Validate entities on AJAX requests

composer.json

@@ -34,7 +34,8 @@
         "symfony/string": "^5.4|^6.0",
         "symfony/translation": "^5.4|^6.0",
         "symfony/twig-bundle": "^5.4|^6.0",
-        "symfony/uid": "^5.4|^6.0"
+        "symfony/uid": "^5.4|^6.0",
+        "symfony/validator": "^5.4|^6.0"
     },
     "require-dev": {
         "doctrine/doctrine-fixtures-bundle": "^3.4",

src/Controller/AbstractCrudController.php

@@ -218,7 +218,12 @@ public function edit(AdminContext $context)
             $fieldName = $context->getRequest()->query->get('fieldName');
             $newValue = 'true' === mb_strtolower($context->getRequest()->query->get('newValue'));
 
-            $event = $this->ajaxEdit($context->getEntity(), $fieldName, $newValue);
+            try {
+                $event = $this->ajaxEdit($context->getEntity(), $fieldName, $newValue);
+            } catch (\Exception $exception) {
+                return new Response(null, 400);
+            }
+
             if ($event->isPropagationStopped()) {
                 return $event->getResponse();
             }

src/Orm/EntityUpdater.php

@@ -5,27 +5,35 @@
 use EasyCorp\Bundle\EasyAdminBundle\Contracts\Orm\EntityUpdaterInterface;
 use EasyCorp\Bundle\EasyAdminBundle\Dto\EntityDto;
 use Symfony\Component\PropertyAccess\PropertyAccessorInterface;
+use Symfony\Component\Validator\Validator\ValidatorInterface;
 
 /**
  * @author Javier Eguiluz <javier.eguiluz@gmail.com>
  */
 final class EntityUpdater implements EntityUpdaterInterface
 {
-    private $propertyAccesor;
+    private PropertyAccessorInterface $propertyAccessor;
+    private ValidatorInterface $validator;
 
-    public function __construct(PropertyAccessorInterface $propertyAccesor)
+    public function __construct(PropertyAccessorInterface $propertyAccessor, ValidatorInterface $validator)
     {
-        $this->propertyAccesor = $propertyAccesor;
+        $this->propertyAccessor = $propertyAccessor;
+        $this->validator = $validator;
     }
 
     public function updateProperty(EntityDto $entityDto, string $propertyName, $value): void
     {
-        if (!$this->propertyAccesor->isWritable($entityDto->getInstance(), $propertyName)) {
+        if (!$this->propertyAccessor->isWritable($entityDto->getInstance(), $propertyName)) {
             throw new \RuntimeException(sprintf('The "%s" property of the "%s" entity is not writable.', $propertyName, $entityDto->getName()));
         }
 
         $entityInstance = $entityDto->getInstance();
-        $this->propertyAccesor->setValue($entityInstance, $propertyName, $value);
+        $this->propertyAccessor->setValue($entityInstance, $propertyName, $value);
+
+        if (0 < \count($violations = $this->validator->validate($entityInstance))) {
+            throw new \RuntimeException((string) $violations);
+        }
+
         $entityDto->setInstance($entityInstance);
     }
 }

src/Resources/config/services.php

@@ -228,6 +228,7 @@
 
         ->set(EntityUpdater::class)
             ->arg(0, new Reference('property_accessor'))
+            ->arg(1, new Reference('validator'))
 
         ->set(PaginatorFactory::class)
             ->arg(0, new Reference(AdminContextProvider::class))