Skip to content

Docs for QueryParameterValidation enabling/disabling #1329

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 30, 2021
Merged

Docs for QueryParameterValidation enabling/disabling #1329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions core/configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ api_platform:
# If you want to serialize only some payload fields, define them like this: [ severity, anotherPayloadField ]
serialize_payload_fields: []

# To enable or disable query parameters validation on collection GET requests
query_parameter_validation: true

eager_loading:
# To enable or disable eager loading.
enabled: true
Expand Down
42 changes: 22 additions & 20 deletions core/events.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,29 +22,31 @@ are also available if you want to hook into the persistence layer's object lifec

These built-in event listeners are registered for routes managed by API Platform:

Name | Event | [Pre & Post hooks](#custom-event-listeners) | Priority | Description
------------------------------|--------------------|---------------------------------------------|----------|-------------
`AddFormatListener` | `kernel.request` | None | 28 | Guesses the best response format ([content negotiation](content-negotiation.md))
`ReadListener` | `kernel.request` | `PRE_READ`, `POST_READ` | 4 | Retrieves data from the persistence system using the [data providers](data-providers.md) (`GET`, `PUT`, `DELETE`)
`DeserializeListener` | `kernel.request` | `PRE_DESERIALIZE`, `POST_DESERIALIZE` | 2 | Deserializes data into a PHP entity (`GET`, `POST`, `DELETE`); updates the entity retrieved using the data provider (`PUT`)
`DenyAccessListener` | `kernel.request` | None | 1 | Enforces [access control](security.md) using Security expressions
`ValidateListener` | `kernel.view` | `PRE_VALIDATE`, `POST_VALIDATE` | 64 | [Validates data](validation.md) (`POST`, `PUT`)
`WriteListener` | `kernel.view` | `PRE_WRITE`, `POST_WRITE` | 32 | Persists changes in the persistence system using the [data persisters](data-persisters.md) (`POST`, `PUT`, `DELETE`)
`SerializeListener` | `kernel.view` | `PRE_SERIALIZE`, `POST_SERIALIZE` | 16 | Serializes the PHP entity in string [according to the request format](content-negotiation.md)
`RespondListener` | `kernel.view` | `PRE_RESPOND`, `POST_RESPOND` | 8 | Transforms serialized to a `Symfony\Component\HttpFoundation\Response` instance
`AddLinkHeaderListener` | `kernel.response` | None | 0 | Adds a `Link` HTTP header pointing to the Hydra documentation
`ValidationExceptionListener` | `kernel.exception` | None | 0 | Serializes validation exceptions in the Hydra format
`ExceptionListener` | `kernel.exception` | None | -96 | Serializes PHP exceptions in the Hydra format (including the stack trace in debug mode)
Name | Event | [Pre & Post hooks](#custom-event-listeners) | Priority | Description
---------------------------------|--------------------|---------------------------------------------|----------|-------------
`AddFormatListener` | `kernel.request` | None | 28 | Guesses the best response format ([content negotiation](content-negotiation.md))
`QueryParameterValidateListener` | `kernel.request` | None | 16 | Validates query parameters
`ReadListener` | `kernel.request` | `PRE_READ`, `POST_READ` | 4 | Retrieves data from the persistence system using the [data providers](data-providers.md) (`GET`, `PUT`, `DELETE`)
`DeserializeListener` | `kernel.request` | `PRE_DESERIALIZE`, `POST_DESERIALIZE` | 2 | Deserializes data into a PHP entity (`GET`, `POST`, `DELETE`); updates the entity retrieved using the data provider (`PUT`)
`DenyAccessListener` | `kernel.request` | None | 1 | Enforces [access control](security.md) using Security expressions
`ValidateListener` | `kernel.view` | `PRE_VALIDATE`, `POST_VALIDATE` | 64 | [Validates data](validation.md) (`POST`, `PUT`)
`WriteListener` | `kernel.view` | `PRE_WRITE`, `POST_WRITE` | 32 | Persists changes in the persistence system using the [data persisters](data-persisters.md) (`POST`, `PUT`, `DELETE`)
`SerializeListener` | `kernel.view` | `PRE_SERIALIZE`, `POST_SERIALIZE` | 16 | Serializes the PHP entity in string [according to the request format](content-negotiation.md)
`RespondListener` | `kernel.view` | `PRE_RESPOND`, `POST_RESPOND` | 8 | Transforms serialized to a `Symfony\Component\HttpFoundation\Response` instance
`AddLinkHeaderListener` | `kernel.response` | None | 0 | Adds a `Link` HTTP header pointing to the Hydra documentation
`ValidationExceptionListener` | `kernel.exception` | None | 0 | Serializes validation exceptions in the Hydra format
`ExceptionListener` | `kernel.exception` | None | -96 | Serializes PHP exceptions in the Hydra format (including the stack trace in debug mode)

Some of these built-in listeners can be enabled/disabled by setting operation attributes:

Attribute | Type | Default | Description
--------------|--------|---------|-------------
`read` | `bool` | `true` | Enables or disables `ReadListener`
`deserialize` | `bool` | `true` | Enables or disables `DeserializeListener`
`validate` | `bool` | `true` | Enables or disables `ValidateListener`
`write` | `bool` | `true` | Enables or disables `WriteListener`
`serialize` | `bool` | `true` | Enables or disables `SerializeListener`
Attribute | Type | Default | Description
---------------------------|--------|---------|-------------
`query_parameter_validate` | `bool` | `true` | Enables or disables `QueryParameterValidateListener`
`read` | `bool` | `true` | Enables or disables `ReadListener`
`deserialize` | `bool` | `true` | Enables or disables `DeserializeListener`
`validate` | `bool` | `true` | Enables or disables `ValidateListener`
`write` | `bool` | `true` | Enables or disables `WriteListener`
`serialize` | `bool` | `true` | Enables or disables `SerializeListener`

Some of these built-in listeners can be enabled/disabled by setting request attributes (for instance in the [`defaults`
attribute of an operation](operations.md#recommended-method)):
Expand Down