rest validation should be the same as all transaction save validation

If you create transactions from other sources, such as the REST API, it's kind of anything goes. There's some rudimentary validation, but having it in the view layer keeps it inconsistent between forms and REST API.