RFC-8996 Clarify the scope of public APIs

[robbieaverill]

Affected Version

All

Description

Lately there have been some discussions in pull requests around whether we prefer private or protected methods (when not public).

Key questions:

• What constitutes our public API (and our commitment to semantic versioning)?
• As above, are protected methods part of our API?
  • Note that most of our module readme files already state that only public methods are part of our public API, while we aim to keep backward compatibility in protected methods as well
• Do we prefer protected or private methods?

Acceptance criteria:

• The regular product developers and the SilverStripe core committers have a common understanding of the above points
• The decisions are documented in our contributing guide

cc @silverstripe/core-team @silverstripe/open-sourcerers @silverstripe/creative-commoners

Outcomes

Protected scope IS public API

Protected methods and properties MUST NOT receive incompatible changes in minor and patch releases.

Pros

• this is the most natural option for developers
• eliminates some anti-patterns, makes APIs more predictable, projects easier to upgrade
• doesn't introduce special rules over what PHP OOP capabilities provide
• doesn't increase framework learning curve
• would make patch and minor releases more stable

Cons

• This is different from the current undocumented convention
• Can make it harder to "fix" issues in minor and patch releases
• Some issues potentially may become unfixable in patch/minor releases

PRs

• [x] https://github.com/silverstripe/silverstripe-framework/pull/9298
• [x] https://github.com/silverstripe/silverstripe-framework/pull/9299

[ScopeyNZ]

This is a pretty worn out drum that I'm banging here, but it's completely dependant on context. I really don't think you can have "default" visibility. If it's an implementation detail of the class/object then it's private. If it's API that conforms with the intention of the class, then consider the idea that someone might wish to extend the class to update compatibility or something, and make it protected. If it's just the API of the class, then it's public.

Example:

class Lottery
{
    protected $numberOfNumbers;

    public function __construct($numberOfNumbers)
    {
        $this->numberOfNumbers = $numberOfNumbers;
    }

    public function drawNumbers()
    {
        return $this->generateNumberList();
    }

    protected function generateNumber()
    {
        return random_int(0, 45);
    }

    private function generateNumberList()
    {
        $numbers = [];

        for ($i = 0; $i < $this->numberOfNumbers; $i++) {
            do {
                $number = $this->generateNumber();
            } while (!in_array($number, $numbers));

            $numbers[] = $number;
        }

        return $numbers;
    }
}

My most complex logic which is an implementation detail is kept in a private method. I could change that at any time to return a generator instead of an array - for example.

[dnsl48]

Right. Though, in your example some might argue that protected $numberOfNumbers and protected generateNumber should become private.

The first one is controlled through the constructor - children should use it. How exactly the Lottery uses numberOfNumbers and generateNumber within its generateNumberList is an implementation detail, since the generateNumberList is the implementation (private).

Otherwise, with a lack of Lottery interface, people extending the class should only be able to overwrite the constructor and public drawNumbers method.

P.S. I'm not saying that's better or something. Simply showing there are other options. Another option here could be to make a separate RNG interface and pass it through the constructor rather than have protected generateNumber. Though, that introduces another entity to the system, which is a complexity vs flexibility tradeoff, but could be done in children.

[sminnee]

This is a pretty worn out drum that I'm banging here, but it's completely dependant on context. I really don't think you can have "default" visibility. If it's an implementation detail of the class/object then it's private. If it's API that conforms with the intention of the class, then consider the idea that someone might wish to extend the class to update compatibility or something, and make it protected. If it's just the API of the class, then it's public.

Adjusting it slightly with some comments on tests, and turning it into a candidate paragraph for coding guidelines:

---

Method/property visibility guidelines

When adding new methods and properties, should you make them public, protected, or private?

• Public: Use this for public APIs. You should add tests and documentation for these.
• Protected: Use for extensibility APIs. Note that compatibility for such APIs should be maintained in minor releases, and so you'll probably want to cover them in tests (i.e. test that these methods can be called from within a subclass and/or overridden). If that seems like overkill, consider whether it's safer to leave these as private for now.
• Private: Use for class internals

Above all, recognise that when you are making something public or protected, you are creating an API for other developers to use and rely on, and do so with care. Don't simply dump class internals in as protected members in the name of extensibility – doing so will be likely to break developers' projects in minor releases.

---

Waddaya think?

[ScopeyNZ]

Perfect. Thanks for cleaning that up 😂

[chillu]

Sounds like this has been sufficiently discussed. Who's closing this out by making a documentation pull request?

[ScopeyNZ]

I've just copied and pasted the section that @sminnee wrote: https://github.com/silverstripe/silverstripe-framework/pull/9298

[dnsl48]

Yeah, I think we've had plenty of time for everyone interested in the matter to vote or say something.

The current results are:

• Vote 1 has been finished and accepted
• Vote 2 had some discussion, but has not had enough votes, which means we leave it "as is". Since we don't have any conventions about it, I reckon that's implicit Case by case.

Regarding the Vote 1 - here is the follow up PR: https://github.com/silverstripe/silverstripe-framework/pull/9299

Regarding the Vote 2 - I don't think we should make any new coding conventions over what's been discussed in the Vote2, since it wasn't approved by the core committers (should be at least more than half of them present, which is not the case).

[ScopeyNZ]

I think what Sam wrote summarises what we discussed pretty well. Protected is API in the eyes of SemVer, use protected knowing that this is maintenance burden - something you should consider being private.

That's why I raised the PR on the docs to resolve this issue.

[sminnee]

I disagree that we're not ready to close this. It's been open for months. My comment has been there for a month. It's had 4 positive responses and no negative. What value is there in dragging this out further?

[dnsl48]

I didn't say we're not ready to close this. I only said the Vote 2 didn't produce any outcomes (according to the rules we cannot consider any of the options to be approved by core committers).

[sminnee]

Right, I misunderstood. Perhaps the rules are a little cumbersome too. :-P

[chillu]

Reopening until PRs are merged.

[robbieaverill]

All merged, thanks everyone for the time to get this over the line