Creating a user - 'guarded' password

kiltedup - 5 months ago

Afternoon, I recently upgraded a site that had some functionality that created users. All was fine until .... Just spotted since upgrading that the created users get no password. I guess thats down to password field being defined as 'guarded' where before it has 'hidden' in user model. Anyway - whats the "correct" way to add user using UsersRepositoryInterface and Create? I got it working by doing $users->unguard() before doing $users=>create([.....]) Is that the right thing to do or should be some other way? Cheers, Dave

ryanthompson - 5 months ago

I think having it unguarded was technically "incorrect". Being Laravel I don't see any reason not to unguarded like you do. To be honest I've never ran into the need for mass assignment issues.. So I don't know what would be considered best practice (un-guarding in the repo method or outside like you do). I think you're fine.

kiltedup - 5 months ago

Thanks for reply. It's working so tick in the box and onto the the next thing. Was more concerned about any issues I may cause by using unguard(). If not then all good .....

ryanthompson - 5 months ago

Nah un-guarding is just a formality with mass assignment protection so that's kinda why I respected it's nature by not automating it. I think it's supposed to take conscious effort to un-guard it :-P