Mass assignment and controller methods

Posted 3 years ago by Mythos33

Hello guys,

if I have a model like this:

class Category extends Model
{
    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = ['name', 'user_id'];

    /**
     * Get the user that owns the category.
     */
    public function user()
    {
        return $this->belongsTo(User::class);
    }
}

Should the user_id be fillable in case an administrator can move the category from one user to another?

My second question is about controller methods:

public function store(CategoryCreateRequest $request)
{
    $this->repoistory->create($request->all());
    return redirect()->route('categories.index');
}

public function update(Request $request, $id)
{
    $category = $this->repoistory->find($id);
    if (Gate::denies('update-category', $category)) {
        abort(403);
    }
    $this->repoistory->update($request->all(), $id);
    return redirect()->route('categories.index');
}

What can I do to improve those methods? (I'm using Bosnadev's repositories btw)

When I try to call my update method, I'll get an error, because it tries to store the CSRF-token and the method.

Thanks for your help.

Regards, Mythos

Please sign in or create an account to participate in this conversation.