Fix: Operation security should override top-level

adamdicarlo0 · adamdicarlo0 · commit b0f404d867f4 · 2025-02-19T09:40:48.000-08:00
REQUIRES wolfadex/elm-open-api#11
diff --git a/example/overriding-global-security.yaml b/example/overriding-global-security.yaml
@@ -0,0 +1,35 @@
+openapi: 3.0.1
+info:
+  title: "Overriding global security"
+  version: 1.0.0
+components:
+  schemas:
+    Data:
+      description: "Data"
+      type: string
+  securitySchemes:
+    Token:
+      type: apiKey
+      in: header
+      name: X-API-Key
+security:
+  - Token: []
+paths:
+  "/api/protected":
+    summary: Endpoint requiring token
+    description: Description of protected endpoint
+    get:
+      operationId: GetProtectedData
+      responses:
+        200:
+          $ref: "#/components/schemas/Data"
+
+  "/api/unprotected":
+    summary: Unprotected (public) endpoint
+    description: "Description of unprotected endpoint"
+    get:
+      security: []
+      operationId: GetUnprotectedData
+      responses:
+        200:
+          $ref: "#/components/schemas/Data"
diff --git a/src/OpenApi/Generate.elm b/src/OpenApi/Generate.elm
@@ -1494,7 +1494,9 @@ operationToAuthorizationInfo : OpenApi.Operation.Operation -> CliMonad Authoriza
 operationToAuthorizationInfo operation =
     CliMonad.andThen2
         (\globalSecurity components ->
-            (OpenApi.Operation.security operation ++ globalSecurity)
+            -- If present, the operation's security overrides globalSecurity.
+            OpenApi.Operation.security operation
+                |> Maybe.withDefault globalSecurity
                 |> List.concatMap
                     (Dict.toList << OpenApi.SecurityRequirement.requirements)
                 |> CliMonad.foldl
diff --git a/src/TestGenScript.elm b/src/TestGenScript.elm
@@ -20,6 +20,10 @@ run =
         recursiveAllofRefs =
             OpenApi.Config.inputFrom (OpenApi.Config.File "./example/recursive-allof-refs.yaml")
 
+        overridingGlobalSecurity : OpenApi.Config.Input
+        overridingGlobalSecurity =
+            OpenApi.Config.inputFrom (OpenApi.Config.File "./example/overriding-global-security.yaml")
+
         singleEnum : OpenApi.Config.Input
         singleEnum =
             OpenApi.Config.inputFrom (OpenApi.Config.File "./example/single-enum.yaml")
@@ -70,6 +74,7 @@ run =
             OpenApi.Config.init "./generated"
                 |> OpenApi.Config.withAutoConvertSwagger True
                 |> OpenApi.Config.withInput recursiveAllofRefs
+                |> OpenApi.Config.withInput overridingGlobalSecurity
                 |> OpenApi.Config.withInput singleEnum
                 |> OpenApi.Config.withInput patreon
                 |> OpenApi.Config.withInput realworldConduit
