Symfony version(s) affected

7.1.5

Description

You may want to map request data to a DTO and then pass that DTO object to a VoterInterface. However, this is impossible because the IsGrantedAttributeListener is called before the RequestPayloadValueResolver event subscriber.
The resolved DTO object is expected by the Voter, but the MapQueryString instance is passed.

How to reproduce

1. Create any DTO class you want to map from a request data.
2. Create a Voter that accepts the DTO class.
3. Add the IsGranted attribute to a controller and set the subject to the mapped variable like so #[IsGranted('post_create', 'post' )]
4. The Voter expects the PostDto instance as a subject, but gets the MapQueryString instance.

#[IsGranted('post_create', 'post')]
#[Route('/post, name: "app_post")]
public function post(
    #[MapQueryString] PostDto $post,
): Response
{
  return new Response('OK');
}

Possible Solution

Explicitly set higher priority for the RequestPayloadValueResolver. It should be triggered right before the IsGrantedAttributeListener.

class RequestPayloadValueResolver implements ValueResolverInterface, EventSubscriberInterface
{
    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::CONTROLLER_ARGUMENTS => ['onKernelControllerArguments', 21],
        ];
    }
}

Additional Context

No response