From e4204a6dd190d680a6cb0c9d6f9286cf035609a5 Mon Sep 17 00:00:00 2001
From: Ivan Nieto Vivanco <inietov@gmail.com>
Date: Mon, 13 Mar 2023 15:49:05 -0600
Subject: [PATCH] Adds validator to PATCH request in the API UsersController

---
 app/Http/Controllers/Api/UsersController.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/Http/Controllers/Api/UsersController.php b/app/Http/Controllers/Api/UsersController.php
index 043d1761c6..623815ff48 100644
--- a/app/Http/Controllers/Api/UsersController.php
+++ b/app/Http/Controllers/Api/UsersController.php
@@ -20,6 +20,7 @@ use Auth;
 use Illuminate\Http\Request;
 use App\Http\Requests\ImageUploadRequest;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Support\Facades\Validator;
 
 class UsersController extends Controller
 {
@@ -452,11 +453,12 @@ class UsersController extends Controller
 
             // Check if the request has groups passed and has a value
             if ($request->filled('groups')) {
-                try{
-                    $user->groups()->sync($request->input('groups'));
-                } catch (\Exception $exception){
-                    return response()->json(Helper::formatStandardApiResponse('error', null, $exception));
-                }
+                $validator = Validator::make($request->input('groups'), [
+                    'groups' => 'array',
+                    'groups.*' => 'integer',
+                ]);
+
+                $user->groups()->sync($request->input('groups'));
             // The groups field has been passed but it is null, so we should blank it out
             } elseif ($request->has('groups')) {
                 $user->groups()->sync([]);