Enhance docs for validation and errors

dunglas · GregoireHebert · commit c8cafbbb9d05 · 2018-02-24T13:59:31.000+01:00
diff --git a/core/errors.md b/core/errors.md
@@ -1,25 +1,21 @@
 # Error Handling
 
-API Platform Core allows to customize the HTTP status code sent to the clients when exceptions are thrown.
+API Platform comes with a powerful error system. It handles excepted (such as faulty JSON documents sent by the
+client or validation errors) as well as unexpected errors (PHP exceptions and errors).
+API Platform automatically send the appropriate HTTP status code to the client: `400` for expected errors, `500` for
+unexpected ones. It also provides a description of the respecting [the Hydra specification](http://www.hydra-cg.com/spec/latest/core/#description-of-http-status-codes-and-errors)
+or the [RFC 7807](https://tools.ietf.org/html/rfc7807) depending of the format selected during the [content negotiation](content-negotiation.md).
 
-```yaml
-# app/config/config.yml
-
- api_platform:
-# Map exceptions to HTTP status codes using the `exception_to_status` configuration key
-    exception_to_status:
-        # The 2 following exceptions are handled by default
-        Symfony\Component\Serializer\Exception\ExceptionInterface: 400 # Use a raw status code (recommended)
-        ApiPlatform\Core\Exception\InvalidArgumentException: 'HTTP_BAD_REQUEST' # Or with a constant of `Symfony\Component\HttpFoundation\Response`
+## Converting PHP Exceptions to HTTP Errors
 
-        AppBundle\Exception\ProductNotFoundException: 404 # Custom exceptions can easily be handled
-```
+The framework also allows to configure the HTTP status code sent to the clients when custom exceptions are thrown.
 
-As in any php application, your exceptions have to extends the \Exception class or any of it's children.
+In the following example, we will throw explain to throw a domain exception from the business layer of the application and
+configure API Platform to convert it to a `404 Not Found` error. Let's create a this domain exception and the service throwing
+it:
 
 ```php
 <?php
-
 // src/AppBundle/Exception/ProductNotFoundException.php
 
 namespace AppBundle\Exception;
@@ -31,7 +27,6 @@ final class ProductNotFoundException extends \Exception
 
 ```php
 <?php
-
 // src/AppBundle/EventSubscriber/CartManager.php
 
 namespace AppBundle\EventSubscriber;
@@ -46,158 +41,57 @@ use Symfony\Component\HttpKernel\KernelEvents;
 
 final class ProductManager implements EventSubscriberInterface
 {
-    private const DOESNOTEXISTS = 51;
-    private const DEACTIVATED = 52;
-    private const OUTOFSTOCK = 53;
-
-    public static function getSubscribedEvents()
+    public static function getSubscribedEvents(): array
     {
         return [
-            KernelEvents::REQUEST => [['checkProductAvailability', EventPriorities::POST_DESERIALIZE]],
+            KernelEvents::REQUEST => ['checkProductAvailability', EventPriorities::POST_DESERIALIZE],
         ];
     }
 
-    public function checkProductAvailability(GetResponseForControllerResultEvent $event)
+    public function checkProductAvailability(GetResponseForControllerResultEvent $event): void
     {
         $product = $event->getControllerResult();
-        $method = $event->getRequest()->getMethod();
-
-        if (!$product instanceof Product || Request::METHOD_GET !== $method) {
+        if (!$product instanceof Product || !$event->getRequest()->isMethodSafe(false)) {
             return;
         }
 
-        if (!$product->getVirtualStock()) {
+        if (!$product->isPubliclyAvailable()) {
             // Using internal codes for a better understanding of what's going on
-            throw new ProductNotFoundException(self::OUTOFSTOCK);
+            throw new ProductNotFoundException(sprintf('The product "%s" does not exist.', $product->getId()));
         }
     }
 }
 ```
 
-The exception doesn't have to be a Symfony's `HttpException`. Any type of `Exception` can be thrown. The best part is that API Platform already takes care of how the error is handled and returned. For instance, if the API is configured to respond in JSON-LD, the error will be returned in this format as well.
-
-```json
-{
-  "@context": "/contexts/Error",
-  "@type": "Error",
-  "hydra:title": "An error occurred",
-  "hydra:description": "53"
-}
-```
-
-Is what you get, with an HTTP status code 404 as defined in the configuration.
-
-## Validation errors
-
-API Platform does handle the validation errors responses for you. You can define a Symfony supported constraint, or a custom constraint upon any `ApiResource` or it's properties.
-
-```php
-<?php
-
-// src/AppBundle/Entity/Product.php
-
-namespace AppBundle\Entity;
-
-use ApiPlatform\Core\Annotation\ApiResource;
-use Doctrine\ORM\Mapping as ORM;
-use Symfony\Component\Validator\Constraints as Assert;
-use AppBundle\Validator\Constraints as AppAssert;
-
-/**
- *
- * @ApiResource
- * @ORM\Entity
- */
-class Product
-{
-    /**
-     * @var int The id of this product.
-     *
-     * @ORM\Id
-     * @ORM\GeneratedValue
-     * @ORM\Column(type="integer")
-     */
-    private $id;
-
-    /**
-     * @var string The name of the product
-     *
-     * @ORM\Column
-     * @Assert\NotBlank
-     */
-    private name;
-
-    /**
-     * @var ProductProperty[] Describe the product
-     *
-     * @ORM\Column(type="array")
-     * @AppAssert\MinimalProperties
-     */
-    private $properties;
-}
-```
-
-```php
-<?php
-
-// src/AppBundle/Validator/Constraints/MinimalProperties.php
-
-namespace AppBundle\Validator\Constraints;
+If you use the standard distribution of API Platform, the event listener will be automatically registered. If you use a
+custom installation, [learn how to register listeners](events.md).
 
-use Symfony\Component\Validator\Constraint;
+Then, configure the framework to catch `AppBundle\Exception\ProductNotFoundException` exceptions and convert them in `404`
+errors:
 
-/**
- * @Annotation
- */
-class MinimalProperties extends Constraint
-{
-    public $message = 'The product must have the minimal properties required (description, price)';
+```yaml
+# app/config/config.yml
+api_platform:
+    # ...
+    exception_to_status:
+        # The 2 following handlers are registered by default, keep those lines to prevent unexpected side effects
+        Symfony\Component\Serializer\Exception\ExceptionInterface: 400 # Use a raw status code (recommended)
+        ApiPlatform\Core\Exception\InvalidArgumentException: 'HTTP_BAD_REQUEST' # Or a `Symfony\Component\HttpFoundation\Response`'s constant
 
-    public function validatedBy()
-    {
-        return get_class($this).'Validator';
-    }
-}
+        AppBundle\Exception\ProductNotFoundException: 404 # Here is the handler for our custom exception
 ```
 
-```php
-<?php
-
-// src/AppBundle/Validator/Constraints/MinimalPropertiesValidator.php
+Any type of `Exception` can be thrown, API Platform will convert it to a Symfony's `HttpException`. The framework also takes
+care to serialize the error description according to the request format. For instance, if the API should respond in JSON-LD,
+the error will be returned in this format as well:
 
-namespace AppBundle\Validator\Constraints;
-
-use Symfony\Component\Validator\Constraint;
-use Symfony\Component\Validator\ConstraintValidator;
-
-/**
- * @Annotation
- */
-final class MinimalPropertiesValidator extends ConstraintValidator
-{
-    public function validate($value, Constraint $constraint)
-    {
-        if (!in_array('description', $value) || !in_array('price', $value)) {
-            $this->context->buildViolation($constraint->message)
-                ->addViolation();
-        }
-    }
-}
-```
-
-API Platform will handle the error returned and adapt it's format according to the API configuration. If you did configured it to respond in JSON-LD. Your response would looks like:
+`GET /products/1234`
 
 ```json
 {
-  "@context": "/contexts/ConstraintViolationList",
-  "@type": "ConstraintViolationList",
+  "@context": "/contexts/Error",
+  "@type": "Error",
   "hydra:title": "An error occurred",
-  "hydra:description": "properties: The product must have the minimal properties required (description, price)",
-  "violations": [
-    {
-      "propertyPath": "properties",
-      "message": "The product must have the minimal properties required (description, price)"
-    }
-  ]
+  "hydra:description": "The product \"1234\" does not exist."
 }
 ```
diff --git a/core/validation.md b/core/validation.md
@@ -1,15 +1,134 @@
 # Validation
 
-API Platform Core uses the [Symfony Validator component](http://symfony.com/doc/current/book/validation.html) to validate
-entities.
+API Platform take care of validating data sent to the API by the client (usually user data entered through forms).
+By default, the framework relies on [the powerful Symfony Validator Component](http://symfony.com/doc/current/validation.html)
+for this task, but you can replace it by your preferred validation library such as [the PHP filter extension](http://php.net/manual/en/intro.filter.php)
+if you want to.
 
-Without specific configuration, it uses the default validation group, but this behavior is customizable.
+## Validating Submitted Data
+
+Validating submitted data is simple as adding [Symfony's builtin constraints](http://symfony.com/doc/current/reference/constraints.html)
+or [custom constraints](http://symfony.com/doc/current/validation/custom_constraint.html) directly in classes marked with
+the `@ApiResource` annotation:
+
+```php
+<?php
+// src/AppBundle/Entity/Product.php
+
+namespace AppBundle\Entity;
+
+use ApiPlatform\Core\Annotation\ApiResource;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Validator\Constraints as Assert; // Symfony's builtin constraints
+use AppBundle\Validator\Constraints\MinimalProperties; // A custom constraint
+
+/**
+ * A product.
+ *
+ * @ApiResource
+ * @ORM\Entity
+ */
+class Product
+{
+    /**
+     * @var int The id of this product.
+     *
+     * @ORM\Id
+     * @ORM\GeneratedValue
+     * @ORM\Column(type="integer")
+     */
+    private $id;
+
+    /**
+     * @var string The name of the product
+     *
+     * @Assert\NotBlank
+     * @ORM\Column
+     */
+    private name;
+
+    /**
+     * @var string[] Describe the product
+     *
+     * @MinimalProperties
+     * @ORM\Column(type="json")
+     */
+    private $properties;
+
+    // Getters and setters...
+}
+```
+
+Here is a custom constraint and the related validator:
+
+```php
+<?php
+// src/AppBundle/Validator/Constraints/MinimalProperties.php
+
+namespace AppBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * @Annotation
+ */
+class MinimalProperties extends Constraint
+{
+    public $message = 'The product must have the minimal properties required ("description", "price")';
+}
+```
+
+```php
+<?php
+// src/AppBundle/Validator/Constraints/MinimalPropertiesValidator.php
+
+namespace AppBundle\Validator\Constraints;
+
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+/**
+ * @Annotation
+ */
+final class MinimalPropertiesValidator extends ConstraintValidator
+{
+    public function validate($value, Constraint $constraint): void
+    {
+        if (!array_diff(['description', 'price'], $value)) {
+            $this->context->buildViolation($constraint->message)->addViolation();
+        }
+    }
+}
+```
+
+If the data submitted by the client is invalid, the HTTP status code will be set to `400 Bad Request` and the response's
+body will contain the list of violations serialized in a format compliant with the requested one. For instance, a validation
+error will look like the following if the requested format is JSON-LD (the default):
+
+```json
+{
+  "@context": "/contexts/ConstraintViolationList",
+  "@type": "ConstraintViolationList",
+  "hydra:title": "An error occurred",
+  "hydra:description": "properties: The product must have the minimal properties required (\"description\", \"price\")",
+  "violations": [
+    {
+      "propertyPath": "properties",
+      "message": "The product must have the minimal properties required (\"description\", \"price\")"
+    }
+  ]
+}
+```
+
+Take a look at the [Errors Handling guide](errors.md) to learn how API Platform converts PHP exceptions like validation
+errors to HTTP errors.
 
 ## Using Validation Groups
 
-Built-in actions are able to leverage Symfony's [validation groups](http://symfony.com/doc/current/book/validation.html#validation-groups).
+Without specific configuration, the default validation group is always used, but this behavior is customizable: the framework
+is able to leverage Symfony's [validation groups](http://symfony.com/doc/current/book/validation.html#validation-groups).
 
-You can customize them by editing the resource configuration and add the groups you want to use when the validation occurs:
+You can configure the groups you want to use when the validation occurs directly through the `ApiResource` annotation:
 
 ```php
 <?php
@@ -20,6 +139,7 @@ use Symfony\Component\Validator\Constraints as Assert;
 
 /**
  * @ApiResource(attributes={"validation_groups"={"a", "b"}})
+ * ...
  */
 class Book
 {
