-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #17722 #18032
Fixes #17722 #18032
Conversation
@samdark I need your opinion on how to deal with exception handling. Given that we could just allow the generic exception handling to happen since the DI container will already throw exceptions. Please let me know your thoughts. |
I think it's a good idea to make it behave the same was as in Yii 3 Injector: https://github.com/yiisoft/injector/tree/master/docs/en#how-it-works |
But, of course, there are Yii 2 specific things since not everything is in DI container... |
Design decisions 1-2 make sense. Not sure what's meant by "descriptions of the injections". |
A runtime exception would do. |
@samdark check the screenshot of the debugger; hmm from my phone the quote part didn't work.
One of the images above is from the debugger request panel. That panel shows the request params. To do this it serializes them at the end of the request and deserializes them to show them in the panel.
|
OK, that's fine about description. |
This is ready, the code climate notice about npath complexity should (imo) be ignored. |
@samdark Maybe you can adjust this value for yii2... |
Or we can refactor it a bit to reduce complexity... |
Reviewing it again I wonder if it's a good idea to apply it to console controllers as well. |
I currently use it in both |
And it makes sense in console definitely |
@SamMousa do you have ready to apply code? If yes, would you please apply it? If no, I think I can handle it but that would take more time. |
This trait works for both controllers; I used that as the basis, couldn't exactly copy paste it though. |
Implemented it for console. Going to add tests for it. |
Done. |
@SamMousa would be great if you'll take a look at the code. |
@SamMousa Can you please explain why you added a commit that checks that there is a definition in the container for a injecting type. I think that there is a good reason for this, but I can see it for now. Thank you. |
The reasoning is that you only inject services, so you shouldn't use it to create arbitrary objects, for example a new AR model. This implementation ensures that only things that you have explicitly defined, as a component in the app or a definition in the container, can be injected. Imagine injecting a DB connection and due to misconfiguration getting a connection without configuration... |
Thank you for your explanation. As for me it is a little bit confusing, because it differs from the way the container works in other cases. And it is a little bit inconvenient to define services each time I want to inject them into action. What about injecting objects other than services - no one deny people to do |
@SamMousa Do you mind if I create a new issue to see what the community thinks about it? |
It's not up to me to mind, but I think it's a very bad idea... |
This draft PR implements action injection inspired by my implementation here: https://github.com/SAM-IT/yii2-magic/blob/master/src/Traits/ActionInjectionTrait.php
Since that implementation the core framework has improved action param handling with things like type validation when using scalar type hints in modern PHP versions.
This is why this implementation uses a different route; it alters the existing parameter iteration and checks for type hints that are NOT built in (thus class type hints).
TODO
Design decisions
actionParams
(since this is used by the Url helper to create canonicalized URLs).\Yii::$app->requestedParams
.Motivation 1
Local-first injection allows us to override configuration for specific modules. It could even be argued that we should not fall back to the DI container at all. The issue I have with the DI container is that it will instantiate any class, even if it has no definition.
While some of my services live in the DI container (and are defined there) we should in my opinion definitely not promote code like this:
Motivation 2
Other code than the URL helper might depend on this array, that code might not be able to (securely) handle action params. (For example serializing them could leak DB passwords)
Motivation 3
The in the current code base the only thing that uses
\Yii::$app->requestedParams
is the log panel. It tries to serialize this array and using a string description guarantees us that we can actually serialize it (a class containing a closure for example would cause exceptions). Also, when checking the log panel it shows sensible information: