security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -78,7 +78,8 @@ final class CrowdListController extends Controller
|
||||
{
|
||||
Gate::authorize('managePerson', [$crowdList, $event]);
|
||||
|
||||
$person = Person::findOrFail($request->validated('person_id'));
|
||||
$festivalEventId = $event->parent_event_id ?? $event->id;
|
||||
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
|
||||
|
||||
$this->crowdListService->addPerson($crowdList, $person, $request->user());
|
||||
|
||||
|
||||
@@ -75,6 +75,11 @@ final class InvitationController extends Controller
|
||||
|
||||
public function revoke(Organisation $organisation, UserInvitation $invitation): JsonResponse
|
||||
{
|
||||
// Verify invitation belongs to this organisation
|
||||
if ($invitation->organisation_id !== $organisation->id) {
|
||||
return $this->notFound('Uitnodiging niet gevonden');
|
||||
}
|
||||
|
||||
Gate::authorize('invite', $organisation);
|
||||
|
||||
if (! $invitation->isPending()) {
|
||||
|
||||
@@ -50,6 +50,11 @@ final class PersonIdentityMatchController extends Controller
|
||||
|
||||
public function confirm(Request $request, Organisation $organisation, PersonIdentityMatch $personIdentityMatch): JsonResponse
|
||||
{
|
||||
// Verify match belongs to this organisation
|
||||
if ($personIdentityMatch->person->event->organisation_id !== $organisation->id) {
|
||||
return $this->notFound('Match not found.');
|
||||
}
|
||||
|
||||
Gate::authorize('confirm', $personIdentityMatch);
|
||||
|
||||
try {
|
||||
@@ -65,6 +70,11 @@ final class PersonIdentityMatchController extends Controller
|
||||
|
||||
public function dismiss(Request $request, Organisation $organisation, PersonIdentityMatch $personIdentityMatch): JsonResponse
|
||||
{
|
||||
// Verify match belongs to this organisation
|
||||
if ($personIdentityMatch->person->event->organisation_id !== $organisation->id) {
|
||||
return $this->notFound('Match not found.');
|
||||
}
|
||||
|
||||
Gate::authorize('dismiss', $personIdentityMatch);
|
||||
|
||||
try {
|
||||
@@ -82,7 +92,9 @@ final class PersonIdentityMatchController extends Controller
|
||||
{
|
||||
Gate::authorize('bulkConfirm', [PersonIdentityMatch::class, $organisation]);
|
||||
|
||||
$orgEventIds = $organisation->events()->pluck('id');
|
||||
$matches = PersonIdentityMatch::whereIn('id', $request->validated('match_ids'))
|
||||
->whereHas('person', fn ($q) => $q->whereIn('event_id', $orgEventIds))
|
||||
->with('person')
|
||||
->get()
|
||||
->keyBy('id');
|
||||
|
||||
@@ -172,6 +172,12 @@ final class PortalShiftController extends Controller
|
||||
|
||||
public function claim(Request $request, Event $event, Shift $shift): JsonResponse
|
||||
{
|
||||
// Verify shift belongs to this event context
|
||||
$eventIds = $this->resolveEventIds($event);
|
||||
if (! in_array($shift->festivalSection->event_id, $eventIds)) {
|
||||
return $this->notFound('Shift niet gevonden.');
|
||||
}
|
||||
|
||||
$person = $this->resolvePerson($event);
|
||||
|
||||
if ($person->status !== 'approved') {
|
||||
@@ -203,6 +209,12 @@ final class PortalShiftController extends Controller
|
||||
|
||||
public function cancel(Request $request, Event $event, ShiftAssignment $shiftAssignment): JsonResponse
|
||||
{
|
||||
// Verify assignment belongs to this event context
|
||||
$eventIds = $this->resolveEventIds($event);
|
||||
if (! in_array($shiftAssignment->shift->timeSlot->event_id, $eventIds)) {
|
||||
return $this->notFound('Dienst niet gevonden.');
|
||||
}
|
||||
|
||||
$person = $this->resolvePerson($event);
|
||||
|
||||
// Must be the person's own assignment
|
||||
|
||||
@@ -21,13 +21,16 @@ final class PortalMeController extends Controller
|
||||
{
|
||||
public function index(PortalMeRequest $request): JsonResponse
|
||||
{
|
||||
$event = Event::findOrFail($request->validated('event_id'));
|
||||
$event = Event::withoutGlobalScope(\App\Models\Scopes\OrganisationScope::class)
|
||||
->findOrFail($request->validated('event_id'));
|
||||
|
||||
if ($event->isSubEvent()) {
|
||||
$event = $event->parent;
|
||||
}
|
||||
|
||||
$person = Person::where('user_id', $request->user()->id)
|
||||
// Verify user has a person record for this event (scopes access)
|
||||
$person = Person::withoutGlobalScope(\App\Models\Scopes\OrganisationScope::class)
|
||||
->where('user_id', $request->user()->id)
|
||||
->where('event_id', $event->id)
|
||||
->with([
|
||||
'crowdType',
|
||||
@@ -95,13 +98,16 @@ final class PortalMeController extends Controller
|
||||
|
||||
$user = $request->user();
|
||||
|
||||
$event = Event::findOrFail($validated['event_id']);
|
||||
$event = Event::withoutGlobalScope(\App\Models\Scopes\OrganisationScope::class)
|
||||
->findOrFail($validated['event_id']);
|
||||
|
||||
if ($event->isSubEvent()) {
|
||||
$event = $event->parent;
|
||||
}
|
||||
|
||||
$person = Person::where('user_id', $user->id)
|
||||
// Verify user has a person record for this event (scopes access)
|
||||
$person = Person::withoutGlobalScope(\App\Models\Scopes\OrganisationScope::class)
|
||||
->where('user_id', $user->id)
|
||||
->where('event_id', $event->id)
|
||||
->firstOrFail();
|
||||
|
||||
|
||||
@@ -96,6 +96,7 @@ final class ShiftAssignmentController extends Controller
|
||||
Gate::authorize('bulkApprove', [ShiftAssignment::class, $event]);
|
||||
|
||||
$assignments = ShiftAssignment::whereIn('id', $request->validated('assignment_ids'))
|
||||
->whereHas('shift.festivalSection', fn ($q) => $q->where('event_id', $event->id))
|
||||
->with('shift')
|
||||
->get();
|
||||
|
||||
|
||||
@@ -71,7 +71,8 @@ final class ShiftController extends Controller
|
||||
{
|
||||
Gate::authorize('assign', [$shift, $event, $section]);
|
||||
|
||||
$person = Person::findOrFail($request->validated('person_id'));
|
||||
$festivalEventId = $event->parent_event_id ?? $event->id;
|
||||
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
|
||||
$assignment = $this->shiftAssignmentService->assign($shift, $person, $request->user());
|
||||
|
||||
return $this->created(new ShiftAssignmentResource($assignment));
|
||||
@@ -81,7 +82,8 @@ final class ShiftController extends Controller
|
||||
{
|
||||
Gate::authorize('claim', [$shift, $event, $section]);
|
||||
|
||||
$person = Person::findOrFail($request->validated('person_id'));
|
||||
$festivalEventId = $event->parent_event_id ?? $event->id;
|
||||
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
|
||||
$assignment = $this->shiftAssignmentService->claim($shift, $person);
|
||||
|
||||
return $this->created(new ShiftAssignmentResource($assignment));
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class AddPersonToCrowdListRequest extends FormRequest
|
||||
{
|
||||
@@ -16,8 +17,11 @@ final class AddPersonToCrowdListRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$event = $this->route('event');
|
||||
$festivalEventId = $event->parent_event_id ?? $event->id;
|
||||
|
||||
return [
|
||||
'person_id' => ['required', 'ulid', 'exists:persons,id'],
|
||||
'person_id' => ['required', 'ulid', Rule::exists('persons', 'id')->where('event_id', $festivalEventId)],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class AssignShiftRequest extends FormRequest
|
||||
{
|
||||
@@ -16,8 +17,11 @@ final class AssignShiftRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$event = $this->route('event');
|
||||
$festivalEventId = $event->parent_event_id ?? $event->id;
|
||||
|
||||
return [
|
||||
'person_id' => ['required', 'ulid', 'exists:persons,id'],
|
||||
'person_id' => ['required', 'ulid', Rule::exists('persons', 'id')->where('event_id', $festivalEventId)],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class BulkApproveShiftAssignmentRequest extends FormRequest
|
||||
{
|
||||
@@ -16,9 +17,22 @@ final class BulkApproveShiftAssignmentRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$event = $this->route('event');
|
||||
|
||||
return [
|
||||
'assignment_ids' => ['required', 'array', 'min:1', 'max:100'],
|
||||
'assignment_ids.*' => ['required', 'ulid', 'exists:shift_assignments,id'],
|
||||
'assignment_ids.*' => [
|
||||
'required', 'ulid',
|
||||
Rule::exists('shift_assignments', 'id')->where(function ($query) use ($event) {
|
||||
$query->whereIn('shift_id', function ($q) use ($event) {
|
||||
$q->select('id')->from('shifts')
|
||||
->whereIn('festival_section_id', function ($q2) use ($event) {
|
||||
$q2->select('id')->from('festival_sections')
|
||||
->where('event_id', $event->id);
|
||||
});
|
||||
});
|
||||
}),
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class BulkConfirmIdentityMatchesRequest extends FormRequest
|
||||
{
|
||||
@@ -16,9 +17,22 @@ final class BulkConfirmIdentityMatchesRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$organisation = $this->route('organisation');
|
||||
|
||||
return [
|
||||
'match_ids' => ['required', 'array', 'min:1', 'max:100'],
|
||||
'match_ids.*' => ['required', 'string', 'exists:person_identity_matches,id'],
|
||||
'match_ids.*' => [
|
||||
'required', 'string',
|
||||
Rule::exists('person_identity_matches', 'id')->where(function ($query) use ($organisation) {
|
||||
$query->whereIn('person_id', function ($q) use ($organisation) {
|
||||
$q->select('id')->from('persons')
|
||||
->whereIn('event_id', function ($q2) use ($organisation) {
|
||||
$q2->select('id')->from('events')
|
||||
->where('organisation_id', $organisation->id);
|
||||
});
|
||||
});
|
||||
}),
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,8 +4,8 @@ declare(strict_types=1);
|
||||
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use App\Models\Event;
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class ImportFromEventRequest extends FormRequest
|
||||
{
|
||||
@@ -18,24 +18,10 @@ final class ImportFromEventRequest extends FormRequest
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'source_event_id' => ['required', 'ulid', 'exists:events,id'],
|
||||
'source_event_id' => [
|
||||
'required', 'ulid',
|
||||
Rule::exists('events', 'id')->where('organisation_id', $this->route('event')->organisation_id),
|
||||
],
|
||||
];
|
||||
}
|
||||
|
||||
public function withValidator($validator): void
|
||||
{
|
||||
$validator->after(function ($validator) {
|
||||
$sourceEventId = $this->input('source_event_id');
|
||||
if (!$sourceEventId) {
|
||||
return;
|
||||
}
|
||||
|
||||
$sourceEvent = Event::find($sourceEventId);
|
||||
$targetEvent = $this->route('event');
|
||||
|
||||
if ($sourceEvent && $targetEvent && $sourceEvent->organisation_id !== $targetEvent->organisation_id) {
|
||||
$validator->errors()->add('source_event_id', 'Source event must belong to the same organisation.');
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class ReorderRegistrationFormFieldsRequest extends FormRequest
|
||||
{
|
||||
@@ -16,9 +17,11 @@ final class ReorderRegistrationFormFieldsRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$event = $this->route('event');
|
||||
|
||||
return [
|
||||
'ids' => ['required', 'array', 'min:1'],
|
||||
'ids.*' => ['required', 'ulid', 'exists:registration_form_fields,id'],
|
||||
'ids.*' => ['required', 'ulid', Rule::exists('registration_form_fields', 'id')->where('event_id', $event->id)],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,10 +19,10 @@ final class StoreCrowdListRequest extends FormRequest
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'crowd_type_id' => ['required', 'ulid', 'exists:crowd_types,id'],
|
||||
'crowd_type_id' => ['required', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
|
||||
'name' => ['required', 'string', 'max:255'],
|
||||
'type' => ['required', Rule::enum(CrowdListType::class)],
|
||||
'recipient_company_id' => ['nullable', 'ulid', 'exists:companies,id'],
|
||||
'recipient_company_id' => ['nullable', 'ulid', Rule::exists('companies', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
|
||||
'auto_approve' => ['sometimes', 'boolean'],
|
||||
'max_persons' => ['nullable', 'integer', 'min:1'],
|
||||
];
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class StoreEventRequest extends FormRequest
|
||||
{
|
||||
@@ -23,7 +24,7 @@ final class StoreEventRequest extends FormRequest
|
||||
'end_date' => ['required', 'date', 'after_or_equal:start_date'],
|
||||
'timezone' => ['sometimes', 'string', 'max:50'],
|
||||
'status' => ['sometimes', 'string', 'in:draft,published,registration_open,buildup,showday,teardown,closed'],
|
||||
'parent_event_id' => ['nullable', 'ulid', 'exists:events,id'],
|
||||
'parent_event_id' => ['nullable', 'ulid', Rule::exists('events', 'id')->where('organisation_id', $this->route('organisation')->id)],
|
||||
'event_type' => ['nullable', 'in:event,festival,series'],
|
||||
'event_type_label' => ['nullable', 'string', 'max:50'],
|
||||
'sub_event_label' => ['nullable', 'string', 'max:50'],
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class StorePersonRequest extends FormRequest
|
||||
{
|
||||
@@ -16,14 +17,16 @@ final class StorePersonRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$orgId = $this->route('event')->organisation_id;
|
||||
|
||||
return [
|
||||
'crowd_type_id' => ['required', 'ulid', 'exists:crowd_types,id'],
|
||||
'crowd_type_id' => ['required', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $orgId)],
|
||||
'first_name' => ['required', 'string', 'max:255'],
|
||||
'last_name' => ['required', 'string', 'max:255'],
|
||||
'date_of_birth' => ['nullable', 'date', 'before:today'],
|
||||
'email' => ['required', 'email', 'max:255'],
|
||||
'phone' => ['nullable', 'string', 'max:30'],
|
||||
'company_id' => ['nullable', 'ulid', 'exists:companies,id'],
|
||||
'company_id' => ['nullable', 'ulid', Rule::exists('companies', 'id')->where('organisation_id', $orgId)],
|
||||
'status' => ['nullable', 'in:invited,applied,pending,approved,rejected,no_show'],
|
||||
'remarks' => ['nullable', 'string', 'max:5000'],
|
||||
'custom_fields' => ['nullable', 'array'],
|
||||
|
||||
@@ -28,7 +28,7 @@ final class StoreShiftRequest extends FormRequest
|
||||
|
||||
$query->whereIn('event_id', $eventIds);
|
||||
})],
|
||||
'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
|
||||
'location_id' => ['nullable', 'ulid', Rule::exists('locations', 'id')->where('event_id', $this->route('event')->id)],
|
||||
'title' => ['nullable', 'string', 'max:255'],
|
||||
'description' => ['nullable', 'string'],
|
||||
'instructions' => ['nullable', 'string'],
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class SyncVolunteerAvailabilityRequest extends FormRequest
|
||||
{
|
||||
@@ -16,9 +17,20 @@ final class SyncVolunteerAvailabilityRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$event = $this->route('event');
|
||||
$eventIds = [$event->id];
|
||||
if ($event->parent_event_id) {
|
||||
$eventIds[] = $event->parent_event_id;
|
||||
} elseif ($event->isFestival()) {
|
||||
$eventIds = array_merge($eventIds, $event->children()->pluck('id')->all());
|
||||
}
|
||||
|
||||
return [
|
||||
'availabilities' => ['required', 'array'],
|
||||
'availabilities.*.time_slot_id' => ['required', 'ulid', 'exists:time_slots,id'],
|
||||
'availabilities.*.time_slot_id' => [
|
||||
'required', 'ulid',
|
||||
Rule::exists('time_slots', 'id')->whereIn('event_id', $eventIds),
|
||||
],
|
||||
'availabilities.*.preference_level' => ['sometimes', 'integer', 'min:1', 'max:5'],
|
||||
];
|
||||
}
|
||||
|
||||
@@ -19,10 +19,10 @@ final class UpdateCrowdListRequest extends FormRequest
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
'crowd_type_id' => ['sometimes', 'ulid', 'exists:crowd_types,id'],
|
||||
'crowd_type_id' => ['sometimes', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
|
||||
'name' => ['sometimes', 'string', 'max:255'],
|
||||
'type' => ['sometimes', Rule::enum(CrowdListType::class)],
|
||||
'recipient_company_id' => ['nullable', 'ulid', 'exists:companies,id'],
|
||||
'recipient_company_id' => ['nullable', 'ulid', Rule::exists('companies', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
|
||||
'auto_approve' => ['sometimes', 'boolean'],
|
||||
'max_persons' => ['nullable', 'integer', 'min:1'],
|
||||
];
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class UpdateEventRequest extends FormRequest
|
||||
{
|
||||
@@ -23,7 +24,7 @@ final class UpdateEventRequest extends FormRequest
|
||||
'start_date' => ['sometimes', 'date'],
|
||||
'end_date' => ['sometimes', 'date', 'after_or_equal:start_date'],
|
||||
'timezone' => ['sometimes', 'string', 'max:50'],
|
||||
'parent_event_id' => ['nullable', 'ulid', 'exists:events,id'],
|
||||
'parent_event_id' => ['nullable', 'ulid', Rule::exists('events', 'id')->where('organisation_id', $this->route('organisation')->id)],
|
||||
'event_type' => ['sometimes', 'in:event,festival,series'],
|
||||
'event_type_label' => ['nullable', 'string', 'max:50'],
|
||||
'sub_event_label' => ['nullable', 'string', 'max:50'],
|
||||
|
||||
@@ -5,6 +5,7 @@ declare(strict_types=1);
|
||||
namespace App\Http\Requests\Api\V1;
|
||||
|
||||
use Illuminate\Foundation\Http\FormRequest;
|
||||
use Illuminate\Validation\Rule;
|
||||
|
||||
final class UpdatePersonRequest extends FormRequest
|
||||
{
|
||||
@@ -16,14 +17,16 @@ final class UpdatePersonRequest extends FormRequest
|
||||
/** @return array<string, mixed> */
|
||||
public function rules(): array
|
||||
{
|
||||
$orgId = $this->route('event')->organisation_id;
|
||||
|
||||
return [
|
||||
'crowd_type_id' => ['sometimes', 'ulid', 'exists:crowd_types,id'],
|
||||
'crowd_type_id' => ['sometimes', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $orgId)],
|
||||
'first_name' => ['sometimes', 'string', 'max:255'],
|
||||
'last_name' => ['sometimes', 'string', 'max:255'],
|
||||
'date_of_birth' => ['nullable', 'date', 'before:today'],
|
||||
'email' => ['sometimes', 'email', 'max:255'],
|
||||
'phone' => ['nullable', 'string', 'max:30'],
|
||||
'company_id' => ['nullable', 'ulid', 'exists:companies,id'],
|
||||
'company_id' => ['nullable', 'ulid', Rule::exists('companies', 'id')->where('organisation_id', $orgId)],
|
||||
'status' => ['sometimes', 'in:invited,applied,pending,approved,rejected,no_show'],
|
||||
'is_blacklisted' => ['sometimes', 'boolean'],
|
||||
'admin_notes' => ['nullable', 'string'],
|
||||
|
||||
@@ -28,7 +28,7 @@ final class UpdateShiftRequest extends FormRequest
|
||||
|
||||
$query->whereIn('event_id', $eventIds);
|
||||
})],
|
||||
'location_id' => ['nullable', 'ulid', 'exists:locations,id'],
|
||||
'location_id' => ['nullable', 'ulid', Rule::exists('locations', 'id')->where('event_id', $this->route('event')->id)],
|
||||
'title' => ['nullable', 'string', 'max:255'],
|
||||
'description' => ['nullable', 'string'],
|
||||
'instructions' => ['nullable', 'string'],
|
||||
|
||||
Reference in New Issue
Block a user