Allowed Constraint to be used on the requirements option on QueryParams and RequestParams

Author: ClementGautier

Controller/Annotations/Param.php

@@ -23,8 +23,8 @@ abstract class Param
     public $name;
     /** @var string */
     public $key = null;
-    /** @var string */
-    public $requirements = '';
+    /** @var mixed */
+    public $requirements = null;
     /** @var mixed */
     public $default = null;
     /** @var string */

Request/ParamFetcher.php

@@ -17,6 +17,8 @@
 use Doctrine\Common\Util\ClassUtils;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\Validator\Constraints\Regex;
+use Symfony\Component\Validator\ValidatorInterface;
 
 /**
  * Helper to validate parameters of the active request.
@@ -48,16 +50,23 @@ class ParamFetcher implements ParamFetcherInterface
      */
     private $controller;
 
+    /**
+     * @var ValidatorInterface
+     */
+    private $validator;
+
     /**
      * Initializes fetcher.
      *
-     * @param ParamReader $paramReader Query param reader
-     * @param Request     $request     Active request
+     * @param ParamReader        $paramReader Query param reader
+     * @param Request            $request     Active request
+     * @param ValidatorInterface $validator   The validator service
      */
-    public function __construct(ParamReader $paramReader, Request $request)
+    public function __construct(ParamReader $paramReader, Request $request, ValidatorInterface $validator)
     {
         $this->paramReader = $paramReader;
-        $this->request = $request;
+        $this->request     = $request;
+        $this->validator   = $validator;
     }
 
     /**
@@ -103,17 +112,9 @@ public function get($name, $strict = null)
         }
 
         if ($config->array) {
-            $failMessage = null;
-
             if (!is_array($param)) {
-                $failMessage = sprintf("Query parameter value of '%s' is not an array", $name);
-            } elseif (count($param) !== count($param, COUNT_RECURSIVE)) {
-                $failMessage = sprintf("Query parameter value of '%s' must not have a depth of more than one", $name);
-            }
-
-            if (null !== $failMessage) {
                 if ($strict) {
-                    throw new BadRequestHttpException($failMessage);
+                    throw new BadRequestHttpException(sprintf("Query parameter value of '%s' is not an array", $name));
                 }
 
                 return $default;
@@ -159,16 +160,39 @@ public function cleanParamWithRequirements(Param $config, $param, $strict)
     {
         $default = $config->default;
 
-        if ('' !== $config->requirements
-            && ($param !== $default || null === $default)
-            && !preg_match('#^'.$config->requirements.'$#xsu', $param)
-        ) {
-            if ($strict) {
-                $paramType = $config instanceof QueryParam ? 'Query' : 'Request';
+        if (null === $config->requirements || ($param === $default && null !== $default)) {
+
+            return $param;
+        }
+
+        $constraint = $config->requirements;
 
-                throw new BadRequestHttpException(
-                    $paramType . " parameter value '$param', does not match requirements '{$config->requirements}'"
-                );
+        if (is_scalar($constraint)) {
+            if (is_array($param)) {
+                if ($strict) {
+                    throw new BadRequestHttpException("Query parameter is an array");
+                }
+
+                return $default;
+            }
+
+            $constraint = new Regex(array(
+                'pattern' => '#^'.preg_quote($config->requirements).'$#xsu',
+                'message' => sprintf(
+                    "%s parameter value '%s', does not match requirements '%s'",
+                    $config instanceof QueryParam ? 'Query' : 'Request',
+                    $param,
+                    $config->requirements
+                )
+            ));
+        }
+
+        $errors = $this->validator->validateValue($param, $constraint);
+
+        if (0 !== count($errors)) {
+
+            if ($strict) {
+                throw new BadRequestHttpException((string) $errors);
             }
 
             return null === $default ? '' : $default;

Resources/config/request.xml

@@ -16,6 +16,7 @@
         <service id="fos_rest.request.param_fetcher" class="%fos_rest.request.param_fetcher.class%" scope="request">
             <argument type="service" id="fos_rest.request.param_fetcher.reader"/>
             <argument type="service" id="request"/>
+            <argument type="service" id="validator"/>
         </service>
 
         <service id="fos_rest.request.param_fetcher.reader" class="%fos_rest.request.param_fetcher.reader.class%">

Resources/doc/3-listener-support.md

@@ -421,6 +421,7 @@ fos_rest:
 use FOS\RestBundle\Request\ParamFetcher;
 use FOS\RestBundle\Controller\Annotations\RequestParam;
 use FOS\RestBundle\Controller\Annotations\QueryParam;
+use Acme\FooBundle\Validation\Constraints\MyComplexConstraint
 
 class FooController extends Controller
 {
@@ -461,7 +462,13 @@ class FooController extends Controller
      * If ids is not defined, array(1) will be given
      *
      * Array must have a single depth or it will return default value. It's difficult to validate with
-     * preg_match each deeps of array, if you want to deal with that, use another validation system.
+     * preg_match each deeps of array, if you want to deal with that, you can use a constraint:
+     *
+     * @QueryParam(array=true, name="filters", requirements=@MyComplexConstraint, description="List of complex filters")
+     *
+     * In this example, the ParamFetcher will validate each value of the array with the constraint, returning the
+     * default value if you are in safe mode or throw a BadRequestHttpResponse containing the constraint violation
+     * messages in the message.
      *
      * @param ParamFetcher $paramFetcher
      */