Interface
interface DTOValidator
{
/** [@param](https://github.com/param) scalar|array<array-key, scalar|null>|null $parameters */
public function validateDTO(
Request $request,
Command|Query $dto,
mixed $parameters,
): void;
/** [@param](https://github.com/param) scalar|array<array-key, scalar|null>|null $parameters */
public static function areParametersValid(mixed $parameters): bool;
}
A command or query must contain everything relevant to perform it without having to rely on session data in the handlers. Therefore, the DTOs must contain a reference to the user that is issuing the request like a $userId. And this is something we can only validate on an infrastructure level where the DTO validators are located and might look like the following:
final readonly class UserIdValidator implements DTOValidator
{
public function __construct(
private Security $security,
) {
}
/** [@param](https://github.com/param) null $parameters */
public function validateDTO(
Request $request,
Command|Query $dto,
mixed $parameters,
): void {
$reflection = new \ReflectionClass($dto);
if (!$reflection->hasProperty('userId')) {
throw new NotRelevantForDTO($dto);
}
/** [@var](https://github.com/var) UserId $userId */
$userId = $dto->userId;
/** [@var](https://github.com/var) User $user */
$user = $this->security->getUser();
if ($userId->isNotEqualTo($user->id)) {
throw new WrongUserId($userId, $user->id);
}
}
/** [@param](https://github.com/param) null $parameters */
public static function areParametersValid(mixed $parameters): bool
{
return $parameters === null;
}
}
With such a validator in place we don't need to do any validation in the handler for it and can concentrate on the business logic.
How can I help you explore Laravel packages today?