Validating User Input

Objective

After completing this lesson, you will be able to use annotations to validate user input

Annotations

CAP supports server-side input validation. This is controlled via annotations, some of which are presented in the following. Information that goes beyond what is discussed here can be found in the CAP documentation.

In this learning, we will cover the following annotations:

  • @mandatory
  • @assert.target
  • @assert.range

@mandatory

We start with the annotation @mandatory. Elements marked with @mandatory are checked for nonempty input: null and (trimmed) empty strings are rejected.

In the example shown, the title element of the Books entity is annotated with @mandatory. If you try to create a book without a title, the corresponding request returns a response with HTTP status code 400 (Bad Request). The response contains an error message similar to the following:

Code Snippet
123456
"error": {
  "code": "400",
  "message": "Value is required",
  "target": "title",
  "@Common.numericSeverity": 4
}

Note

As in SQL you can specify default values to fill in upon INSERTs if no value is specified for a given element. The keyword default is available for this purpose. In the previous example, the value 0 is set for the stock element of the Books entity if no value is provided for this element when a new book is created.

@assert.target

The @assert.target annotation can be used for managed to-one associations of a CDS model entity. The annotation is employed to check during CREATE and UPDATE operations whether the target entity to which the association refers exists. In other words, use this annotation to ensure that a non-null foreign key in a table has a corresponding primary key in the associated/referenced target table.

In the example shown, the managed to-one association author of the Books entity is annotated with @mandatory and @assert.target. The @mandatory annotation ensures that a book author is specified. The @assert.target annotation also checks whether the specified author exists.

If you try to create a new book and the author ID specified in the request does not exist in the database, the requested CREATE operation will not be executed. Instead, the HTTP response has the status code 400 (Bad Request), as we have already seen with the @mandatory annotation. The response body contains an error message similar to the following. It points to the invalid foreign key:

Code Snippet
123456
"error": {
  "code": "400",
  "message": "Value doesn't exist",
  "target": "author_ID",
  "@Common.numericSeverity": 4
}

@assert.range

The @assert.range annotation allows the specification of value ranges for elements of model entities with ordinal types - i.e. numeric or date/time types. The value range is defined as an interval with the following syntax:

Code Snippet
1
@assert.range: [min, max]

The defined range is regarded as a closed interval, i.e. it is checked whether a specified value is greater than or equal to min and less than or equal to max.

For enum elements, true can be specified to restrict possible values to the defined enum values.

In the example shown, the genre element of the Books entity has the data type Genre, which is a custom type with enumeration values. Annotating the genre element with @assert.range: true ensures that only values from the enumeration can be specified for this element, i.e. 1 or 2.

If, for example, the value 3 is provided for the genre element when creating a book, the requested CREATE operation is not executed. Instead, the HTTP response has the status code 400 (Bad Request) and the response body contains an error message similar to the following:

Code Snippet
123456
"error": {
  "code": "400",
  "message": "Value 3 is invalid according to enum declaration {1, 2}",
  "target": "genre",
  "@Common.numericSeverity": 4
}

Demonstration & Exercise: Implement Input Validation

Note

As exercise, carry out the step-by-step instructions in the following demonstration yourself in the SAP Business Application Studio.

As a starting point for the exercise, use the outcome of the previous exercise Work with Localized Data, Code Lists and Common Reuse Types if you have successfully completed it. Alternatively, you can also use the branch 7_localized_data from the following GitHub repository as a starting point:

https://github.com/SAP-samples/cap-development-learning-journey

The complete implementation of the simulation can be found in the 8_input_validation branch of the GitHub repository.

Detailed information on the content of the repository and how to use it can be found here.

Watch the video to see how to implement input validation.

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn