Authenticating users to allow edit/update their own profile

Posted 2 years ago by liquidsword

Hello! This is my first time using Laravel or any MVC framework, so bear with me. For my application, I want users to edit only their own profile. So far, I'm importing the Illuminate\Support\Facades\Auth; into my controller. I check for the authenticated username that is signed in and compare with the username profile they want to edit. If user tries to edit a page that is not their own they are redirected to a 404 page. Below is some sample code in the controller.

PublicUserController.php

<?php

namespace App\Http\Controllers;
// more uses...
use Illuminate\Support\Facades\Auth; // Importing Auth Session

class PublicUserController extends Controller
{
    // ... Other Functions
    
    public function editUser($username)
    {
        $user = User::where('username', '=', $username)->first(); // slug for user profile
        
        // If the profile is not the user logged in.
        if (strcasecmp(Auth::user() -> username, $username) == 0) {
            return view('public.users.edit')->with('user', $user);
        } else {
            return redirect()->route('error.404');
        }
    }
    // ... More functions
}

Is this an acceptable method/practice? Thanks!

Please sign in or create an account to participate in this conversation.