Skip to content

Session: add Patch operation to /api/sessions/{id}#8673

Open
addow wants to merge 1 commit into
chamilo:masterfrom
webstone:feat/session-patch-operation
Open

Session: add Patch operation to /api/sessions/{id}#8673
addow wants to merge 1 commit into
chamilo:masterfrom
webstone:feat/session-patch-operation

Conversation

@addow

@addow addow commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds PATCH /api/sessions/{id} alongside the existing PUT, restricted to ROLE_ADMIN
  • Fixes a false 422 "title already used" on PUT: API Platform 3 can create a new entity object during PUT denormalization (id=null), causing UniqueEntity to flag the existing title as a conflict with itself
  • PATCH correctly preserves object_to_populate and avoids this issue
  • Enables partial updates without resending the full resource

Test plan

  • PATCH /api/sessions/{id} with unchanged title → HTTP 200
  • PATCH /api/sessions/{id} with changed title → HTTP 200
  • PATCH /api/sessions/{id} with title already used by another session → HTTP 422
  • PUT /api/sessions/{id} still works

Adds PATCH alongside the existing PUT so callers can do partial updates
without resending the full resource. Fixes a UniqueEntity false-422 that
occurs on PUT when AP3 creates a new entity object during denormalization
(id=null), causing the validator to flag the existing title as a conflict.
PATCH correctly preserves object_to_populate and avoids the issue.
@addow addow force-pushed the feat/session-patch-operation branch from fd6d435 to 920d151 Compare June 30, 2026 08:05
@AngelFQC

AngelFQC commented Jul 7, 2026

Copy link
Copy Markdown
Member

Adding PATCH is the right direction for the future AP4/Symfony7 upgrade (PATCH keeps stable merge semantics; PUT will switch to unconditional replace). A few points before merge:

1. The stated root cause doesn't hold with our current config. The false 422 you describe (PUT denormalizing into a fresh object with id=null) only happens when standard_put=true. This repo sets standard_put nowhere (0 matches in config/ and src/), and the Put op has no extraProperties, so standard_put=false. In that mode DeserializeProvider sets OBJECT_TO_POPULATE for PUT too (see DeserializeProvider.php:86: 'PUT' === $method && !($extraProperties['standard_put'] ?? false)), exactly like PATCH — so PUT keeps its id and UniqueEntity should recognize the row as itself, i.e. no false 422. How did you reproduce the 422 on PUT? Different branch/config/version?

2. No caller uses PATCH yet. The session service is makeService("sessions"), whose generic update() sends PUT (assets/vue/services/api.js:147). No Vue caller uses PATCH for sessions, so the "partial updates / fixes 422 for users" benefit doesn't materialize without a matching frontend change (not included here). Is a follow-up planned to move the session edit to PATCH?

3. Regression test. Since the reproduction is unclear, a PHPUnit API test (PATCH unchanged title → 200, PUT unchanged title → 200) would either prove the bug or confirm PUT already works.

Security (is_granted('ROLE_ADMIN')) matches the existing Put and the resource default — no concern there.

@AngelFQC AngelFQC added this to the 3.0 milestone Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants