Comments (10)
thanks for the detailed report, there's nothing that said that resolvers should happen before validation but I think it's a valid behavior, I added a new test for that.
from core.
The fix for this has been reverted, thus the bug has appeared again
from core.
Back to this, we need to find a solution, I think it's confusing that we validate the data that gets resolved as validation should occur on the user input.
What I think would work is to disable validation (validate: false
) and do the validation inside the resolver, would that work?
from core.
What I've found in the meantime (maybe this is obvious to me, but it wasn't for me): setting event_listeners_backward_compatibility_layer: true
helps to overcome this problem. But this is not a longtime solution, as this compatibility layer is removed within the next versions....
Still, validating the entity before it is completely populated looks strange to me. By simply thinking about the semantics of that, I can't see how this is right? I know that @codedge reported this as a new problem in #6370, but I would like to know more about their use case
from core.
Isn't the resolver supposedly have the same behavior as a provider? Anyways, I'm considering adding an option to validate after the resolver is being called, this would work for both cases.
from core.
Isn't the resolver supposedly have the same behavior as a provider?
I'm sorry, but I don't get the question. This feature has worked for some versions, and I thought I was on the save side when implementing it just as described at https://api-platform.com/docs/core/graphql/#custom-mutations, so I'm a bit confused about why this has changed when updating from 3.2 to 3.3
from core.
What I've found in the meantime (maybe this is obvious to me, but it wasn't for me): setting
event_listeners_backward_compatibility_layer: true
helps to overcome this problem. But this is not a longtime solution, as this compatibility layer is removed within the next versions....Still, validating the entity before it is completely populated looks strange to me. By simply thinking about the semantics of that, I can't see how this is right? I know that @codedge reported this as a new problem in #6370, but I would like to know more about their use case
We do not validate the entity before, but the input data.
Example:
We expect the input of an amount passed to a mutation. The amount should be between two number, in a certain range. Why should we hit the custom logic in our custom resolver, if already the input is wrong? With using a custom DTO for the input, that has validation rules attached to the amount field, we make sure to get a correct input for further processing.
Even with 3.3.5 and these settings (no entry for event_listeners_backward_compatibility_layer
)
api_platform:
keep_legacy_inflector: false
use_symfony_listeners: true
the validation does not run before reaching the resolver. We currently pin api-platform/core
to 3.3.2
, which works for us.
from core.
Same issue here, MutationResolverInterface called after validation. We used MutationResolvers for the same reason @NicoHaase uses, to populate fields before validation, like user or default status which is relation, we have cases that we need to check data and populate a fields before validation. In RestApi I did all this with PRE_VALIDATE event subscribers, in graphql there is no events, before I used WriteStage to implement PRE_VALIDATE but since api_platform.graphql.resolver.stage.write service has been moved to legacy, also that is not possible anymore.
Implementing PRE_VALIDATE and POST_VALIDATE, would be a better solution for this and keep resolvers after validation.
from core.
Can you check my PR? It adds an validateAfterResolver: true
from core.
Yes, this part is working properly. Thanks for your help! I'll post an additional report, as I'm still facing a problem with security
from core.
Related Issues (20)
- Unable to generate an IRI for the item of type App\ApiResource\*** with an UriTemplate HOT 1
- Support for JsonProblem (RFC 7807) Extension Member HOT 2
- Remove hydra prefix
- Filters incompatible with PHP 8.2.20 and 8.3.8 HOT 22
- Implement getType for ODM DoctrineExtractor HOT 1
- Mixing REST and GraphQL operation names HOT 3
- Access checks for a DTO created through a resolver should happen after it was created HOT 2
- Doctrine ODM Documents return inconsistent data for GET Collection and Item Operations in Symfony production environment HOT 1
- Calling GraphQL DeleteMutation ignores serialization groups and causes error HOT 2
- securityPostValidation argument on ApiResource and operations attributes is ignored when having use_symfony_listeners: true HOT 2
- Upgrade from 3.3.6 to 3.3.7 leads to 405 for OPTIONS request on / HOT 4
- Varnish invalidation on subresource HOT 1
- `DateFilter` does not work sometimes until the cache is cleared.
- JsonSchema validation fail for non-readable link with `assertMatchesResourceItemJsonSchema`
- v3.3.8: Embedded subresources no longer denormalizing HOT 19
- Error during PUT operation when using DTO and stateOptions HOT 1
- Metadata/ApiProperty.php default property has incorrect PHP annotation type HOT 1
- Invalid IRIs in output DTOs HOT 6
- 3.3.10 [BC break?]: Entities with embedded non-resource subentities fail schema checks after #6366 HOT 3
- 'uri_variables' missing from context during denormalization
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from core.