Api-Platform:在 DELETE 操作上使用validation_groups

编程问答 2022-04-28

问题描述

我试图阻止删除具有某些特定内容的实体。 所以我添加一个验证规则,它与使用表单验证的常规控制器完美配合。

//entity
    /**
     * @Assert\IsTrue(message="Delete not allowed",groups="delete")
     *
     * @return bool
     */
    public function isDeleteallowed(): bool
    {
        //some logic here...
        return false;
    }

现在我想为 api-platform 部分重用相同的逻辑。 我已经为我的实体的删除操作设置了一个验证组

//entity
/**
 * @ApiResource(
 *     itemOperations={
 *         "delete"={
 *              "validation_groups"={"delete"}
 *          }
 *     })
 */

然而,api-platform DELETE 操作正在跳过验证。 我该如何强制执行?

为了您的信息,我找到了它在 api-platform 源代码中不起作用的原因,他们故意忽略了对 DELETE 操作的验证。所以我开了个票看看能不能修Validation on DELETE action

解决方法

这是我们用来解决 ApiPlatform 中这种硬编码行为的解决方案,方法是在事件订阅者中反转它:

<?php
//src\EventSubscriber\DeleteValidationSubscriber.php

namespace App\EventSubscriber;

use ApiPlatform\Core\Exception\ResourceClassNotFoundException;
use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
use ApiPlatform\Core\Util\RequestAttributesExtractor;
use ApiPlatform\Core\Validator\ValidatorInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\ViewEvent;
use Symfony\Component\HttpKernel\KernelEvents;

class DeleteValidationSubscriber implements EventSubscriberInterface
{
    private $validator;
    private $resourceMetadataFactory;

    /**
     * @param ValidatorInterface $validator
     * @param ResourceMetadataFactoryInterface $resourceMetadataFactory
     */
    public function __construct(ValidatorInterface $validator,ResourceMetadataFactoryInterface $resourceMetadataFactory)
    {
        $this->validator = $validator;
        $this->resourceMetadataFactory = $resourceMetadataFactory;
    }

    /**
     * Validates data returned by the controller for DELETE action because api-platform is ignoring it
     *
     * @param ViewEvent $event
     * @throws ResourceClassNotFoundException
     */
    public function onKernelView(ViewEvent $event)
    {
        $controllerResult = $event->getControllerResult();
        $request = $event->getRequest();

        if (
            $controllerResult instanceof Response
            || !$request->isMethod('DELETE')
            || $request->isMethodSafe()
            || !($attributes = RequestAttributesExtractor::extractAttributes($request))
            || !$attributes['receive']
        ) {
            return;
        }

        $resourceMetadata = $this->resourceMetadataFactory->create($attributes['resource_class']);

        $validationGroups = $resourceMetadata->getOperationAttribute($attributes,'validation_groups',null,true);
        if (!is_null($validationGroups)) {
            $this->validator->validate($controllerResult,['groups' => $validationGroups]);
        }
    }

    /**
     * @return array|string[]
     */
    public static function getSubscribedEvents()
    {
        return [
            KernelEvents::VIEW => ['onKernelView',64],];
    }
}

有了它,只要在“删除”项操作中明确定义了“validation_groups”,无需其他额外代码,验证就会按预期工作。

api-platform.comsymfonysymfony