Dfyjkt

I'm facing a little issue with Form Request Validation and how to handle it with one API route.

The resource that I need to create depends on an other resource.

(Here an EmailSettings belongs to a Tenant)

So the look of my route should be something like : /api/tenants/id/email_settings

And my request validation expects several fields including the tenantId :

public function rules() required

And I send the request like this :

try 
 const response = await this.tenantForm.post('/api/tenants')
 let newTenant = helpers.getNewResourceFromResponseHeaderLocation(response)
 let tenantId = parseInt(newTenant.id);
 try 
 await this.emailSettingsForm.post('/api/tenants/' + tenantId + '/email_settings')
 this.requestAllTenants()
 catch (response) 
 $('.second.modal').modal(blurring: true, closable: false).modal('show');
 
 catch (response) 
 $('.first.modal').modal(blurring: true).modal('show');

So the tenantId is passed as a parameter and not in the request body to respect the REST convention.
But the problem is in my Controller, when I merge the data to create the resource, the validation has already took place only on body data before the merge.

public function store(EmailSettingValidation $request, $tenant_id) 
 $emailSetting = $this->emailSettingService->create(
 array_merge($request->all(), compact($tenant_id))
 );
 return $this->response->created($emailSetting);

So what is the best way to handle it properly ?

• Pass the id in the body ? Seems messy


• Use Validator to validate manually ? I would prefer to keep Form Validation


• Remove the tenantId rule and check it manually ?

Any suggestions ?
Thank you

If you define your api route like this:

Roue::post('tenants/tenant/emails_settings', 'Controller@store');

and modify your controller method to type-hint the model with a matching variable name:

public function store(EmailSettingValidation $request, Tenant $tenant) 

Laravel will automatically find the Tenant by ID and inject it into the controller, throwing a ModelNotFoundException (404) if it doesn't exist. That should take care of validating the id.

Authorization is another matter.

So the solution I found to trigger 404 is the following :

• Remove the tenantId from EmailSettings Validation


• Add a provider to add a custom error when the exception 'ModelNotFoundException' occurs like here
  No query results for model in Laravel with Dingo - how to make a RESTful response on failure?
  


• 
  

  Try to throw this Exception with the findOrFail method if invalid ID :

  
  
  

  public function store(EmailSettingValidation $request, $tenant_id) 
   Tenant::findOrFail($tenant_id);
   $emailSetting = $this->emailSettingService->create(
   array_merge($request->all(), ['tenantId' => $tenant_id])
   );
   return $this->response->created($emailSetting);
  
  

  
  

Travis Britz and Guillaumehanotel each have half of your answer, but you're still missing a detail.

From Travis Britz- Yes, include the tenant_id on the URI so it gets injected into the controller.
From Guillaumehanotel- Also used the Eloquent findOrFail in that Id in your Controller (or whatever class the Controller is leveraging to do this, like a Repository or Service class).

The last piece you're missing though is handling the error. You can do this in the Controller if you like, but I generally like making it a rule for my entire system that the IlluminateDatabaseEloquentModelNotFoundException Exceptions that come out of findOrFail() should always result in a 404.

Go to app/Exceptions/Handler.php. I'm pretty sure Laravel auto-generates a meat and potatoes version of this file for you, but if you don't already have one, it should look something like this:

<?php

namespace AppExceptions;

use IlluminateFoundationExceptionsHandler as ExceptionHandler;

/**
 * Class Handler
 * @package AppExceptions
 */
class Handler extends ExceptionHandler

 /**
 * Render an exception into an HTTP response.
 *
 * For our API, we need to override the call
 * to the parent.
 *
 * @param IlluminateHttpRequest $request
 * @param Exception $e
 * @return IlluminateHttpResponse
 */
 public function render($request, Exception $error)
 
 $exception = [
 'title' => 'Internal Error',
 'message' => $error->getMessage();
 ];
 $statusCode = 500;
 $headers = [
 'Content-Type', 'application/json'
 ];

 return response()->json($exception, $statusCode, $headers, JSON_PRETTY_PRINT);
 

Laravel basically has a system-wide try/catch that sends all errors through here first. That's how errors get rendered into something the browser can actually interpret when you're in debug-mode, rather than just kill the process outright. This also gives you the opportunity to apply a few special rules.

So all you need to do is tell Handler::render() to change the default error code that occurs when it sees the type of error that can only come from findOrFail(). (This kind of thing is why it's always good to make your own 'named exceptions', even if they do absolutely nothing except inherit the base Exception class.)

Just add this just before render() returns anything:

if ($error instanceof IlluminateDatabaseEloquentModelNotFoundException) 
 $statusCode = 404;