Add support API validation rules
This commit is contained in:
Codex Agent
@@ -2,8 +2,12 @@
|
||||
|
||||
namespace App\Http\Controllers\Api\Support;
|
||||
|
||||
use App\Enums\DataExportScope;
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Http\Requests\Support\Resources\SupportResourceFormRequest;
|
||||
use App\Http\Requests\Support\SupportResourceRequest;
|
||||
use App\Jobs\GenerateDataExport;
|
||||
use App\Models\DataExport;
|
||||
use App\Support\ApiError;
|
||||
use App\Support\SupportApiAuthorizer;
|
||||
use App\Support\SupportApiRegistry;
|
||||
@@ -13,6 +17,7 @@ use Illuminate\Http\JsonResponse;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Arr;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
|
||||
class SupportResourceController extends Controller
|
||||
{
|
||||
@@ -89,14 +94,26 @@ class SupportResourceController extends Controller
|
||||
/** @var Model $model */
|
||||
$model = new $modelClass;
|
||||
|
||||
$payload = $this->filteredPayload($request, $model);
|
||||
$payload = $this->validatedPayload($request, $resource, 'create', $model);
|
||||
|
||||
if ($payload instanceof JsonResponse) {
|
||||
return $payload;
|
||||
}
|
||||
|
||||
if ($payload === []) {
|
||||
return $this->emptyPayloadResponse($resource);
|
||||
}
|
||||
|
||||
if ($resource === 'data-exports') {
|
||||
$payload = $this->normalizeDataExportPayload($request, $payload);
|
||||
}
|
||||
|
||||
$record = $modelClass::query()->create($payload);
|
||||
|
||||
if ($resource === 'data-exports') {
|
||||
GenerateDataExport::dispatch($record->id);
|
||||
}
|
||||
|
||||
return response()->json([
|
||||
'data' => $record,
|
||||
], 201);
|
||||
@@ -118,7 +135,11 @@ class SupportResourceController extends Controller
|
||||
return $this->resourceNotFoundResponse($resource, $record);
|
||||
}
|
||||
|
||||
$payload = $this->filteredPayload($request, $model);
|
||||
$payload = $this->validatedPayload($request, $resource, 'update', $model);
|
||||
|
||||
if ($payload instanceof JsonResponse) {
|
||||
return $payload;
|
||||
}
|
||||
|
||||
if ($payload === []) {
|
||||
return $this->emptyPayloadResponse($resource);
|
||||
@@ -174,7 +195,7 @@ class SupportResourceController extends Controller
|
||||
return $query->where($keyName, $record)->first();
|
||||
}
|
||||
|
||||
private function filteredPayload(SupportResourceRequest $request, Model $model): array
|
||||
private function validatedPayload(SupportResourceRequest $request, string $resource, string $action, Model $model): array|JsonResponse
|
||||
{
|
||||
$payload = $request->validated('data');
|
||||
|
||||
@@ -182,6 +203,28 @@ class SupportResourceController extends Controller
|
||||
return [];
|
||||
}
|
||||
|
||||
$validationClass = SupportApiRegistry::validationClass($resource, $action);
|
||||
|
||||
if ($validationClass && is_subclass_of($validationClass, SupportResourceFormRequest::class)) {
|
||||
$allowedFields = $validationClass::allowedFields($action);
|
||||
|
||||
if ($allowedFields !== []) {
|
||||
$unexpected = array_diff(array_keys($payload), $allowedFields);
|
||||
if ($unexpected !== []) {
|
||||
return $this->invalidFieldResponse($resource, $unexpected);
|
||||
}
|
||||
}
|
||||
|
||||
$rules = $validationClass::rulesFor($action, $model);
|
||||
if ($rules !== []) {
|
||||
$payload = Validator::make($payload, $rules)->validate();
|
||||
}
|
||||
|
||||
if ($allowedFields !== []) {
|
||||
$payload = Arr::only($payload, $allowedFields);
|
||||
}
|
||||
}
|
||||
|
||||
$fillable = $model->getFillable();
|
||||
|
||||
if ($fillable === [] && method_exists($model, 'getGuarded') && $model->getGuarded() !== ['*']) {
|
||||
@@ -292,6 +335,19 @@ class SupportResourceController extends Controller
|
||||
);
|
||||
}
|
||||
|
||||
private function invalidFieldResponse(string $resource, array $fields): JsonResponse
|
||||
{
|
||||
return ApiError::response(
|
||||
'support_invalid_fields',
|
||||
'Invalid Fields',
|
||||
"Unsupported fields provided for {$resource}.",
|
||||
422,
|
||||
[
|
||||
'fields' => array_values($fields),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
private function resourceNotFoundResponse(string $resource, ?string $record = null): JsonResponse
|
||||
{
|
||||
$message = $record
|
||||
@@ -305,4 +361,16 @@ class SupportResourceController extends Controller
|
||||
404
|
||||
);
|
||||
}
|
||||
|
||||
private function normalizeDataExportPayload(Request $request, array $payload): array
|
||||
{
|
||||
$payload['user_id'] = $request->user()?->id;
|
||||
$payload['status'] = DataExport::STATUS_PENDING;
|
||||
|
||||
if (($payload['scope'] ?? null) !== DataExportScope::EVENT->value) {
|
||||
$payload['event_id'] = null;
|
||||
}
|
||||
|
||||
return $payload;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user