Respect order of `@validator` compared to other field middleware directives

[faiverson]

If we have a simple mutation like this with both directives

createUser(input: inputUser! @spread): User
    @create
    @validator
    @can(ability: "create")

@validator is not respecting the order. I'm expecting to execute @can first instead I get validation errors.

I think @validator should respect the order in the fields directives

[spawnia]

As of now, all validation runs in a discrete step that happens before all field middleware directives. That is because the validation rules from @rules, @validator and other validation directives are gathered and applied at once.

Keep in mind that @validator also works on input objects, in which case no field directive may be present, e.g.:

type Query {
  foo(input: Foo): Bar @can
}

input Foo @validator { ... }

[faiverson]

Thanks for the answer.

I understand the problem, but imho access authorization should be before any kind of validation. You might don't want to share any validation problem if an user doesn't have access. Permissions come first to me in any system.

Also I understand is a hard change, do you think is worth to considerer a refactoring to achieve this order logic? If not, any idea how can I change my own order?

[canatufkansu]

Hi,

In 4x release @validator directive doesn't exists. Only in master branch this directive is available, should I follow the master branch in composer or wait this feature to be merged into 4x branch ?

Thanks,

[spawnia]

@canatufkansu I do not plan to backport any features to v4. @validator requires substantial changes, so it can not be done in a backwards compatible way without a lot of extra work.