fix(api): accept submitter details on public draft PUT and submit POST
S3a PR 1 frontend sends public_submitter_name and public_submitter_email on draft saves (PUT) and final submit (POST /submit), but the matching SavePublicDraftRequest and SubmitPublicSubmissionRequest did not whitelist these fields — Laravel's validated() silently stripped them, preventing mid-form name/email updates from persisting. Align both form requests with StartPublicDraftRequest to accept the same submitter fields with identical rules (string, max:150 / email, max:255, nullable). Controller copies present keys onto the submission model and saves when dirty, matching standard Laravel update() semantics — missing keys leave prior values untouched. Closes the backend gap identified in PR 1 smoke test.
This commit is contained in:
@@ -84,16 +84,23 @@ final class PublicFormSubmissionController extends Controller
|
||||
$submission = $this->loadSubmission($schema, $submissionId);
|
||||
$this->assertDraft($submission);
|
||||
|
||||
$values = (array) ($request->validated('values') ?? []);
|
||||
$validated = $request->validated();
|
||||
|
||||
$values = (array) ($validated['values'] ?? []);
|
||||
if ($values !== []) {
|
||||
// saveDraft → upsertMany + auto_save_count++ + FormSubmissionDraftUpdated
|
||||
// event. FieldValidationException bubbles to the D6 envelope.
|
||||
$this->submissionService->saveDraft($submission, $values, null);
|
||||
}
|
||||
|
||||
$submission->refresh();
|
||||
|
||||
if ($request->filled('first_interacted_at')) {
|
||||
$submission->refresh();
|
||||
$submission->first_interacted_at ??= $request->validated('first_interacted_at');
|
||||
$submission->first_interacted_at ??= $validated['first_interacted_at'];
|
||||
}
|
||||
$this->applySubmitterDetails($submission, $validated);
|
||||
|
||||
if ($submission->isDirty()) {
|
||||
$submission->save();
|
||||
}
|
||||
|
||||
@@ -124,7 +131,8 @@ final class PublicFormSubmissionController extends Controller
|
||||
);
|
||||
}
|
||||
|
||||
$bodyValues = (array) ($request->validated('values') ?? []);
|
||||
$validated = $request->validated();
|
||||
$bodyValues = (array) ($validated['values'] ?? []);
|
||||
$mergedValues = $this->mergeWithSavedValues($submission, $bodyValues);
|
||||
|
||||
$this->validateMergedValues($schema, $mergedValues);
|
||||
@@ -133,12 +141,35 @@ final class PublicFormSubmissionController extends Controller
|
||||
$this->valueService->upsertMany($submission, $bodyValues, null);
|
||||
}
|
||||
|
||||
$this->applySubmitterDetails($submission, $validated);
|
||||
if ($submission->isDirty()) {
|
||||
$submission->save();
|
||||
}
|
||||
|
||||
$submission = $this->submissionService->submit($submission->refresh(), null);
|
||||
RateLimiter::hit('form-submit:'.$publicToken.':'.$request->ip(), 3600);
|
||||
|
||||
return $this->created(new PublicFormSubmissionResource($submission));
|
||||
}
|
||||
|
||||
/**
|
||||
* Copy present submitter keys from the validated payload onto the model.
|
||||
* Missing keys are left alone (standard Laravel update semantics) so a
|
||||
* debounced save that omits the fields never nulls previously persisted
|
||||
* name/email.
|
||||
*
|
||||
* @param array<string, mixed> $validated
|
||||
*/
|
||||
private function applySubmitterDetails(FormSubmission $submission, array $validated): void
|
||||
{
|
||||
if (array_key_exists('public_submitter_name', $validated)) {
|
||||
$submission->public_submitter_name = $validated['public_submitter_name'];
|
||||
}
|
||||
if (array_key_exists('public_submitter_email', $validated)) {
|
||||
$submission->public_submitter_email = $validated['public_submitter_email'];
|
||||
}
|
||||
}
|
||||
|
||||
private function loadSubmission(FormSchema $schema, string $submissionId): FormSubmission
|
||||
{
|
||||
/** @var FormSubmission|null $submission */
|
||||
|
||||
Reference in New Issue
Block a user