问题描述
我试图阻止删除具有某些特定内容的实体。 所以我添加了一个验证规则,它与使用表单验证的常规控制器完美配合。
//entity
/**
* @Assert\IsTrue(message="Delete not allowed",groups="delete")
*
* @return bool
*/
public function isDeleteallowed(): bool
{
//some logic here...
return false;
}
现在我想为 api-platform 部分重用相同的逻辑。 我已经为我的实体的删除操作设置了一个验证组
//entity
/**
* @ApiResource(
* itemOperations={
* "delete"={
* "validation_groups"={"delete"}
* }
* })
*/
然而,api-platform DELETE 操作正在跳过验证。 我该如何强制执行?
为了您的信息,我找到了它在 api-platform 源代码中不起作用的原因,他们故意忽略了对 DELETE 操作的验证。所以我开了个票看看能不能修Validation on DELETE action
解决方法
这是我们用来解决 ApiPlatform 中这种硬编码行为的解决方案,方法是在事件订阅者中反转它:
<?php
//src\EventSubscriber\DeleteValidationSubscriber.php
namespace App\EventSubscriber;
use ApiPlatform\Core\Exception\ResourceClassNotFoundException;
use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
use ApiPlatform\Core\Util\RequestAttributesExtractor;
use ApiPlatform\Core\Validator\ValidatorInterface;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\ViewEvent;
use Symfony\Component\HttpKernel\KernelEvents;
class DeleteValidationSubscriber implements EventSubscriberInterface
{
private $validator;
private $resourceMetadataFactory;
/**
* @param ValidatorInterface $validator
* @param ResourceMetadataFactoryInterface $resourceMetadataFactory
*/
public function __construct(ValidatorInterface $validator,ResourceMetadataFactoryInterface $resourceMetadataFactory)
{
$this->validator = $validator;
$this->resourceMetadataFactory = $resourceMetadataFactory;
}
/**
* Validates data returned by the controller for DELETE action because api-platform is ignoring it
*
* @param ViewEvent $event
* @throws ResourceClassNotFoundException
*/
public function onKernelView(ViewEvent $event)
{
$controllerResult = $event->getControllerResult();
$request = $event->getRequest();
if (
$controllerResult instanceof Response
|| !$request->isMethod('DELETE')
|| $request->isMethodSafe()
|| !($attributes = RequestAttributesExtractor::extractAttributes($request))
|| !$attributes['receive']
) {
return;
}
$resourceMetadata = $this->resourceMetadataFactory->create($attributes['resource_class']);
$validationGroups = $resourceMetadata->getOperationAttribute($attributes,'validation_groups',null,true);
if (!is_null($validationGroups)) {
$this->validator->validate($controllerResult,['groups' => $validationGroups]);
}
}
/**
* @return array|string[]
*/
public static function getSubscribedEvents()
{
return [
KernelEvents::VIEW => ['onKernelView',64],];
}
}
有了它,只要在“删除”项操作中明确定义了“validation_groups”,无需其他额外代码,验证就会按预期工作。