How to ensure a user can only delete it's records?

Published 2 months ago by yougotnet

I have an application with many users; is there something built into Laravel already that ensures the record the user is deleting, actually belongs to the user?

Cronix
Cronix
2 months ago (786,650 XP)

Yep! Authorization (gates/policies). 2 different ways, depending on what you want to do/how you want to organize them. https://laravel.com/docs/5.6/authorization

yougotnet

Perfect! Thanks!

andreasbakir

Depends on what restrictions you want to have for your users :) If it is something really really simple, you could add a "role" column to your User table and make a middleware to check if the user is authorized to perform an action. Otherwise go for gates/policies. Or use both :)

yougotnet

Correct; my goal is to ensure a user can edit or delete records assign to him and to make sure one user can't delete records for another user.

Please sign in or create an account to participate in this conversation.