You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here the service is only returning the rules based on the input request... However, what if we have the following validation rules in a hypothetical User model:
public function getValidationRulesUpdating()
{
return [
'password': 'sometimes|required|string|min:8|confirmed',
'current_password': ['required_with:password', new MatchCurrentPassword()]
];
}
"MatchCurrentPassword" is simply a custom Rule that checks if the field matches the value of the User's current password.
When we request a User update and we include only the "password" and "password_confirmation" fields, only the 'password' validation rules are returned... However, 'current_password' is saying it's a required field when 'password' is present! This means we're failing to enforce the rule where a User must also provide the current password to change (update) their password.
The way that validation functions works, is to filter all updating rules, by the fields actually provided. This allows flexible PATCH requests, whereby only those fields which are provided, are actually validated - meaning fields not provided, skip validation. This allows for accurate PATCH functionality.
However it doesn't take into account situations like this, where there are fields which must be provided on the PATCH requests (or conditionally so). I believe this is a type of scenario which I just haven't considered in this case, so I do think that level of functionality needs to be added.
Now the question is, what is the best and most generic solution to the problem. I will have a think about this, and you are welcome to make suggestions also.
Meanwhile, you can override that function on your App's restful service, if you want.
Hi!
I think I've encountered a bug but I'm not 100% sure about it... Please see the following piece of code:
l5-api/src/Services/RestfulService.php
Line 186 in 52caecb
Here the service is only returning the rules based on the input request... However, what if we have the following validation rules in a hypothetical User model:
"MatchCurrentPassword" is simply a custom Rule that checks if the field matches the value of the User's current password.
When we request a User update and we include only the "password" and "password_confirmation" fields, only the 'password' validation rules are returned... However, 'current_password' is saying it's a required field when 'password' is present! This means we're failing to enforce the rule where a User must also provide the current password to change (update) their password.
https://laravel.com/docs/5.8/validation#rule-required-with
Thanks
The text was updated successfully, but these errors were encountered: