Zend Apigility : DELETE HTTP method Validation

Question

I have recently explored Apigility I want to use HTTP DELETE method to delete some entity but before deleting I need to validate "entityId" must be given and must be Digit and trim. Problem is documentation mentions that:

Content Validation currently only works for POST, PATCH, and PUT requests. If you need to validate query string parameters, you will need to write your own logic for those tasks. https://apigility.org/documentation/content-validation/intro I have make some custome modification in config file as bellow:

'NetworkingNightAPI\\V1\\Rpc\\DeleteSlotByLoginUser\\Controller' => [
  'DELETE' => 'NetworkingNightAPI\\V1\\Rpc\\AssignTimeSlotToLoginUser\\Validator',
        ],

As I have mention DELETE method to validate same as NetworkingNightAPI\V1\Rpc\AssignTimeSlotToLoginUser\Validator but the issue is it always return 'Value could not be empty' even I have added valid row JSON values using PostMan

Thanks!

Answer 1

Thank you for your reply

What I have found is Apigility uses 'zf-content-validation' module for validating the input data (https://github.com/zfcampus/zf-content-validation)

This module dose not restrict such HTTP Methods you can apply validation to DELETE method as well Like it says that

"In the above example, the Application\Controller\HelloWorld\Validator service will be selected for PATCH, PUT, or DELETE requests, while the Application\Controller\HelloWorld\CreationValidatorwill be selected for POST requests."

So you just need to add manual entry for DELETE method in config file as below:

'NetworkingNightAPI\\V1\\Rpc\\DeleteSlotByLoginUser\\Controller' => [
            'input_filter' => 'NetworkingNightAPI\\V1\\Rpc\\DeleteSlotByLoginUser\\Validator',
            'DELETE' => 'NetworkingNightAPI\\V1\\Rpc\\DeleteSlotByLoginUser\\Validator',
        ],

In addition HTTP DELETE method will not validate using JSON row body from POSTMAN you have to pass query parameters and in your controller you need to get validated data using plugin like below:

$recruiterId = $this->getInputFilter()->getValues()['recruiterId'];
$timeSlotId  = $this->getInputFilter()->getValues()['timeSlotId'];

Answer 2

If you want to delete a resource your should use the url that includes the route to that entity. This means the id would be in your route parameters, not in your query parameters. So the id is a route parameter/identifier and the RestController will search your entity using the identifier in the fetch($id) method of your resource listener. The listener should return a not found (404) response in case the entity with that identifier doesn't exist.

The content validation you mention in your question is for validating POST/GET parameters. So there is no need for such validator in case of a delete request.

So say for example you want to delete a Slot you would have a route:

api/v1/slots/[slot_id]

And if you want to delete Slot with id 1 you would send a delete request to:

DELETE
api/v1/slots/1

Your listener should simply return a 404 response in case a Slot with slot_id 1 doesn't exist.

Answer 3

I see you're using RPC Rather than Rest style - if you're passing the parameter using the query string you will have to validate it yourself inside the controller, for example:

public function someActionMethod()
{
    $id = $this->getRequest()->getQuery('id');
    $validator = new Input('id');
    $validator->getValidatorChain()
        ->attach(new \Zend\Validator\NotEmpty())
    ;
    $validator->getFilterChain()
        ->attach(new StringToUpper())
    ;
    $inputFilter = new InputFilter();
    $inputFilter
        ->add($validator)
        ->setData($this->getRequest()->getQuery())
    ;

    if( ! $inputFilter->isValid()) {
        return new \ZF\ApiProblem\ApiProblemResponse(
            new ApiProblem(400, $inputFilter)
        );
    }
}

Apigility won't use any of the config generated using the UI to validate those fields for you wuen passed via query string as it says in the docs - they will be ignored. You would need to generate the valaidator yourself.

You could set it up to generate the validation using a config if you wished and then load the validator inside the controller to save writing boiler plate code as above.