оптимизировано для guarded / fillable

app/Http/Controllers/CharController.php

@@ -230,12 +230,23 @@ class CharController extends Controller
         // 3. Подготавливаем данные к обновлению – защищаем PK и владение
         $data = $request->except([$primaryKey, $ownerKey, 'DBKey', 'Owner']);
 
-        // 4. Фильтруем только разрешённые к массовому присвоению поля
-        $fillable      = $model->getFillable();
-        $filteredData  = array_intersect_key($data, array_flip($fillable));
+        // 4. Фильтруем поля для массового присвоения
+        $fillable = $model->getFillable();
+        $guarded = $model->getGuarded();
+        
+        if (!empty($fillable)) {
+            // Если есть fillable - используем только их
+            $filteredData = array_intersect_key($data, array_flip($fillable));
+        } elseif ($guarded === ['*']) {
+            // Если guarded = ['*'] - запрещено массовое присвоение
+            return response()->json(['code' => -6, 'msg' => 'Mass assignment is not allowed for this model.'], 400);
+        } else {
+            // Если есть guarded (но не ['*']) - исключаем только guarded поля
+            $filteredData = array_diff_key($data, array_flip($guarded));
+        }
 
         // Конвертируем null-поля в '', чтобы вместо NULL в БД сохранялась пустая строка
-        $filteredData  = array_map(static fn ($v) => $v === null ? '' : $v, $filteredData);
+        $filteredData = array_map(static fn ($v) => $v === null ? '' : $v, $filteredData);
 
         if (empty($filteredData)) {
             return response()->json(['code' => -6, 'msg' => 'No valid fields to update.'], 400);

app/Models/Char/CharBase.php

@@ -11,97 +11,10 @@ class CharBase extends Model
   protected $table = "Table_CharBase";
   protected $primaryKey = "DBKey";
   protected $dates = [];
-  protected $fillable =
+  protected $guarded =
     [
       "Account",
-      "AccountName",
-      "AchievementPoint",
-      "Angle",
-      "Ap",
-      "BoostSlot",
-      "CanUseSoulTalentsAwaken",
-      "Cg",
-      "ChangeWorld",
-      "Class",
-      "CollectingExp",
-      "CollectingGrade",
-      "Comment",
-      "Cp",
-      "CreateTime",
-      "DBKey",
-      "Dark",
-      "Deleted",
-      "DynamicWarpAngle",
-      "DynamicWarpMap",
-      "DynamicWarpPosX",
-      "DynamicWarpPosY",
-      "DynamicWarpPosZ",
-      "Ep",
-      "EventInGateArea",
-      "Exp",
-      "ExpirationPeriodInvenSlot",
-      "FarmDBKey",
-      "FellowBagSlot",
-      "FellowSlot",
-      "FellowSlotExp",
-      "Female",
-      "Fire",
-      "Fp",
-      "GuildDBKey",
-      "GuildMemberPermissions",
-      "GuildMemberRankName",
-      "GuildMemberType",
-      "Hp",
-      "Ice",
-      "Integration",
-      "InvenBag1Prioritize",
-      "InvenBag2Prioritize",
-      "InvenBag3Prioritize",
-      "InvenBag4Prioritize",
-      "InvenPrioritize",
-      "InvenSlot",
-      "ItemSerialOrder",
-      "KeepingSlot",
-      "LastAccessDate",
-      "LastSummonFellow",
-      "Level",
-      "Light",
-      "MakeCodeNo",
-      "MapId",
-      "MatchingRemMSec",
-      "MentoringGraduationCount",
-      "MentoringPenaltyTime",
-      "Money",
-      "Mp",
-      "Name",
-      "OnBoardSkillUnsealed",
-      "Online",
-      "PartyID",
-      "PosX",
-      "PosY",
-      "PosZ",
-      "PreMapId",
-      "PrePosX",
-      "PrePosY",
-      "PrePosZ",
-      "Race",
-      "Rp",
-      "SelectCount",
-      "SoulPoint",
-      "Sp",
-      "SpaceType",
-      "StartIdx",
-      "StaticWarpArea",
-      "SummonFellow",
-      "TitleRecID",
-      "TitleRecKey",
-      "TotalPlayTime",
-      "Tp",
-      "bCanUseSoulTalents",
-      "bMilitiaType",
-      "bMount",
-      "byIllegal",
-      "byUnderware"
+      "DBKey"
     ];
 
   public $timestamps = false;