Closed ElMatella closed 5 years ago
I think the lack of rule dictates that you don't intend on validating on that attribute. If you know attributes you want to blacklist ahead of time, you can specify conflicting rules which will never validate:
const rules = {
'bar': 'required_without_any:foo|required_with_any:foo'
}
I only use Indicative for basic input data validation. Things like attribute whitelisting is done at a controller level (or middleware level). In fact, I do something like this (this is an AdonisJs example but feel free to adapt it to whatever framework you're using):
const { isFunction } = require('lodash')
/**
* BaseController is an abstract class that requires implementing class to override
* permitAttributes.
*/
class BaseController {
constructor () {
if (this.permitAttributes === undefined) {
throw new TypeError('Must override permitAttributes property')
}
}
/**
* Sanitizes incoming request body.
* @param {Request} request
*/
sanitize (requestOrBody) {
const body = isFunction(requestOrBody.all) ? requestOrBody.all() : requestOrBody
return pick(body, this.permitAttributes)
}
}
module.exports = BaseController
You can then use it in your controller like so:
class MyController extends BaseController {
get permitAttributes () {
// Only allow 'foo' attribute
return ['foo']
}
async update ({ request, response }) {
const body = this.sanitize(request)
// ... do something with the request body. The body variable will only contain foo attribute.
}
}
This is a very similar approach to how Rails framework utilizes the strong parameters convention to whitelist permitted attributes before mass assigning request body attributes to a model.
Hey @ElMatella, @AndrewJo! 👋
In fact, it's planned to add in a future version of the Adonis Validation Provider a way to remove key that aren't validated, this will probably add a setting in indicative
itself to do it.
In the meanwhile, you can use the workaround provided by @AndrewJo.
Hi, thanks a lot for both of your responses! I close the issue then.
Hi, thank you for this great package!
Is their a way to throw "not allowed" validation errors if some key is not present in the validation rules?
Example:
That would throw "bar is not allowed". I know that this looks more like Schema validation than data validation. Is this something achievable with indicative or should I use another library on top like
joi
?Anyways I can't find such an option in the documentation..
Thank you and have a nice day :)