Founder's base model has one purpose out of the box; it sets the
$guarded property to an empty array. This helps avoid situations where you forget to update the
$fillable property and are hit with a
You are of course free to modify this base model to encapsulate any funtionality you require in all of your application's models on a per-application basis.
It is important that you never pass
request()->all() into any of your models' methods that allow mass assignment, such as
Always be explicit to ensure only desired input is being passed into your models, irrespective of what was in the request.
Explicit safety, right in your controllers - rather than the implicit and somewhat hidden safety of the
The PSR-2 styles that are used with Founder define the order various components should be defined within a class. In the specific case of Eloquent models, the following convention should be used for ordering.
- Framework-defined properties
- Application-defined ones
- Magic methods
- Named (static) constructors
- Relationship methods (sorted alphabetically)
- Query scopes
- Mutators and accessors (grouping each mutator / accessor pair)
As outlined in the general docs, wherever possible encapsulate any relationship methods for create and update operations behind specific methods. Encapsulating this logic prevents the implementation details from leaking into your controllers.
// Good $post->addComment('This is the comment body', auth()->user()); // Bad $post->comments()->create([ 'body' => 'This is the comment body', 'user_id' => auth()->id(), ]);