Adjust validator to only receive valid groups id's

2025-01-12 22:37:28 -08:00 · 2023-03-13 16:10:08 -06:00 · 2023-03-13 16:10:08 -06:00 · e7b3daa80c
parent e4204a6dd1
commit e7b3daa80c
1 changed files with 7 additions and 4 deletions
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@ -453,11 +453,14 @@ class UsersController extends Controller

            // Check if the request has groups passed and has a value
            if ($request->filled('groups')) {
-                $validator = Validator::make($request->input('groups'), [
-                    'groups' => 'array',
-                    'groups.*' => 'integer',
+                $validator = Validator::make($request->all(), [
+                    'groups' => 'integer|exists:permission_groups,id',
+                    'groups.*' => 'integer|exists:permission_groups,id',
                ]);
-
+                
+                if ($validator->fails()){
+                    return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
+                }
                $user->groups()->sync($request->input('groups'));
            // The groups field has been passed but it is null, so we should blank it out
            } elseif ($request->has('groups')) {