-
-
Save makasim/3720535 to your computer and use it in GitHub Desktop.
<?php | |
namespace Foo\CoreBundle\Form\EventListener; | |
use Symfony\Component\EventDispatcher\EventSubscriberInterface; | |
use Symfony\Component\Form\FormEvents; | |
use Symfony\Component\Form\FormEvent; | |
use Symfony\Component\Form\FormInterface; | |
/** | |
* Changes Form->bind() behavior so that it treats not set values as if they | |
* were sent unchanged. | |
* | |
* Use when you don't want fields to be set to NULL when they are not displayed | |
* on the page (or to implement PUT/PATCH requests). | |
*/ | |
class PatchSubscriber implements EventSubscriberInterface | |
{ | |
/** | |
* @param \Symfony\Component\Form\FormEvent $event | |
*/ | |
public function onPreBind(FormEvent $event) | |
{ | |
$clientData = $event->getData(); | |
$unbindClientData = $this->unbind($event->getForm()); | |
if (is_array($unbindClientData)) { | |
$clientData = array_replace($unbindClientData, $clientData ?: array()); | |
} | |
$event->setData($clientData); | |
} | |
/** | |
* Returns the form's data like $form->bind() expects it | |
* | |
* @return mixed | |
*/ | |
protected function unbind(FormInterface $form) | |
{ | |
if (count($form) > 0) { | |
$clientData = array(); | |
foreach ($form as $name => $childForm) { | |
$clientData[$name] = $this->unbind($childForm); | |
} | |
return $clientData; | |
} | |
return $form->getViewData(); | |
} | |
/** | |
* @return string[] | |
*/ | |
static public function getSubscribedEvents() | |
{ | |
return array( | |
FormEvents::PRE_BIND => 'onPreBind', | |
); | |
} | |
} |
I guess you can update any value, right? I'm not sure but it looks like you allow mass assignment.
Let's say you have a resource with an "is_admin" field (true/false), the client can "patch" a resource
with is_admin=true
, and he will become admin.
@willdurand
Not exactly if this is the case.
I've been using this workaround the last couple of days in an RESTful API that I'm developing using Symfony.
This EventSubscriberInterface listens to the form that I've generated.
Following your tutorial for example:
$form = $this->createForm(new EmploymentType(), $employment);
$form->bind($this->getRequest());
If a crucial field like is_admin
is not in the generated FormType (in this case EmploymentType()) and I try to send it it will generate this kind of error:
You can't add extra fields to this form
Thank you, this gist has been quite useful!
I have updated the code to be compatible with Symfony 2.3. Checkout the code here
perfect thanks a lot!
Nice works. Unfortunately the subscriber doesnt works for unmapped form fields.
$builder->add('foo', null, array(
'description' => 'The foo',
'mapped' => false,
'constraints' => array(
new NotBlank(array(
'message' => 'system.error.alert.null'
))
)
));
Where should I put this code in my Bundle and how can I make sure it's executed when I do a PUT/PATCH?