New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation for GraphQL mutations #1604
Conversation
src/Validator/ValidatorInterface.php
Outdated
* Validates an item. | ||
* | ||
* @param object $data | ||
* @param array $contexy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$context
* Validates an item. | ||
* | ||
* @param object $data | ||
* @param array $context |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing @throws
?
private function validate($item, ResolveInfo $info, ResourceMetadata $resourceMetadata, string $operationName = null) | ||
{ | ||
if (null === $this->validator) { | ||
return; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We don't want to warn the user if there is no validator?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No (we would just make this property not nullable otherwise), it allows to create micro-frameworks on top of API Platform and it mimics the behavior of the ValidateListener
(which is optional).
/** | ||
* @expectedException \ApiPlatform\Core\Bridge\Symfony\Validator\Exception\ValidationException | ||
*/ | ||
public function testInvalid() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use a common method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We wouldn't be able to share much code.
return; | ||
} | ||
|
||
$data = $event->getControllerResult(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dunglas consider validating controller argument data
instead of controller result. We cann't put some logic inside controller now because request data is not validated yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure to understand, the validation occurs after the execution of the controller.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you need to validate the data before executing your logic, just inject ValidatorInterface
in your controller and call it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's related to this: #1590
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, @alanpoulain is right. IMHO validating input data before controller execution is much logical.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changing this would be a big BC break and will provide less flexibility. IMO the data must be valid before being persisted, but after the custom logic has been executed.
👏 |
* Add validation for GraphQL mutations
Validate data during GraphQL mutations. Also includes a refactoring of the validation system.
TODO: