Skip to content

Fix bulk update validation & authorization per item and their relations#716

Merged
binaryk merged 4 commits intoBinarCode:10.xfrom
george-todica:fix-bulk-update-preserve-validation-indices
Feb 13, 2026
Merged

Fix bulk update validation & authorization per item and their relations#716
binaryk merged 4 commits intoBinarCode:10.xfrom
george-todica:fix-bulk-update-preserve-validation-indices

Conversation

@george-todica
Copy link
Copy Markdown
Contributor

@george-todica george-todica commented Feb 12, 2026

Summary

  • Enable bulk update policies to receive the model for authorization checks
  • Policies can now check model properties ($post->user_id) and relations ($post->user->email)

Problem

The updateBulk policy method was not receiving the $post model, preventing authorization checks like:

  • Ownership verification: $post->user_id === $user->id
  • Relation-based checks: $post->user->email

Solution

  • Add $post parameter to PostPolicy::updateBulk() to receive model from Gate::check('updateBulk', $this->resource)
  • Authorization happens inside the loop after model is loaded, ensuring $this->resource contains the actual model
  • Validate all items upfront (before loop) to preserve correct validation error indices

@vercel
Copy link
Copy Markdown

vercel bot commented Feb 12, 2026

@george-todica is attempting to deploy a commit to the BinarCode Team on Vercel.

A member of the Team first needs to authorize it.

@what-the-diff
Copy link
Copy Markdown

what-the-diff bot commented Feb 12, 2026
edited
Loading

PR Summary

  • Improvements to Bulk Update Validation
    The update enhances the 'RepositoryUpdateBulkController' to validate all items in a bulk update request immediately. This enhances the reliability of the bulk update functionality.

  • Enhancements to Bulk Update Logic in Repository
    The 'allowToUpdateBulk' method in the Repository has been adjusted to better handle the payload data array and pass it to the validator. This refines the bulk update process.

  • Test Improvements for Bulk Updates
    Enhancements have been made to the 'RepositoryUpdateBulkControllerTest', especially the process of creating posts and validating them in a more efficient way. This ensures a more robust testing process for bulk updates.

  • Added Ownership Validation During Bulk Updates
    New tests have been added to ensure only the actual owners of posts can update them. This strengthens the authorization checks implemented for bulk updates.

  • Enhanced Post Policy Checks
    The 'PostPolicy' now includes additional checks for ownership validation during bulk updates. This helps to preserve the integrity of posts during bulk updates based on user roles.

@george-todica
Merge branch '10.x' into fix-bulk-update-preserve-validation-indices
0c5df93 
# Conflicts:
#	src/Http/Controllers/RepositoryUpdateBulkController.php
@george-todica
remove duplicated test
72528c2
@binaryk binaryk merged commit ae18492 into BinarCode:10.x Feb 13, 2026
10 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@george-todica @binaryk