Rules() -> Safe -> Opinion!

Hello guys, i need some clarification/opinion about the ‘safe’ rule on attributes.

I’m seeing some people using ‘safe’ on created/updated attributes for insert/update scenarios.

As you know, we should only define rules for attributes that will receive user inputs. Also the massive assignment it’s only applied for those attributes that have at least one rule.

My question is, do i really need to define rules for those attributes (created/updated/id from related table/etc), when i’m using them on the beforeSave method or in any other method that i can use for the purpose?

If the application assigns the value, why should i define rules for those attributes?

Personally i think that doesn’t make any sense using safe here. Why the user should insert the value? For that we have the beforeSave()/other methods.

To prevent some errors from my part, I just want to know if I’m right in what im saying or if i miss something here?

I think when you use ‘safe’ rule for insert/update scenario, you use it for attributes that are optional. If they are filled, then they will to be submitted along with the other attributes. However, if they are not filled, application won’t give a validation error (like ‘required’ rule).

Yes, in some way, you’re right in what you said, but in this case about the created/updated and the id from related tables, isn’t wrong define them ‘safe’?

Imagine you sets the attributes created/updated and the id that comes from a related table as ‘safe’. You’re saying that the user can or not insert data in these attributes and you’re also saying that the user can insert whatever they want. I don’t want the user to enter any data into these fields, should be the application.

Other thing we usually see is some people define these attributes as ‘required’ and ‘safe’. I think its totally wrong.

That’s why i’m asking an opinion about this. Shouldnt be always done through the methods like beforeSave(), beforeValidate(), etc…?

If you don’t want the user to enter any data into those fields, I don’t think it is necessary to define ‘safe’ rule for them. We only define rules for attributes that will receive user inputs, don’t we?

I have made some researches about this subject and after reading some opinions from other people, my conclusion is that i am right in what i say!

Ty for your time rei!