RFC: Validation in scaffolded mutations

[unclecheese]

We're currently not invoking DataObject::validate() in mutations. That would be a start, but this problem is actually a bit more complex than that. Usually, what is required for low-level data integrity isn't necessarily what is required for business cases. Validation in the API should resemble something closer to Form::validate() than DataObject::validate().

I'm pretty sure this is as simple as creating a Validator interface, and allowing registration of them against the operation:

SilverStripe\Security\Member:
  operations:
    create:
      validator: MyApp\Validators\MemberValidator

You'd also want a default validator to be registered against the schema config to manage basic validation for all dataobjects.

Or we could even do it like resolvers, where you just have a monolithic class and methods are discovered.

class MyValidator
{
  public function validateCreateMember($data);
}

And of course, the schema config then becomes:

resolvers:
  - My\ResolverClass
validators:
  - My\Validator\Class

If not, Validator should extend Identifiable so we can use the registry (as used in Bulk Loaders) and refer to them with better semantics.

SilverStripe\Security\Member:
  operations:
    create:
      validator: memberValidator

Like resolvers, this probably isn't an either/or. You can just prefer explicitly defined validators over discovered ones, and then use a default validator when neither comes through.