Preventening URL misuse with id change

There's a bunch of different ways to go about doing this: keep the logic in your controller, use a middleware, create a policy, etc. I would personally avoid writing if ($article->user_id != Auth::user()->id) every time because you can make it more readable using policies.

Have a look at the authorization docs. Link

Theres a good video on policies here. Link

And they're also used in the intermediate tutorial. Link

You should implement this: https://github.com/vinkla/hashids It hides your actual ID's and get the job done.

You may need to Middleware ，using Middleware to filter to the user

@Swaz Ok, I implemented a policy. The code is now: if(policy($article)->listPosts(Auth::user(),$article)). This works great (and also solves my problem ;), but where is the benefit (except better readable)? I have to implement this still to every method within the controller.

@francocorrea Security through obfuscation is always a very bad idea.

@vikin How would your solution look like?

Thank you everybody for the ideas!!!

@Swaz please forget my question above. I understand the concept now, I can put more than one rule within the method in the policy... Sorry ;)

@agruenberg Yea, policies are very useful. Have a look at the video I posted, Jeffrey explains it all really well.

@agruemberg Thanks, took note of that.