Remove the additional pre-denormalize ApiProperty security check to reduce code complexity. security_post_normalize should be used if an object is required.

Author: DavidBennettUK

src/Serializer/AbstractItemNormalizer.php

@@ -254,13 +254,6 @@ public function denormalize($data, $class, $format = null, array $context = [])
             return $item;
         }
 
-        // Filter out input attributes that aren't allowed for updates
-        if (null !== $objectToPopulate) {
-            $data = array_filter($data, function (string $attribute) use ($context, $objectToPopulate) {
-                return $this->canAccessAttribute($objectToPopulate, $attribute, $context);
-            }, \ARRAY_FILTER_USE_KEY);
-        }
-
         $previousObject = null !== $objectToPopulate ? clone $objectToPopulate : null;
         $object = parent::denormalize($data, $resourceClass, $format, $context);