[10.x] "Can" validation rule (#47371)

* Add "can" validation rule

* Add tests

* Fix grammar in validation message

* Fix doc type

* formatting

---------

Co-authored-by: Taylor Otwell <[email protected]>

Author: stevebauman

src/Illuminate/Translation/lang/en/validation.php

@@ -32,6 +32,7 @@
         'string' => 'The :attribute field must be between :min and :max characters.',
     ],
     'boolean' => 'The :attribute field must be true or false.',
+    'can' => 'The :attribute field contains an unauthorized value.',
     'confirmed' => 'The :attribute field confirmation does not match.',
     'current_password' => 'The password is incorrect.',
     'date' => 'The :attribute field must be a valid date.',

src/Illuminate/Validation/Rule.php

@@ -4,6 +4,7 @@
 
 use Illuminate\Contracts\Support\Arrayable;
 use Illuminate\Support\Traits\Macroable;
+use Illuminate\Validation\Rules\Can;
 use Illuminate\Validation\Rules\Dimensions;
 use Illuminate\Validation\Rules\Enum;
 use Illuminate\Validation\Rules\ExcludeIf;
@@ -20,6 +21,18 @@ class Rule
 {
     use Macroable;
 
+    /**
+     * Get a can constraint builder instance.
+     *
+     * @param  string  $ability
+     * @param  mixed  ...$arguments
+     * @return \Illuminate\Validation\Rules\Can
+     */
+    public static function can($ability, ...$arguments)
+    {
+        return new Can($ability, $arguments);
+    }
+
     /**
      * Create a new conditional rule set.
      *

src/Illuminate/Validation/Rules/Can.php

@@ -0,0 +1,65 @@
+<?php
+
+namespace Illuminate\Validation\Rules;
+
+use Illuminate\Contracts\Validation\Rule;
+use Illuminate\Support\Facades\Gate;
+
+class Can implements Rule
+{
+    /**
+     * The ability to check.
+     *
+     * @var string
+     */
+    protected $ability;
+
+    /**
+     * The arguments to pass to the authorization check.
+     *
+     * @var array
+     */
+    protected $arguments;
+
+    /**
+     * Constructor.
+     *
+     * @param  string  $ability
+     * @param  array  $arguments
+     */
+    public function __construct($ability, array $arguments = [])
+    {
+        $this->ability = $ability;
+        $this->arguments = $arguments;
+    }
+
+    /**
+     * Determine if the validation rule passes.
+     *
+     * @param  string  $attribute
+     * @param  mixed  $value
+     * @return bool
+     */
+    public function passes($attribute, $value)
+    {
+        $arguments = $this->arguments;
+
+        $model = array_shift($arguments);
+
+        return Gate::allows($this->ability, array_filter([$model, ...$arguments, $value]));
+    }
+
+    /**
+     * Get the validation error message.
+     *
+     * @return array
+     */
+    public function message()
+    {
+        $message = trans('validation.can');
+
+        return $message === 'validation.can'
+            ? ['The :attribute field contains an unauthorized value.']
+            : $message;
+    }
+}

tests/Validation/ValidationRuleCanTest.php

@@ -0,0 +1,102 @@
+<?php
+
+namespace Illuminate\Tests\Validation;
+
+use Illuminate\Auth\Access\Gate;
+use Illuminate\Container\Container;
+use Illuminate\Contracts\Auth\Access\Gate as GateContract;
+use Illuminate\Support\Facades\Facade;
+use Illuminate\Translation\ArrayLoader;
+use Illuminate\Translation\Translator;
+use Illuminate\Validation\Rules\Can;
+use Illuminate\Validation\ValidationServiceProvider;
+use Illuminate\Validation\Validator;
+use PHPUnit\Framework\TestCase;
+use stdClass;
+
+class ValidationRuleCanTest extends TestCase
+{
+    protected $container;
+    protected $user;
+    protected $router;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = new stdClass;
+
+        Container::setInstance($this->container = new Container);
+
+        $this->container->singleton(GateContract::class, function () {
+            return new Gate($this->container, function () {
+                return $this->user;
+            });
+        });
+
+        $this->container->bind('translator', function () {
+            return new Translator(
+                new ArrayLoader, 'en'
+            );
+        });
+
+        Facade::setFacadeApplication($this->container);
+
+        (new ValidationServiceProvider($this->container))->register();
+    }
+
+    protected function tearDown(): void
+    {
+        Container::setInstance(null);
+
+        Facade::clearResolvedInstances();
+
+        Facade::setFacadeApplication(null);
+    }
+
+    public function testValidationFails()
+    {
+        $this->gate()->define('update-company', function ($user, $value) {
+            $this->assertEquals('1', $value);
+
+            return false;
+        });
+
+        $v = new Validator(
+            resolve('translator'),
+            ['company' => '1'],
+            ['company' => new Can('update-company')]
+        );
+
+        $this->assertTrue($v->fails());
+    }
+
+    public function testValidationPasses()
+    {
+        $this->gate()->define('update-company', function ($user, $class, $model, $value) {
+            $this->assertEquals(\App\Models\Company::class, $class);
+            $this->assertInstanceOf(stdClass::class, $model);
+            $this->assertEquals('1', $value);
+
+            return true;
+        });
+
+        $v = new Validator(
+            resolve('translator'),
+            ['company' => '1'],
+            ['company' => new Can('update-company', [\App\Models\Company::class, new stdClass])]
+        );
+
+        $this->assertTrue($v->passes());
+    }
+
+    /**
+     * Get the Gate instance from the container.
+     *
+     * @return \Illuminate\Auth\Access\Gate
+     */
+    protected function gate()
+    {
+        return $this->container->make(GateContract::class);
+    }
+}