resourceAccessChecker = $this->prophesize(ResourceAccessCheckerInterface::class); - $resourceAccessChecker->isGranted('adminOnlyProperty', 'is_granted(\'ROLE_ADMIN\')')->willReturn(false); + $resourceAccessChecker->isGranted( + SecuredDummy::class, + 'is_granted(\'ROLE_ADMIN\')', + ['object' => $dummy] + )->willReturn(false); $serializerProphecy = $this->prophesize(SerializerInterface::class); $serializerProphecy->willImplement(NormalizerInterface::class);