hello. in my ecommerce application I want both user and admin to be able to update an Order model. user should update its order model all properties except to "stateId" and admin should only be able to update "stateId" of every order model. now I want both roles use the same PUT route for updating. what is best practice? thank you in advance
@danimohamadnejad you can conditionally change validation rules and then pass validated data to update method:
$rules = [
//...
];
if($request->user()->hasRole('admin')) { // your might be different
$rules = ['stateid' => 'required'];
}
$data = $request->validate($rules);
// fetch model
$model->update($data);
are you using above solution user cannot update stateId property? because I am using mass assignment and I feel user can change form and add stateId .
@danimohamadnejad the data returned from validate method will only include validated fields.
ohhhh thanks. how can I use this method using Validator::make()?
@danimohamadnejad $validator->validated();. https://github.com/illuminate/validation/blob/master/Validator.php#L328
Please or to participate in this conversation.