just the basics and notes, pushing to keep track

app/Http/Controllers/Api/AssetsController.php

@@ -4,6 +4,7 @@ namespace App\Http\Controllers\Api;
 
 use App\Events\CheckoutableCheckedIn;
 use App\Http\Requests\StoreAssetRequest;
+use App\Http\Requests\UpdateAssetRequest;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Crypt;
 use Illuminate\Support\Facades\Gate;
@@ -621,13 +622,12 @@ class AssetsController extends Controller
      * @since [v4.0]
      * @return \Illuminate\Http\JsonResponse
      */
-    public function update(ImageUploadRequest $request, $id)
+    public function update(UpdateAssetRequest $request, Asset $id)
     {
-        $this->authorize('update', Asset::class);
-
         if ($asset = Asset::find($id)) {
-            $asset->fill($request->all());
+            $asset->fill($request->validated());
 
+            // TODO: how much of this should go to validator?
             ($request->filled('model_id')) ?
                 $asset->model()->associate(AssetModel::find($request->get('model_id'))) : null;
             ($request->filled('rtd_location_id')) ?
@@ -691,6 +691,8 @@ class AssetsController extends Controller
             return response()->json(Helper::formatStandardApiResponse('error', null, $asset->getErrors()), 200);
         }
 
+        // TODO: can this be moved up to ModelNotFound exception handler? would remove a couple lines here if we could use laravel's awesome route-model binding.
+        // (would also need to confirm that then _everything_ expects a 200 when a model isn't found)
         return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/hardware/message.does_not_exist')), 200);
     }
 

app/Http/Requests/UpdateAssetRequest.php

@@ -0,0 +1,57 @@
+<?php
+
+namespace App\Http\Requests;
+
+use App\Models\Asset;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Facades\Gate;
+
+class UpdateAssetRequest extends ImageUploadRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return Gate::allows('update', new Asset);
+    }
+
+    public function prepareForValidation()
+    {
+        // the following are 'required' attributes that may or may not be present on an patch request
+        // so supplying them here instead of doing funky array modification to the rules
+        if (!$this->has('asset_tag')) {
+            // TODO: not sure if i'll be able to use the route model binding here because of not-found return stuff, need to test
+            $asset_tag = $this->asset->asset_tag;
+        }
+        if (!$this->has('model_id')) {
+            $model_id = $this->asset->model_id;
+        }
+        if (!$this->has('status_id')) {
+            $status_id = $this->asset->status_id;
+        }
+
+        $this->merge([
+           'asset_tag' => $asset_tag,
+           'model_id'  => $model_id,
+           'status_id' => $status_id,
+        ]);
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        $rules = array_merge(
+            (new Asset())->getRules(),
+            parent::rules(),
+        );
+
+        return $rules;
+    }
+}