Fix tests and update doc

zf-fr · Feb 20, 2014 · 5b73923 · 5b73923
1 parent aeccace
commit 5b73923
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 13 deletions.
diff --git a/docs/04. Controllers.md b/docs/04. Controllers.md
@@ -84,24 +84,28 @@ it automatically validates the data and create a new object using a hydrator, so
 receive a ready-to-consume object.
 
 However, you may want to keep control on those steps, and doing the validation and hydration yourself. To that extent,
-you can modify the ZfrRest configuration, as shown below:
+you can override two properties in controllers, namely `autoValidate` and `autoHydrate`. For instance:
 
 ```php
-return [
-    'zfr_rest' => [
-        'controller_behaviours' => [
-            'auto_validate' => false,
-            'auto_hydrate'  => false
-        ],
-    ]
-];
+use ZfrRest\Mvc\Controller\AbstractRestfulController;
+
+class PasswordResetController extends AbstractRestfulController
+{
+    protected $autoHydrate = false;
+}
 ```
 
-With this config, ZfrRest will NOT validate nor hydrate any data. As a consequence, you will not receive object
-anymore in your controller, but instead plain data as array, and it's up to you to do the work.
+With this config, ZfrRest will still validate data using the input filter from the config, however it won't
+hydrate data. As a consequence, instead of receiving an object in your action, you will receive an array. This
+is very handy when data coming from POST request needs heavy customization and cannot be mapped directly to an
+entity!
+
+You can configure those settings per controller, which make things extremely flexible!
 
-> NOTE: if you set `auto_validate` as false and `auto_hydrate` as true, ZfrRest will create object but not validate
-the data. It may be a security issue, and it's your responsability to properly handle this!
+> NOTE: By default, both `$autoValidate` and `$autoHydrate` are set to true. While there are a lot of use cases
+where setting `autoHydrate` to false makes sense, it is not recommended to set `autoValidate` to false, because
+you will receive potentially malicious data. It's therefore up to you to manually validate and filter your data
+if you turn off this option!
 
 ### Navigation
 

diff --git a/tests/ZfrRestTest/Mvc/Controller/AbstractRestfulControllerTest.php b/tests/ZfrRestTest/Mvc/Controller/AbstractRestfulControllerTest.php
@@ -40,6 +40,14 @@ public function testThrowExceptionIfNotHttpRequest()
         $controller->dispatch($this->getMock('Zend\Stdlib\RequestInterface'));
     }
 
+    public function testAssertAutoHydrateAndAutoValidateAreTrueByDefault()
+    {
+        $controller = new AbstractRestfulController();
+
+        $this->assertTrue($controller->getAutoValidate());
+        $this->assertTrue($controller->getAutoHydrate());
+    }
+
     public function testThrowNotFoundExceptionIfNoResourceIsMatched()
     {
         $this->setExpectedException('ZfrRest\Http\Exception\Client\NotFoundException');