Sign up to access "Build a Forum with Inertia and Laravel" right now.

Most important thing here really is the validation. So let's go over to our create discussion form. First of all, I'm just going to go ahead and change around the button here. So let's search for that button and I'm going to just change the wording around.

So let's say start discussion. So all of that kind of makes sense. OK, so validation, how are we going to tackle this? Well, we're going to do this in a form request because from all of the actions in our forum, we're going to have authorization.

It makes sense to keep these both in a form request. All this does is replace out the standard request, but allow you to define things like whether the user is allowed to do something, e.g. authorization and also the validation rules. So let's make out a request in here.

And the format for this that we follow is store whatever we're storing. So in this case, a discussion and request. So let's actually reference Arton properly, and we now have our store discussion request, which we're just going to replace out in here. So store discussion request.

Let's open this up. That lives in HTTP and requests. We have authorized here. Let's send that to true just for now.

But let's focus on our validation rules. So these are quite simple. The title here is just required and we'll set a max here of 255, although you can control that. Let's set the body in here just required and we won't set a max.

And then the topic ID is slightly more complicated. Of course, it's required, but it also needs to exist within the topics table. So for this, we're going to go ahead and pull in the rule class. We're going to say exists.

We're going to pass in the topic namespace for the model, and then we're going to choose the column that it must exist by, which is the ID. OK, so validation now should just be working. Let's head over here and hit start discussion. And sure enough, you can see all of our validation rules are working and we're now displaying all of the validation errors.

So we'll finish up just by adding in some policies in here for the discussion just to add in the authorization to check whether we can create a discussion. But we're going to be focusing on these more later when we get to the posts where we're going to have the ability to check authorization for editing, marking best answer for the overall discussion and all that stuff. So let's just get started with authorization by making out a policy for the discussion model or any discussion instance. This is discussion policy and we register this over in auth service provider and we can add this under policies here.

So we're going to reference the discussion model and say that the policy attached to this is the discussion policy that's registered that now. If we head over to the discussion policy and we get rid of the constructor in here, we can just create any methods so we can say, can a user create a discussion? So in here, we'll bring in the user. We don't need a discussion because to create a discussion, we don't necessarily need to have a discussion.

And we're just going to return true. Later, if you have some kind of condition over whether a user can create a discussion, you can just add the logic in here. Then they won't be able to create a discussion. They don't have permission.

So to authorize this, we're going to go over here and say auth user can create. And we don't have a discussion instance, but we just want to pass in the full namespace to the discussion. So if we check this out now, try and create a discussion. Let's just say one more, one more body, and we'll go ahead and choose a topic that should work.

And yes, home topic does not exist. Let's just have a look at where that is. So that's in our form request. So let's go over to our store discussion request here and just put in the namespace for the topic.

Let's try this again. And there we go, that's created. However, if we go over to our discussion policies, set this to false or whatever logic you have in there means that a user can't post a discussion. And we just try this again, just don't need a rubbish.

You can see we get a 403, this action is unauthorized. So we're going to switch that back to true. And now we've implemented some very basic authorization here that at the moment does nothing, but it gives us a good start. And of course, more importantly, we're also validating all of this as well.