symfony
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/serializer.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/serializer.php
+2Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Resources/config/serializer.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Resources/config/serializer.php
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php
+5-1Lines changed: 5 additions & 1 deletion b/‎src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php
+5-1Lines changed: 5 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
+73-10Lines changed: 73 additions & 10 deletions b/‎src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
+73-10Lines changed: 73 additions & 10 deletions
diff --git a/‎src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php
+31-2Lines changed: 31 additions & 2 deletions b/‎src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Normalizer/ObjectNormalizer.php
+31-2Lines changed: 31 additions & 2 deletions
diff --git a/‎src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
+36Lines changed: 36 additions & 0 deletions b/‎src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
+36Lines changed: 36 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
+36Lines changed: 36 additions & 0 deletions b/‎src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
+36Lines changed: 36 additions & 0 deletions
@@ -137,6 +137,8 @@
                 service('property_info')->ignoreOnInvalid(),
                 service('serializer.mapping.class_discriminator_resolver')->ignoreOnInvalid(),
                 null,
+                [],
+                service('property_info')->ignoreOnInvalid(),
             ])
 
         ->alias(PropertyNormalizer::class, 'serializer.normalizer.property')
 
@@ -147,6 +147,8 @@ public function supportsNormalization($data, ?string $format = null)
      */
     public function normalize($object, ?string $format = null, array $context = [])
     {
+        $context['_read_attributes'] = true;
+
         if (!isset($context['cache_key'])) {
             $context['cache_key'] = $this->getCacheKey($format, $context);
         }
@@ -159,7 +161,7 @@ public function normalize($object, ?string $format = null, array $context = [])
 
         $data = [];
         $stack = [];
-        $attributes = $this->getAttributes($object, $format, $context);
+        $attributes = $this->getAttributes($object, $format, $context, true);
         $class = $this->objectClassResolver ? ($this->objectClassResolver)($object) : \get_class($object);
         $attributesMetadata = $this->classMetadataFactory ? $this->classMetadataFactory->getMetadataFor($class)->getAttributesMetadata() : null;
         if (isset($context[self::MAX_DEPTH_HANDLER])) {
@@ -359,6 +361,8 @@ public function supportsDenormalization($data, string $type, ?string $format = n
      */
     public function denormalize($data, string $type, ?string $format = null, array $context = [])
     {
+        $context['_read_attributes'] = false;
+
         if (!isset($context['cache_key'])) {
             $context['cache_key'] = $this->getCacheKey($format, $context);
         }
 
@@ -36,22 +36,23 @@
  */
 class GetSetMethodNormalizer extends AbstractObjectNormalizer
 {
+    private static $reflectionCache = [];
     private static $setterAccessibleCache = [];
 
     /**
      * {@inheritdoc}
      */
     public function supportsNormalization($data, ?string $format = null)
     {
-        return parent::supportsNormalization($data, $format) && $this->supports(\get_class($data));
+        return parent::supportsNormalization($data, $format) && $this->supports(\get_class($data), true);
     }
 
     /**
      * {@inheritdoc}
      */
     public function supportsDenormalization($data, string $type, ?string $format = null)
     {
-        return parent::supportsDenormalization($data, $type, $format) && $this->supports($type);
+        return parent::supportsDenormalization($data, $type, $format) && $this->supports($type, false);
     }
 
     /**
@@ -63,22 +64,28 @@ public function hasCacheableSupportsMethod(): bool
     }
 
     /**
-     * Checks if the given class has any getter method.
+     * Checks if the given class has any getter or setter method.
      */
-    private function supports(string $class): bool
+    private function supports(string $class, bool $readAttributes): bool
     {
         if (null !== $this->classDiscriminatorResolver && $this->classDiscriminatorResolver->getMappingForClass($class)) {
             return true;
         }
 
-        $class = new \ReflectionClass($class);
-        $methods = $class->getMethods(\ReflectionMethod::IS_PUBLIC);
-        foreach ($methods as $method) {
-            if ($this->isGetMethod($method)) {
-                return true;
-            }
+        if (!isset(self::$reflectionCache[$class])) {
+            self::$reflectionCache[$class] = new \ReflectionClass($class);
         }
 
+        $reflection = self::$reflectionCache[$class];
+
+        do {
+            foreach ($reflection->getMethods(\ReflectionMethod::IS_PUBLIC) as $reflectionMethod) {
+                if ($readAttributes && $this->isGetMethod($reflectionMethod) || !$readAttributes && $this->isSetMethod($reflectionMethod)) {
+                    return true;
+                }
+            }
+        } while ($reflection = $reflection->getParentClass());
+
         return false;
     }
 
@@ -95,6 +102,17 @@ private function isGetMethod(\ReflectionMethod $method): bool
             );
     }
 
+    /**
+     * Checks if a method's name matches /^set.+$/ and can be called non-statically with one parameter.
+     */
+    private function isSetMethod(\ReflectionMethod $method): bool
+    {
+        return !$method->isStatic()
+            && (\PHP_VERSION_ID < 80000 || !$method->getAttributes(Ignore::class))
+            && 1 === $method->getNumberOfRequiredParameters()
+            && str_starts_with($method->name, 'set');
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -160,4 +178,49 @@ protected function setAttributeValue(object $object, string $attribute, $value,
             $object->$setter($value);
         }
     }
+
+    protected function isAllowedAttribute($classOrObject, string $attribute, string $format = null, array $context = [])
+    {
+        if (!parent::isAllowedAttribute($classOrObject, $attribute, $format, $context)) {
+            return false;
+        }
+
+        $class = \is_object($classOrObject) ? \get_class($classOrObject) : $classOrObject;
+
+        if (!isset(self::$reflectionCache[$class])) {
+            self::$reflectionCache[$class] = new \ReflectionClass($class);
+        }
+
+        $reflection = self::$reflectionCache[$class];
+
+        do {
+            if ($context['_read_attributes'] ?? true) {
+                foreach (['get', 'is', 'has'] as $getterPrefix) {
+                    $getter = $getterPrefix.ucfirst($attribute);
+                    $reflectionMethod = $reflection->hasMethod($getter) ? $reflection->getMethod($getter) : null;
+                    if ($reflectionMethod && $this->isGetMethod($reflectionMethod)) {
+                        return true;
+                    }
+                }
+            } else {
+                $setter = 'set'.ucfirst($attribute);
+                $reflectionMethod = $reflection->hasMethod($setter) ? $reflection->getMethod($setter) : null;
+                if ($reflectionMethod && $this->isSetMethod($reflectionMethod)) {
+                    return true;
+                }
+
+                $constructor = $reflection->getConstructor();
+
+                if ($constructor && $constructor->isPublic()) {
+                    foreach ($constructor->getParameters() as $parameter) {
+                        if ($parameter->getName() === $attribute) {
+                            return true;
+                        }
+                    }
+                }
+            }
+        } while ($reflection = $reflection->getParentClass());
+
+        return false;
+    }
 }
@@ -14,7 +14,10 @@
 use Symfony\Component\PropertyAccess\Exception\NoSuchPropertyException;
 use Symfony\Component\PropertyAccess\PropertyAccess;
 use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+use Symfony\Component\PropertyInfo\Extractor\ReflectionExtractor;
+use Symfony\Component\PropertyInfo\PropertyInfoExtractorInterface;
 use Symfony\Component\PropertyInfo\PropertyTypeExtractorInterface;
+use Symfony\Component\PropertyInfo\PropertyWriteInfo;
 use Symfony\Component\Serializer\Exception\LogicException;
 use Symfony\Component\Serializer\Mapping\AttributeMetadata;
 use Symfony\Component\Serializer\Mapping\ClassDiscriminatorResolverInterface;
@@ -29,11 +32,20 @@
 class ObjectNormalizer extends AbstractObjectNormalizer
 {
     protected $propertyAccessor;
+    protected $propertyInfoExtractor;
 
     private $objectClassResolver;
 
-    public function __construct(?ClassMetadataFactoryInterface $classMetadataFactory = null, ?NameConverterInterface $nameConverter = null, ?PropertyAccessorInterface $propertyAccessor = null, ?PropertyTypeExtractorInterface $propertyTypeExtractor = null, ?ClassDiscriminatorResolverInterface $classDiscriminatorResolver = null, ?callable $objectClassResolver = null, array $defaultContext = [])
-    {
+    public function __construct(
+        ?ClassMetadataFactoryInterface $classMetadataFactory = null,
+        ?NameConverterInterface $nameConverter = null,
+        ?PropertyAccessorInterface $propertyAccessor = null,
+        ?PropertyTypeExtractorInterface $propertyTypeExtractor = null,
+        ?ClassDiscriminatorResolverInterface $classDiscriminatorResolver = null,
+        ?callable $objectClassResolver = null,
+        array $defaultContext = [],
+        ?PropertyInfoExtractorInterface $propertyInfoExtractor = null,
+    ) {
         if (!class_exists(PropertyAccess::class)) {
             throw new LogicException('The ObjectNormalizer class requires the "PropertyAccess" component. Install "symfony/property-access" to use it.');
         }
@@ -45,6 +57,8 @@ public function __construct(?ClassMetadataFactoryInterface $classMetadataFactory
         $this->objectClassResolver = $objectClassResolver ?? function ($class) {
             return \is_object($class) ? \get_class($class) : $class;
         };
+
+        $this->propertyInfoExtractor = $propertyInfoExtractor ?: new ReflectionExtractor();
     }
 
     /**
@@ -174,4 +188,19 @@ protected function getAllowedAttributes($classOrObject, array $context, bool $at
 
         return $allowedAttributes;
     }
+
+    protected function isAllowedAttribute($classOrObject, string $attribute, string $format = null, array $context = [])
+    {
+        if (!parent::isAllowedAttribute($classOrObject, $attribute, $format, $context)) {
+            return false;
+        }
+        $class = \is_object($classOrObject) ? \get_class($classOrObject) : $classOrObject;
+
+        if ($context['_read_attributes'] ?? true) {
+            return $this->propertyInfoExtractor->isReadable($class, $attribute);
+        }
+
+        return $this->propertyInfoExtractor->isWritable($class, $attribute)
+            || null !== ($writeInfo = $this->propertyInfoExtractor->getWriteInfo($class, $attribute)) && PropertyWriteInfo::TYPE_NONE !== $writeInfo->getType();
+    }
 }
@@ -521,6 +521,23 @@ public function testDenormalizeWithDiscriminator()
 
         $this->assertEquals($denormalized, $normalizer->denormalize(['type' => 'two', 'url' => 'url'], GetSetMethodDummyInterface::class));
     }
+
+    public function testSupportsAndNormalizeWithOnlyParentGetter()
+    {
+        $obj = new GetSetDummyChild();
+        $obj->setFoo('foo');
+
+        $this->assertTrue($this->normalizer->supportsNormalization($obj));
+        $this->assertSame(['foo' => 'foo'], $this->normalizer->normalize($obj));
+    }
+
+    public function testSupportsAndDenormalizeWithOnlyParentSetter()
+    {
+        $this->assertTrue($this->normalizer->supportsDenormalization(['foo' => 'foo'], GetSetDummyChild::class));
+
+        $obj = $this->normalizer->denormalize(['foo' => 'foo'], GetSetDummyChild::class);
+        $this->assertSame('foo', $obj->getFoo());
+    }
 }
 
 class GetSetDummy
@@ -825,3 +842,22 @@ public function setUrl(string $url): void
         $this->url = $url;
     }
 }
+
+class GetSetDummyChild extends GetSetDummyParent
+{
+}
+
+class GetSetDummyParent
+{
+    private $foo;
+
+    public function getFoo()
+    {
+        return $this->foo;
+    }
+
+    public function setFoo($foo)
+    {
+        $this->foo = $foo;
+    }
+}
@@ -18,6 +18,7 @@
 use Symfony\Component\PropertyInfo\Extractor\PhpStanExtractor;
 use Symfony\Component\PropertyInfo\Extractor\ReflectionExtractor;
 use Symfony\Component\PropertyInfo\PropertyInfoExtractor;
+use Symfony\Component\Serializer\Annotation\Ignore;
 use Symfony\Component\Serializer\Exception\LogicException;
 use Symfony\Component\Serializer\Exception\RuntimeException;
 use Symfony\Component\Serializer\Exception\UnexpectedValueException;
@@ -869,6 +870,31 @@ public function testNormalizeStdClass()
 
         $this->assertSame(['baz' => 'baz'], $this->normalizer->normalize($o2));
     }
+
+    public function testNormalizeWithIgnoreAnnotationAndPrivateProperties()
+    {
+        $classMetadataFactory = new ClassMetadataFactory(new AnnotationLoader(new AnnotationReader()));
+        $normalizer = new ObjectNormalizer($classMetadataFactory);
+
+        $this->assertSame(['foo' => 'foo'], $normalizer->normalize(new ObjectDummyWithIgnoreAnnotationAndPrivateProperty()));
+    }
+
+    public function testDenormalizeWithIgnoreAnnotationAndPrivateProperties()
+    {
+        $classMetadataFactory = new ClassMetadataFactory(new AnnotationLoader(new AnnotationReader()));
+        $normalizer = new ObjectNormalizer($classMetadataFactory);
+
+        $obj = $normalizer->denormalize([
+            'foo' => 'set',
+            'ignore' => 'set',
+            'private' => 'set',
+        ], ObjectDummyWithIgnoreAnnotationAndPrivateProperty::class);
+
+        $expected = new ObjectDummyWithIgnoreAnnotationAndPrivateProperty();
+        $expected->foo = 'set';
+
+        $this->assertEquals($expected, $obj);
+    }
 }
 
 class ProxyObjectDummy extends ObjectDummy
@@ -1152,3 +1178,13 @@ public function getInner()
         return $this->inner;
     }
 }
+
+class ObjectDummyWithIgnoreAnnotationAndPrivateProperty
+{
+    public $foo = 'foo';
+
+    /** @Ignore */
+    public $ignored = 'ignored';
+
+    private $private = 'private';
+}