Zf mvc auth can not identifier request type. Collection or Entity

[newdevonair]

zf-mvc-auth/src/Authorization/DefaultResourceResolverListener.php

Line 126 in 25dca76

protected function getIdentifier($identifierName, $routeMatch, $request)

This method can not identifier request type for authorization check.
I have REST service

/path/to/url[/:identifier_name]

Allowed methods is
COLLECTION -> GET
ENTIITY-> PUT
for authorization I have this configs

'collection' => [
	'GET' => true,
	'POST' => false,
	'PUT' => false,
	'PATCH' => false,
	'DELETE' => false,
],
'entity' => [
	'GET' => false,
	'POST' => false,
	'PUT' => true,
	'PATCH' => false,
	'DELETE' => false,
],

but when I'm sending request like this

/path/to/url?identifier_name=some_value

zf auth think that this is ENTITY-> GET.
because of on line 137 you are checking also if identifier exist in query parameters

[newdevonair]

@weierophinney what you think about it.
is it ok?

[weierophinney]

It's not interpreting the request as a GET request; it's instead matching a query string argument (which can occur with ANY URI, not just those sent via GET).

I'm not sure why we check for the identifier in the query string arguments, to be honest; we likely shouldn't. However, to change that at this time would break backwards compatibility.

Can you answer a couple questions for me, please, so we can better evaluate your concerns?

• Why are you sending the identifier using a query string argument in the first place?
• What problems are you observing due to the current behavior, exactly?

[weierophinney]

This repository has been closed and moved to laminas-api-tools/api-tools-mvc-auth; a new issue has been opened at laminas-api-tools/api-tools-mvc-auth#1.