Adds Form Request for Creating Departments #16973
Conversation
|
Moving to draft so I can add in some assertions for the db to ensure values are being stored properly. |
|
Added |
|
Also, those attributes need to be added to the API docs as currently only |
| */ | ||
| public function authorize(): bool | ||
| { | ||
| return Gate::allows('create', new Department); |
There was a problem hiding this comment.
We probably need to allow this for users who can edit departments as well?
There was a problem hiding this comment.
This is just the store request, update request would be separate
|
I'm not sure a form request is the right move here tbh |
|
I'm not sure, I can see why you'd say that, but I'm still of the mind that form requests are generally good and an improvement in terms of both security and DX (which is obviously subjective). Security wise in this one I don't like that we were filling with a Next, I can't figure out why I still think that we should continue expanding our form requests to near every request, so as I see issues like this pop up I'm generally going to go that route. |
This adds a form request for the store department method in the API. For some reason
watson\validatingwasn't picking up that there was an array in a request which resulted in a 500, this ensures that's caught before we do the->fill(...).Adds tests for this as well. For testing errors,
->assertOk(which asserts a 200 status), andassertStatusMessageIs('error')in combination more or less assert one of our validation errors.