21. Refactoring validation


One thing that I really love to refactor is moving out validation rules from our controller into a form request.
This completely tidies it up and makes our controllers really, really tidy. Now, as a side effect of doing this, we're actually going to be refactoring the way that authorization is handled as well because we can authorize within a form request. So we can get rid of these two lines, move them both over to a form request,
and of course, because our tests check both things, we can see if everything is still working without having to touch our app. So we will start with our book put controller. So let's go ahead and create out a form request for this.
Now, we could create a shared form request for putting and storing a book, but let's keep these separate for now just in case the rules change for putting and storing books, which is likely in the future. So we're going to go ahead and make a request in here, and we're going to say book put request,
or you could say book put form request. We tend to keep this shorter. So let's go over to our book put request, and if you're new to Laravel or form requests, let's take a look. So authorized is going to be where our authorization rule goes,
and rules are going to be where our validation rules go. So let's go over here, grab our validation rules here, get rid of this line, and put these into here. So that's pretty much that done. Let's make sure we pull our namespaces in, and then we can move this over.
So if we remember earlier over in our book put test, what we did is we got rid of this data. That's now not going to work because at this point of the request, when we switch this out, the validation is going to come first before the authorization. So we're going to go ahead and put this back in just temporarily.
We can remove it in a minute, and let's switch this to book put request. Okay, so I'm going to run PEST, and we get a failure. Let's have a look. So it looks like this isn't being updated, and the reason for that is if we come over to our book put request,
authorization by default is set to false. Let's switch that to true because we're handling our authorization just here. And let's rerun PEST, and great, we get green. So that validation was successfully refactored.
So let's go ahead and create a form request for our book store controller, and move these validation rules out as well. And then we'll come back and look at how we can tidy this up as well. And of course, run our test to make sure.
So again, we're going to grab these validation rules here, get rid of this validation here, and we're going to make another form request, and this is going to be book store request. Now, in terms of our book store request, we know, if we just open this up properly, that we don't need to authorize this.
The user needs to be signed in, but that is handled by our middleware, so we can just explicitly set that to true. And we can put our rules back in here, and come back over to our book store controller,
and switch this to a book store request. Let's run PEST again, and we get green, great. Okay, so specifically for our book put request, and our book put controller, we want to move this authorization over to that form request.
Now, to do this, we need to do this in a slightly different way. Now, of course, if we get rid of this authorization here, and rerun PEST, we are going to get a failure, because we don't get a 403, we get a 302. So, if we come over to our book put request, let's slightly differ the way we authorize this.
So, because we're dealing with a request, technically a request object, we can go ahead and say this user, which is the same as saying request user in our controller, and we can say can update, and where do we get our book from? Well, once again, because this is a request, and we're using root model binding,
we actually get this book in our request object. So, that should be enough to now be a successful refactor. So, we have them test that back things up, and now we have a really nice, neat controller with all of our logic to authorize and validate tucked away.
35 episodes4 hrs 19 mins


Pest is a PHP testing framework that brings beautifully simple syntax to your tests, without sacrificing on features. In this course, we'll get up and running with Pest in a Laravel project and write tests for a real-world application that we'll build along the way.

You'll learn how to set Pest up in a Laravel project, write tests with Pest's built-in assertions, generate code coverage, and more.

Alex Garrett-Smith
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!


No comments, yet. Be the first to leave a comment.