RestfulService::getRelevantValidationRules odd behaviour #13
Description
Hi!
I think I've encountered a bug but I'm not 100% sure about it... Please see the following piece of code:
l5-api/src/Services/RestfulService.php
Line 186 in 52caecb
Here the service is only returning the rules based on the input request... However, what if we have the following validation rules in a hypothetical User model:
public function getValidationRulesUpdating()
{
return [
'password': 'sometimes|required|string|min:8|confirmed',
'current_password': ['required_with:password', new MatchCurrentPassword()]
];
}
"MatchCurrentPassword" is simply a custom Rule that checks if the field matches the value of the User's current password.
When we request a User update and we include only the "password" and "password_confirmation" fields, only the 'password' validation rules are returned... However, 'current_password' is saying it's a required field when 'password' is present! This means we're failing to enforce the rule where a User must also provide the current password to change (update) their password.
https://laravel.com/docs/5.8/validation#rule-required-with
Thanks