Level 35
@artisticre You could achieve this using Policy in Laravel or also Gates.
1 like
May 15, 2020
3
Level 5
Authentication question
I have an app I am working on. It is rerouting based on roles. It works well but something I discovered is if a team member submits an application it works. But if a different team member logs in as themselves, they can view the other team members application. How do I go about restricting access to the applications to the user that submitted them?
Level 15
Use a policy, or apply global scopes to the models to limit resources to users.
https://laravel.com/docs/7.x/eloquent#global-scopes
We use global scopes and apply the company id or user id to every eloquent builder request and pull the user or company id from the Auth::user() method
Level 75
Just example
public function update(Request $request, Post $post) {
if ($post->author !== auth()->user()->id || auth()->user()->cannot('edit posts'))
abort(404);// or redirect, or whatever action
}
//rest of method if all okay
}
Also see https://gist.github.com/jimgwhit/ed44a6c81815804f1ab910ce9eb88d84
There is a scope example. Use your authorization I use custom.
Also Jeffrey has three or four free authorization videos in the free from scratch series.
Please or to participate in this conversation.