feat: add insert-only fields to Model#10350
Conversation
- add $insertOnlyFields and setInsertOnlyFields() to Model - prevent configured fields from being submitted during update operations - allow insert-only fields during insert and insertBatch - document the Model-level protection boundaries - add coverage for update, save, updateBatch, entity, and protect(false) paths Signed-off-by: memleakd <121398829+memleakd@users.noreply.github.com>
Signed-off-by: memleakd <121398829+memleakd@users.noreply.github.com>
michalsn
left a comment
There was a problem hiding this comment.
Overall, I think this is a useful addition.
My main concern is whether insert-only fields should follow the existing $throwOnDisallowedFields behavior: silently remove them from updates by default and throw only in strict mode. I left an inline comment about that.
It would be helpful to document that replace() is outside this insert-only protection.
Signed-off-by: memleakd <121398829+memleakd@users.noreply.github.com>
Signed-off-by: memleakd <121398829+memleakd@users.noreply.github.com>
|
Thanks for the review @michalsn. Just pushed an update to match field protection behavior: discarded by default, and throws only in strict mode. Also addressed the other nits. |
patel-vansh
left a comment
There was a problem hiding this comment.
Thanks for this contribution! Earlier, I had to manually extend the Model class and check for fields before update. But now, it'll be a lot easier.
Description
This adds
$insertOnlyFieldsto Model.The goal is to allow fields that can be set when a row is created, but should not be submitted later through Model update operations. This can be useful for values like public IDs, external references, generated slugs, or similar fields that should normally stay unchanged after insert.
Example:
With this configuration,
public_idis allowed duringinsert()andinsertBatch(), butupdate(),updateBatch(), and update-sidesave()will throw aDataExceptionif the field is submitted.This is only Model-level protection. It does not create a database constraint, does not inspect previous database values, and does not affect direct Query Builder writes. Calling
protect(false)disables this protection, the same as other field protection.I also added
setInsertOnlyFields()for cases where the list needs to be changed at runtime.Tests cover insert, insertBatch, update, save, set/update, updateBatch, entity updates, validation order, and
protect(false).Checklist: