throw an exception if required filter is not set

Author: jdeniau

features/filter/filter_validation.feature

@@ -0,0 +1,15 @@
+Feature: Validate filters based upon filter description
+
+  @createSchema
+  Scenario: Required filter should not throw an error if set
+    When I am on "/filter_validators?foo=bar"
+    Then the response status code should be 200
+
+    When I am on "/filter_validators?foo="
+    Then the response status code should be 200
+
+  @dropSchema
+  Scenario: Required filter should throw an error if not set
+    When I am on "/filter_validators"
+    Then the response status code should be 400
+    And the JSON node "detail" should be equal to "query parameter `foo` is required"

src/Bridge/Symfony/Bundle/Resources/config/validator.xml

@@ -22,6 +22,14 @@
 
             <tag name="kernel.event_listener" event="kernel.view" method="onKernelView" priority="64" />
         </service>
+
+        <service id="ApiPlatform\Core\Filter\QueryParameterValidateListener">
+            <argument type="service" id="api_platform.metadata.resource.metadata_factory" />
+            <argument type="service" id="validator" />
+            <argument type="service" id="api_platform.filter_locator" />
+
+            <tag name="kernel.event_listener" event="kernel.request" method="onKernelRequest" priority="16" />
+        </service>
     </services>
 
 </container>

src/Filter/QueryParameterValidateListener.php

@@ -0,0 +1,77 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Core\Filter;
+
+use ApiPlatform\Core\Api\FilterLocatorTrait;
+use ApiPlatform\Core\Bridge\Symfony\Validator\Exception\ValidationException;
+use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
+use ApiPlatform\Core\Util\RequestAttributesExtractor;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\Validator\Constraints as Assert;
+use Symfony\Component\Validator\Validator\ValidatorInterface as SymfonyValidatorInterface;
+
+/**
+ * Validate query parameters depending on filter description.
+ *
+ * @author Julien Deniau <[email protected]>
+ */
+class QueryParameterValidateListener
+{
+    use FilterLocatorTrait;
+
+    private $resourceMetadataFactory;
+
+    private $validator;
+
+    public function __construct(ResourceMetadataFactoryInterface $resourceMetadataFactory, SymfonyValidatorInterface $validator, $filterLocator)
+    {
+        $this->resourceMetadataFactory = $resourceMetadataFactory;
+        $this->validator = $validator;
+        $this->setFilterLocator($filterLocator);
+    }
+
+    public function onKernelRequest(GetResponseEvent $event)
+    {
+        $request = $event->getRequest();
+        if (
+            !$request->isMethodSafe(false)
+            || !($attributes = RequestAttributesExtractor::extractAttributes($request))
+            || !isset($attributes['collection_operation_name'])
+            || 'get' !== ($operationName = $attributes['collection_operation_name'])
+        ) {
+            return;
+        }
+
+        $resourceMetadata = $this->resourceMetadataFactory->create($attributes['resource_class']);
+        $resourceFilters = $resourceMetadata->getCollectionOperationAttribute($operationName, 'filters', [], true);
+
+        foreach ($resourceFilters as $filterId) {
+            if (!$filter = $this->getFilter($filterId)) {
+                continue;
+            }
+
+            foreach ($filter->getDescription($attributes['resource_class']) as $name => $data) {
+                if ($data['required'] ?? false) {
+                    $requiredConstraint = new Assert\NotNull();
+                    $requiredConstraint->message = sprintf('query parameter `%s` is required', $name);
+                    $errorList = $this->validator->validate($request->query->get($name), $requiredConstraint);
+
+                    if (count($errorList) > 0) {
+                        throw new ValidationException($errorList);
+                    }
+                }
+            }
+        }
+    }
+}

tests/Bridge/Symfony/Bundle/DependencyInjection/ApiPlatformExtensionTest.php

@@ -516,6 +516,7 @@ private function getPartialContainerBuilderProphecy($test = false)
             'api_platform.listener.view.respond',
             'api_platform.listener.view.serialize',
             'api_platform.listener.view.validate',
+            'ApiPlatform\Core\Filter\QueryParameterValidateListener',
             'api_platform.listener.view.write',
             'api_platform.metadata.extractor.xml',
             'api_platform.metadata.property.metadata_factory.cached',

tests/Fixtures/TestBundle/Entity/FilterValidator.php

@@ -0,0 +1,73 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Core\Tests\Fixtures\TestBundle\Entity;
+
+use ApiPlatform\Core\Annotation\ApiProperty;
+use ApiPlatform\Core\Annotation\ApiResource;
+use ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter\NotRequiredBarFilter;
+use ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter\RequiredFooFilter;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * Filter Validator entity.
+ *
+ * @author Julien Deniau <[email protected]>
+ *
+ * @ApiResource(attributes={
+ *     "filters"={
+ *         NotRequiredBarFilter::class,
+ *         RequiredFooFilter::class
+ *     }
+ * })
+ * @ORM\Entity
+ */
+class FilterValidator
+{
+    /**
+     * @var int The id
+     *
+     * @ORM\Column(type="integer")
+     * @ORM\Id
+     * @ORM\GeneratedValue(strategy="AUTO")
+     */
+    private $id;
+
+    /**
+     * @var string A name
+     *
+     * @ORM\Column
+     * @ApiProperty(iri="http://schema.org/name")
+     */
+    private $name;
+
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    public function setId($id)
+    {
+        $this->id = $id;
+    }
+
+    public function setName($name)
+    {
+        $this->name = $name;
+    }
+
+    public function getName()
+    {
+        return $this->name;
+    }
+}

tests/Fixtures/TestBundle/Filter/NotRequiredBarFilter.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter;
+
+use ApiPlatform\Core\Bridge\Doctrine\Orm\Filter\AbstractFilter;
+use ApiPlatform\Core\Bridge\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use Doctrine\ORM\QueryBuilder;
+
+class NotRequiredBarFilter extends AbstractFilter
+{
+    protected function filterProperty(string $property, $value, QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, string $operationName = null)
+    {
+    }
+
+    // This function is only used to hook in documentation generators (supported by Swagger and Hydra)
+    public function getDescription(string $resourceClass): array
+    {
+        return [
+            'bar' => [
+                'property' => 'bar',
+                'type' => 'string',
+                'required' => false,
+            ],
+        ];
+    }
+}

tests/Fixtures/TestBundle/Filter/RequiredFooFilter.php

@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter;
+
+use ApiPlatform\Core\Bridge\Doctrine\Orm\Filter\AbstractFilter;
+use ApiPlatform\Core\Bridge\Doctrine\Orm\Util\QueryNameGeneratorInterface;
+use Doctrine\ORM\QueryBuilder;
+
+class RequiredFooFilter extends AbstractFilter
+{
+    protected function filterProperty(string $property, $value, QueryBuilder $queryBuilder, QueryNameGeneratorInterface $queryNameGenerator, string $resourceClass, string $operationName = null)
+    {
+    }
+
+    // This function is only used to hook in documentation generators (supported by Swagger and Hydra)
+    public function getDescription(string $resourceClass): array
+    {
+        return [
+            'foo' => [
+                'property' => 'foo',
+                'type' => 'string',
+                'required' => true,
+            ],
+        ];
+    }
+}

tests/Fixtures/app/config/config_test.yml

@@ -164,6 +164,14 @@ services:
         parent:    'api_platform.serializer.property_filter'
         tags:      [ { name: 'api_platform.filter', id: 'my_dummy.property' } ]
 
+    ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter\RequiredFooFilter:
+        arguments: [ '@doctrine' ]
+        tags: [ 'api_platform.filter' ]
+
+    ApiPlatform\Core\Tests\Fixtures\TestBundle\Filter\NotRequiredBarFilter:
+        arguments: [ '@doctrine' ]
+        tags: [ 'api_platform.filter' ]
+
     app.config_dummy_resource.action:
         class: 'ApiPlatform\Core\Tests\Fixtures\TestBundle\Action\ConfigCustom'
         arguments: ['@api_platform.item_data_provider']