search

mongodb / laravel-mongodb

A MongoDB based Eloquent model and Query builder for Laravel (Moloquent)
https://www.mongodb.com/compatibility/mongodb-laravel-integration
MIT License
6.99k stars 1.42k forks source link

[Bug] Mass filling model with guarded attributes causes error #2083

Closed Sharptsa closed 4 years ago

Sharptsa commented 4 years ago

Description:

Since Laravel security update 6.18.35 (https://github.com/laravel/framework/releases/tag/v6.18.35), doing mass attribute assignment on a Moloquent object that has guarded attributes causes an error.

Error: Call to a member function compileColumnListing() on null

/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Schema/Builder.php:135
/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/GuardsAttributes.php:194
/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/GuardsAttributes.php:180
/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Concerns/GuardsAttributes.php:157
/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:329
/var/www/back/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php:172

Steps to reproduce

  1. Create a Moloquent model with guarded attributes. 
    
use Jenssegers\Mongodb\Eloquent\Model as Moloquent;

class Entity extends Moloquent { protected $connection = 'mongodb'; protected $collection = 'entities'; protected $guarded = ['_id']; }


2. Instanciate the model with mass assignement. Will cause the error above.
```php
$e = new Entity([
    'name' => 'thingy',
    'size' => 3,
    'weight' => 45
]);
  1. Using $fillable instead of $guarded works. 
    
use Jenssegers\Mongodb\Eloquent\Model as Moloquent;

class Entity extends Moloquent { protected $connection = 'mongodb'; protected $collection = 'entities'; protected $fillable = [ 'name', 'size', 'weight' ]; }

$e = new Entity([ 'name' => 'thingy', 'size' => 3, 'weight' => 45 ]);


### Reason

This is due to the new method `isGuardableColumn` introduced in Laravel 6.18.35. It is called on every attributes during mass assignement.

protected function isGuardableColumn($key) { if (! isset(static::$guardableColumns[get_class($this)])) { static::$guardableColumns[get_class($this)] = $this->getConnection() ->getSchemaBuilder() ->getColumnListing($this->getTable()); }

return in_array($key, static::$guardableColumns[get_class($this)]);

}



It uses `getColumnListing` which does not exist in `Jenssegers\Mongodb\Schema\Builder`.
Smolevich commented 4 years ago

We fix this moment, i release new version today or tomorrow in the morning

Sharptsa commented 4 years ago

Oh great ! I will wait for the new release. Sorry I missed the already existing issue somehow.

Smolevich commented 4 years ago

@Sharptsa new release

Sharptsa commented 4 years ago

Works well, thank you!