Cakephp api POST 请求,未经验证保存数据
Cakephp api POST request , saving data without validation
我创建了一个带有 Api 前缀的路由
$routes->scope('/api', function (RouteBuilder $routes) {
$routes->setExtensions(['json']);
$routes->post(
'/add-categories',
['controller' => 'Miles', 'action' => 'addCategories','prefix'=>'Api']
);
}
我在目录 Controller/Api/MilesController.php
中创建了一个控制器文件
我创建了如下所示的 addCategory 方法
public function addCategories()
{
$categoriesTable = $this->fetchTable('Categories');
$categoryEnt = $categoriesTable->newEmptyEntity();
if ($this->request->is('post')) {
$category = $categoriesTable->patchEntity($categoryEnt, $this->request->getData());
if ($categoriesTable->save($category)) {
$responseBody = [
'status' => 201,
'data' => $category
];
}else{
$responseBody = [
'status' => 400,
'data' => $category->getErrors()
];
}
}
$this->set(compact('responseBody'));
$this->viewBuilder()->setOption('serialize', ['responseBody']);
}
在 postman 中,如果我尝试发送一个没有任何数据的 post 请求,那么我会得到如下响应
{
"responseBody": {
"status": 201,
"data": {
"created": "2022-05-10T20:04:13+09:00",
"modified": "2022-05-10T20:04:13+09:00",
"id": 8
}
}
}
我的Model/Table/CategoriesTable.php长得像
<?php
declare(strict_types=1);
namespace App\Model\Table;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class CategoriesTable extends Table
{
public function initialize(array $config): void
{
parent::initialize($config);
$this->setTable('categories');
$this->setDisplayField('name');
$this->setPrimaryKey('id');
$this->addBehavior('Timestamp');
$this->hasMany('Products', [
'foreignKey' => 'category_id',
]);
}
public function validationDefault(Validator $validator): Validator
{
$validator
->allowEmptyString('id', null, 'create');
$validator
->scalar('title')
->notEmptyString('title');
$validator
->boolean('status')
->notEmptyString('status');
$validator
->scalar('imageUrl')
->allowEmptyFile('imageUrl');
return $validator;
}
}
为什么我写在 CategoriesTable.php 文件中的 notEmptyString 验证不起作用?
注意:这个Api/MilesController.php没有自己的模型。如何在此处应用 CategoriesTable 验证?
None 您的字段被设置为必填,即它们都是可选的,当缺少可选字段时,将不会应用任何验证规则。
所以对于所有必须存在的字段,使用requirePresence(),例如:
$validator
->requirePresence('title', 'create') // required on create, optional on update
->scalar('title')
->notEmptyString('title');
另见
我创建了一个带有 Api 前缀的路由
$routes->scope('/api', function (RouteBuilder $routes) {
$routes->setExtensions(['json']);
$routes->post(
'/add-categories',
['controller' => 'Miles', 'action' => 'addCategories','prefix'=>'Api']
);
}
我在目录 Controller/Api/MilesController.php
中创建了一个控制器文件我创建了如下所示的 addCategory 方法
public function addCategories()
{
$categoriesTable = $this->fetchTable('Categories');
$categoryEnt = $categoriesTable->newEmptyEntity();
if ($this->request->is('post')) {
$category = $categoriesTable->patchEntity($categoryEnt, $this->request->getData());
if ($categoriesTable->save($category)) {
$responseBody = [
'status' => 201,
'data' => $category
];
}else{
$responseBody = [
'status' => 400,
'data' => $category->getErrors()
];
}
}
$this->set(compact('responseBody'));
$this->viewBuilder()->setOption('serialize', ['responseBody']);
}
在 postman 中,如果我尝试发送一个没有任何数据的 post 请求,那么我会得到如下响应
{
"responseBody": {
"status": 201,
"data": {
"created": "2022-05-10T20:04:13+09:00",
"modified": "2022-05-10T20:04:13+09:00",
"id": 8
}
}
}
我的Model/Table/CategoriesTable.php长得像
<?php
declare(strict_types=1);
namespace App\Model\Table;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\ORM\Table;
use Cake\Validation\Validator;
class CategoriesTable extends Table
{
public function initialize(array $config): void
{
parent::initialize($config);
$this->setTable('categories');
$this->setDisplayField('name');
$this->setPrimaryKey('id');
$this->addBehavior('Timestamp');
$this->hasMany('Products', [
'foreignKey' => 'category_id',
]);
}
public function validationDefault(Validator $validator): Validator
{
$validator
->allowEmptyString('id', null, 'create');
$validator
->scalar('title')
->notEmptyString('title');
$validator
->boolean('status')
->notEmptyString('status');
$validator
->scalar('imageUrl')
->allowEmptyFile('imageUrl');
return $validator;
}
}
为什么我写在 CategoriesTable.php 文件中的 notEmptyString 验证不起作用?
注意:这个Api/MilesController.php没有自己的模型。如何在此处应用 CategoriesTable 验证?
None 您的字段被设置为必填,即它们都是可选的,当缺少可选字段时,将不会应用任何验证规则。
所以对于所有必须存在的字段,使用requirePresence(),例如:
$validator
->requirePresence('title', 'create') // required on create, optional on update
->scalar('title')
->notEmptyString('title');
另见