Symfony 验证在使用自定义操作类时不适用于 Api 平台

Question

我正在使用 symfony 4 和 Api Platform 2.5 。我创建了一个自定义操作来更改用户密码。

问题是当我发送一个空的 oldPassword或任何其他必需的属性时，验证不起作用。如您所见，我使用了一个名为"change_password"的验证组。

这是实体用户的一部分：

/**
 * @ApiResource(
 *     itemOperations={
 *         "user_change_password"={
 *             "method"="PUT",
 *             "path"="/users/change-password/{id}",
 *             "controller"=UserChangePassword::class,
 *             "formats"={"json"},
 *             "denormalization_context"={"groups"={"user:change-password"}},
 *             "normalization_context"={"groups"={"user:read"}},
 *             "validation_groups"={"change_password"},
 *             "access_control"="is_granted('EDIT', object)",
 *             "access_control_message"="access denied"
 *         },
 *     },
 * )
 *
 */
class User implements UserInterface, \Serializable, EquatableInterface
{
    /**
     * @Assert\NotBlank(
     *     message=Tthis value should not be blank",
     *     groups={"change_password"}
     * )
     * @SecurityAssert\UserPassword(
     *     message = "Wrong value for your current password",
     *     groups={"change_password"}
     * )
     * @Groups({"user:change-password"})
     */
    private $oldPassword;

    /**
     * @Assert\NotBlank(
     *     message="This value should not be blank",
     *     groups={"registration", "change_password"}
     * )
     * @Assert\Length(
     *     min="6",
     *     max="32",
     *     minMessage="Password must be at least ({{ limit }}) characters.",
     *     maxMessage="Password must have a maximum of ({{ limit }}) characters.",
     *     groups={"registration", "change_password"}
     * )
     * @Groups({"user:write", "user:change-password"})
     */
    private $plainPassword;

    /**
     * @Assert\NotBlank(
     *     message="This value should not be blank",
     *     groups={"registration", "change_password"}
     * )
     * @Assert\Expression(
     *     "this.getPlainPassword() == this.getRetypedPlainPassword()",
     *     groups={"registration", "change_password"}
     * )
     * @Groups({"user:write", "user:change-password"})
     */
    private $retypedPlainPassword;

}

这是自定义操作类：

class UserChangePassword
{

    public function __invoke(User $data)
    {
        $errors = $this->validator->validate($data);
        if (count($errors) > 0) {
            throw new ValidationException($errors);
        }

        dd($errors) ;

        $oldPassword = $data->getOldPassword();
        if ($this->passwordEncoder->isPasswordValid($data, $oldPassword)) {
            // do changes
        }

        return $data;

    }
}

oldPassword 为空时 dd($erros) 的输出：

而没有DD（$误差修改）我得到这个错误：

Answer 1

第一的

对于 v2.5+ 替换access_control为security. 并替换access_control_message为security_message.

第二

如果您不使用自定义控制器，请尝试Default在validation_groups您中添加组：

"validation_groups"={"Default", "change_password"},

或者Default在约束中添加组：

//src/Entity/User.php

@Assert\NotBlank(groups={"Default", "change_password"})

并调用验证：

<?php
// src/Controller/Api/CustomClass.php

declare(strict_types=1);

namespace App\Controller\Api;

use ApiPlatform\Core\Validator\ValidatorInterface;
use App\Entity\User;

class CustomClass extends AbstractController
{
    /**
     * @var ValidatorInterface
     */
    private $validator;

    public function __construct(ValidatorInterface $validator) {
        $this->validator = $validator;
    }

    public function __invoke(User $data): User
    {
        $this->validator->validate($data);

        //other code ...
    }
}

你也可以检查这个网址

https://symfony.com/doc/current/validation/groups.html

所以解决方案可以是这样的，而无需添加“默认”：

    $errors = $this->validator->validate($data, null, ['change_password']);
    if (count($errors) > 0) {
        throw new ValidationException($errors);
    }