Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fillable property on BaseModels #57

Closed
lucasschirm opened this issue Dec 11, 2017 · 2 comments
Closed

Fillable property on BaseModels #57

lucasschirm opened this issue Dec 11, 2017 · 2 comments
Labels
enhancement

Comments

@lucasschirm
Copy link

I would like to suggest the fillable property show be keeped on Base files, and only be overloaded if nedded on Model files.

Are you accepting pull requests?
@CristianLlanos
Copy link
Member

CristianLlanos commented Dec 11, 2017
edited

One reason to keep them in the user models is because if you want to overide the fillable property you will need to completely replace all those fields in each model. Whereas if you have them in the user models, it does not matter. You can change them (delete or add one field) or completely delete them if you don't need them.

For instance, your proposed behaviour would be like the following:

class BaseUser extends Eloquent
{
    protected $fillable = ['firstName', 'lastName', 'password', 'gender'];
}

class User extends BaseUser
{
    protected $fillable = ['firstName', 'lastName', 'password'];
}

If I wanted to add another field to my fillable property, I would need to write all the other fields as well. That isn't convenient at all.

However, if we have those fillable attributes in the User class, it'll be so easy to add a new field to the fillable property.

/** First generated model **/
class User extends BaseUser
{
    protected $fillable = ['firstName', 'lastName', 'password'];
}

/** You'll just need to add another field and that's it **/
class User extends BaseUser
{
    protected $fillable = ['firstName', 'lastName', 'password', 'gender'];
}

Another reason not to have new fields automatically added to the fillable property is because it can be dangerous. Since all new database fields will be automatically a fillable attribute, you don't get to decide weather you actually want it to be fillable or not. Remember that the reason for having fillable attributes is to defend yourself from mass assignment. If every new field is mass assignable by default, you are potentially creating security vulnerabilities in your system without even being aware of it.

@CristianLlanos
Copy link
Member

Perhaps an option to enable one feature or another would be fine. The safer one should be the default and putting the fillable property in base models would have to be manually enabled. What do you think? Seems reasonable to me 🤔 And I'm willing to accept this pull request if you would like to contribute :)

@CristianLlanos CristianLlanos changed the title Fillable should be put on BaseModels Fillable property on BaseModels Dec 15, 2017
@andrey-helldar andrey-helldar mentioned this issue Dec 20, 2017
Closed
This was referenced Apr 20, 2021
Closed
Merged
CristianLlanos added a commit that referenced this issue Apr 23, 2021
@CristianLlanos
Merge pull request #206 from nhoemchenda/v1.x
91de197 
Fillable property on BaseModels #57
@0kyn 0kyn mentioned this issue Sep 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucasschirm @CristianLlanos