Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RestfulService::getRelevantValidationRules odd behaviour #13

Open
GiacomoP opened this issue Aug 23, 2019 · 1 comment
Open

RestfulService::getRelevantValidationRules odd behaviour #13

GiacomoP opened this issue Aug 23, 2019 · 1 comment
Assignees
Labels
enhancement New feature or request

Comments

@GiacomoP
Copy link

GiacomoP commented Aug 23, 2019

Hi!

I think I've encountered a bug but I'm not 100% sure about it... Please see the following piece of code:

public function getRelevantValidationRules($resource, array $data)

Here the service is only returning the rules based on the input request... However, what if we have the following validation rules in a hypothetical User model:

public function getValidationRulesUpdating()
{
  return [
    'password': 'sometimes|required|string|min:8|confirmed',
    'current_password': ['required_with:password', new MatchCurrentPassword()]
  ];
}

"MatchCurrentPassword" is simply a custom Rule that checks if the field matches the value of the User's current password.

When we request a User update and we include only the "password" and "password_confirmation" fields, only the 'password' validation rules are returned... However, 'current_password' is saying it's a required field when 'password' is present! This means we're failing to enforce the rule where a User must also provide the current password to change (update) their password.

https://laravel.com/docs/5.8/validation#rule-required-with

Thanks

@specialtactics
Copy link
Owner

specialtactics commented Aug 27, 2019

Hi there

The way that validation functions works, is to filter all updating rules, by the fields actually provided. This allows flexible PATCH requests, whereby only those fields which are provided, are actually validated - meaning fields not provided, skip validation. This allows for accurate PATCH functionality.

However it doesn't take into account situations like this, where there are fields which must be provided on the PATCH requests (or conditionally so). I believe this is a type of scenario which I just haven't considered in this case, so I do think that level of functionality needs to be added.

Now the question is, what is the best and most generic solution to the problem. I will have a think about this, and you are welcome to make suggestions also.

Meanwhile, you can override that function on your App's restful service, if you want.

@specialtactics specialtactics self-assigned this Aug 27, 2019
@specialtactics specialtactics added the enhancement New feature or request label Aug 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants