core-api/src/Http/Requests/UpdateUserRequest.php at 312b0d1f534d15f52c6a6aafa5b4b2d5240e89a7 · fleetbase/core-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php

namespace Fleetbase\Http\Requests;

use Fleetbase\Rules\EmailDomainExcluded;
use Fleetbase\Rules\ValidPhoneNumber;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Validation\Rule;

class UpdateUserRequest extends FleetbaseRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return session('company');
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * Uses `sometimes` + `required` (the correct Laravel pattern for PATCH/PUT):
     * - If the field is present in the payload it must pass all rules, including
     *   `required` which rejects empty strings and null.
     * - If the field is absent entirely it is skipped, allowing partial updates.
     *
     * @return array
     */
    public function rules()
    {
        // REST routes generated by the custom registrar use the singular
        // resource wildcard (e.g. `/users/{user}`), while some bespoke routes
        // still use `{id}`. Support both so uniqueness rules correctly ignore
        // the current user's own row during updates.
        $userRouteParam = $this->route('user') ?? $this->route('id');
        $userId         = $userRouteParam instanceof Model ? $userRouteParam->getKey() : $userRouteParam;

        return [
            'name'  => ['sometimes', 'required', 'string', 'min:2', 'max:100'],

            // Email must be a valid address, must not be empty, and must remain
            // unique across non-deleted users — ignoring the current user's own row.
            'email' => [
                'sometimes',
                'required',
                'string',
                'email',
                'max:255',
                Rule::unique('users', 'email')
                    ->ignore($userId, 'uuid')
                    ->whereNull('deleted_at'),
                new EmailDomainExcluded(),
            ],

            // Phone is optional (some user types may not have one), but if it is
            // supplied it must be a valid E.164 number and must remain unique.
            // `nullable` allows explicit null to clear the field; `required_with`
            // is not used here because phone is genuinely optional on some accounts.
            'phone' => [
                'sometimes',
                'nullable',
                new ValidPhoneNumber(),
                Rule::unique('users', 'phone')
                    ->ignore($userId, 'uuid')
                    ->whereNull('deleted_at'),
            ],
        ];
    }

    /**
     * Get the error messages for the defined validation rules.
     *
     * @return array
     */
    public function messages()
    {
        return [
            'name.required'   => 'Name cannot be empty.',
            'name.min'        => 'Name must be at least 2 characters.',
            'email.required'  => 'Email address cannot be empty.',
            'email.email'     => 'A valid email address is required.',
            'email.unique'    => 'An account with this email address already exists.',
            'phone.unique'    => 'An account with this phone number already exists.',
        ];
    }
}