[Serializer] Throw exception when extra attributes are used during an object denor… #19958
Conversation
| @@ -32,6 +33,7 @@ | |||
|
|
|||
| private $propertyTypeExtractor; | |||
| private $attributesCache = array(); | |||
| private $extraAttributes = array(); | |||
There was a problem hiding this comment.
A service should not have global states like this one. Here it is worst because it creates a bug: if the denormalize method fails one time because of an extra attribute, all successive calls will throw an error (even if there is no extra attribute) because $this->extraAttributes isn't reseted to an empty array.
Here I think that it's enough to use a local variable to store the list of extra attributes. If you want to make information available in nested denormalize calls, you should use the $context parameter.
There was a problem hiding this comment.
Humm yes... sorry for that.
| @@ -183,6 +185,10 @@ public function denormalize($data, $class, $format = null, array $context = arra | |||
| } | |||
|
|
|||
| if (($allowedAttributes !== false && !in_array($attribute, $allowedAttributes)) || !$this->isAllowedAttribute($class, $attribute, $format, $context)) { | |||
| if (isset($context['extra_attributes']) && !$context['extra_attributes']) { | |||
There was a problem hiding this comment.
The form component has a similar option called allow_extra_fields. I propose to rename the key to allow_extra_attributes for consistency.
There was a problem hiding this comment.
I had a lot of hesitation. Updated.
| @@ -194,6 +200,10 @@ public function denormalize($data, $class, $format = null, array $context = arra | |||
| } | |||
| } | |||
|
|
|||
| if (!empty($this->extraAttributes)) { | |||
| throw new ExtraAttributesException(sprintf('Extra attributes are not allowed ("%s" given).', implode('", "', $this->extraAttributes))); | |||
There was a problem hiding this comment.
Extra attributes are not allowed ("%s" are unknown).?
There was a problem hiding this comment.
It's more simple with no plurial, but that's good for me. Updated.
4cd4e13 to
8444b21
Compare
|
👍, travis error not related. Status: reviewed |
|
Doc PR added. |
| use Symfony\Component\Serializer\Exception\LogicException; | ||
| use Symfony\Component\Serializer\Exception\UnexpectedValueException; | ||
| use Symfony\Component\PropertyInfo\PropertyTypeExtractorInterface; | ||
| use Symfony\Component\PropertyInfo\Type; |
There was a problem hiding this comment.
use statements reorganization should reverted.
There was a problem hiding this comment.
Alright. done.
8430c61 to
dca221b
Compare
| @@ -194,6 +201,10 @@ public function denormalize($data, $class, $format = null, array $context = arra | |||
| } | |||
| } | |||
|
|
|||
| if (!empty($extraAttributes)) { | |||
| throw new ExtraAttributesException(sprintf('Extra attributes are not allowed ("%s" are unknown).', implode('", "', $extraAttributes))); | |||
There was a problem hiding this comment.
Given you have specific exception type, it makes sense to put such logic into the exception, i.e. throw new ExtraAttributesException($extraAttributes) (see Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException for example).
There was a problem hiding this comment.
I don't really like doing that. And it's not the current behavior for serializer exceptions (like the CircularReferenceException).
However, I pushed this change.
There was a problem hiding this comment.
It makes exception API stricter. It is harder to misuse it, it decreases possible inconsistency between messages in different places if an exception has many usages in the code. It makes easier to unit test the exception if the message-forming logic becomes tricky.
d485036 to
313fca9
Compare
313fca9 to
565a984
Compare
|
Rebased from master to fix builds. |
|
I'll merge this PR in 3.3. Thanks @juliendidier |
|
Thanks @juliendidier for working on this feature, this is much appreciated. |
… used during an object denor… (juliendidier) This PR was merged into the 3.3-dev branch. Discussion ---------- [Serializer] Throw exception when extra attributes are used during an object denor… | Q | A | | --- | --- | | Branch? | "master" | | Bug fix? | no | | New feature? | yes | | BC breaks? | no | | Deprecations? | no | | Tests pass? | yes | | Fixed tickets | #19948 | | License | MIT | | Doc PR | [#6975](symfony/symfony-docs#6975) | I will update the doc if you're ok with this PR. Commits ------- 565a984 throw exception when extra attributes are used during an object denormalization
|
@dunglas thx, don't forget the documentation ;) symfony/symfony-docs/pull/6975 |
|
I cannot merge the doc but I'm sure that the @symfony/team-symfony-docs will handle it soon! |
…juliendidier) This PR was merged into the master branch. Discussion ---------- [Serializer] documentation for allow_extra_attributes Doc PR for [symfony/symfony#19958](symfony/symfony#19958) Commits ------- 28dcc94 [Serializer] documentation for allow_extra_attributes
I will update the doc if you're ok with this PR.