vendor/api-platform/core/src/Filter/QueryParameterValidateListener.php line 41

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the API Platform project.
  5.  *
  6.  * (c) Kévin Dunglas <dunglas@gmail.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. declare(strict_types=1);
  14. namespace ApiPlatform\Core\Filter;
  16. use ApiPlatform\Core\Api\FilterLocatorTrait;
  17. use ApiPlatform\Core\Exception\FilterValidationException;
  18. use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
  19. use ApiPlatform\Core\Util\RequestAttributesExtractor;
  20. use Psr\Container\ContainerInterface;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Symfony\Component\HttpKernel\Event\GetResponseEvent;
  24. /**
  25.  * Validates query parameters depending on filter description.
  26.  *
  27.  * @author Julien Deniau <julien.deniau@gmail.com>
  28.  */
  29. final class QueryParameterValidateListener
  30. {
  31.     use FilterLocatorTrait;
  33.     private $resourceMetadataFactory;
  35.     public function __construct(ResourceMetadataFactoryInterface $resourceMetadataFactoryContainerInterface $filterLocator)
  36.     {
  37.         $this->resourceMetadataFactory $resourceMetadataFactory;
  38.         $this->setFilterLocator($filterLocator);
  39.     }
  41.     public function onKernelRequest(GetResponseEvent $event): void
  42.     {
  43.         $request $event->getRequest();
  44.         if (
  45.             !$request->isMethodSafe(false)
  46.             || !($attributes RequestAttributesExtractor::extractAttributes($request))
  47.             || !isset($attributes['collection_operation_name'])
  48.             || 'get' !== ($operationName $attributes['collection_operation_name'])
  49.         ) {
  50.             return;
  51.         }
  53.         $resourceMetadata $this->resourceMetadataFactory->create($attributes['resource_class']);
  54.         $resourceFilters $resourceMetadata->getCollectionOperationAttribute($operationName'filters', [], true);
  56.         $errorList = [];
  57.         foreach ($resourceFilters as $filterId) {
  58.             if (!$filter $this->getFilter($filterId)) {
  59.                 continue;
  60.             }
  62.             foreach ($filter->getDescription($attributes['resource_class']) as $name => $data) {
  63.                 if (!($data['required'] ?? false)) { // property is not required
  64.                     continue;
  65.                 }
  67.                 if (!$this->isRequiredFilterValid($name$request)) {
  68.                     $errorList[] = sprintf('Query parameter "%s" is required'$name);
  69.                 }
  70.             }
  71.         }
  73.         if ($errorList) {
  74.             throw new FilterValidationException($errorList);
  75.         }
  76.     }
  78.     /**
  79.      * Test if required filter is valid. It validates array notation too like "required[bar]".
  80.      */
  81.     private function isRequiredFilterValid(string $nameRequest $request): bool
  82.     {
  83.         $matches = [];
  84.         parse_str($name$matches);
  85.         if (!$matches) {
  86.             return false;
  87.         }
  89.         $rootName = (string) (array_keys($matches)[0] ?? null);
  90.         if (!$rootName) {
  91.             return false;
  92.         }
  94.         if (\is_array($matches[$rootName])) {
  95.             $keyName array_keys($matches[$rootName])[0];
  97.             $queryParameter $request->query->get($rootName);
  99.             return \is_array($queryParameter) && isset($queryParameter[$keyName]);
  100.         }
  102.         return null !== $request->query->get($rootName);
  103.     }
  104. }