Bug: validation run even if required_with condition

[shishamo]

PHP Version

8.1

CodeIgniter4 Version

4.3.4

CodeIgniter4 Installation Method

Manual (zip or tar.gz)

Which operating systems have you tested for this bug?

macOS

Which server did you use?

apache

Database

PostgreSQL 15.2

What happened?

even if the field in the required_with condition does not exist the other validation rules run

Steps to Reproduce

$data = [];

$validation = Services::validation();
$validation = $validation->setRules([
    'testField' => 'required_with[otherField]|valid_date',
]);

$result = $validation->run($data);

Expected Output

the validation rules should not run if the field required in the required_with condition does not exist?

Anything else?

No response

[kenjis]

I'm not sure this is a bug or not.

When you permit empty data, add the permit_empty rule: required_with[otherField]|permit_empty|valid_date'

[shishamo]

@kenjis in that case, testField will be accepted if the value is an empty string a null or even an empty array, even if the value is not a valid_date i think it is a bug, isn't it?

[kenjis]

Exactly. In this case, the rule set should be 'required_with[otherField]|valid_date'.

[kenjis]

Please check #7562

[michalsn]

I have to say I don't really understand the scenario OP is trying to solve here... required_with[otherField]|permit_empty|valid_date should work just fine.

[kenjis]

The true issue is the following test cases pass. See https://github.com/codeigniter4/CodeIgniter4/pull/7562#discussion_r1227392366 But it seems difficult to handle them with the current required_with and other rules.

    /**
     * @see https://github.com/codeigniter4/CodeIgniter4/issues/7557
     *
     * @dataProvider RequiredWithAndOtherRuleProvider
     */
    public function testRequiredWithAndOtherRule(bool $expected, array $data): void
    {
        $this->validation->setRules([
            'mustBeADate' => 'required_with[otherField]|permit_empty|valid_date',
        ]);

        $result = $this->validation->run($data);

        $this->assertSame($expected, $result);
    }

    public function RequiredWithAndOtherRuleProvider(): Generator
    {
        yield from [
            [true, ['mustBeADate' => '']],
            [true, ['mustBeADate' => null]],
            [true, ['mustBeADate' => []]],
        ];
    }

[michalsn]

Seems like we would need something like permit_not_exists rule for this. Since permit_empty is too wide.

[kenjis]

Yes, permit_empty is too wide. Ref #3670

[michalsn]

@shishamo I forgot we already have if_exist rule... If you're sending the mustBeADate field only when otherField is checked, then you may give it a try: required_with[otherField]|if_exist|valid_date

[kenjis]

if_exist is also a special rule. it does nothing when the key does not exist in the data. So required_with[otherField] does not process if the key does not exist.

[michalsn]

Yes, you're right.

[kenjis]

This is not a bug.

How it works:

required_with[otherField]|permit_empty|valid_date

1. When otherField exists, it means required|permit_empty|valid_date
   • required has higher priority than permit_empty, so it is required|valid_date.
   • empty is not permitted.
2. When otherField does not exist, it means permit_empty|valid_date
   • empty is permitted.

required_with[otherField]|valid_date

1. When otherField exists, it means required|valid_date
   • empty is not permitted.
2. When otherField does not exist, it means valid_date
   • empty is not permitted.

Note: In general, required_with[otherField]|valid_date is redundant. We don't need required_with (or required), because the valid_date rule causes the value to be required.