Level 80
@toni23 Use authentication and authorisation to protect your routes.
1 like
Jan 29, 2021
3
Level 6
Laravel API and fetch with VueJS
Hello everyone..first i want to sorry for my bad English. I have one maybe stupid question , but i want to ask so i understand. I create with Laravel API endpoints for auth with jwt token and for users where i fetch all users. With VueJS i fetch all APIs i login/ logout everything works fine . So for example with my user which i create i have role Administrator and in my Vue application i have route /admin where with guard i check if my role is administrator and i access the page. So for example i want in this page to block some user just change one of users fields from active: true to false and my question is how i can protect this API, because when i check in network in my browser and application i can find this API address and i can access from another app.
I hope you understand my question :)
Level 6
Understand so for example in my UsersController where i have simple function for get all users.. and i access the API.. but after i set
public function __construct() { $this->middleware(['auth:api']); }
in my Vue app i need to login and also now i cannot access my API route.. Is that correct?
Level 75
In the from scratch video series Jeffrey has several videos, free, on just authorization.
In boils down to a policy or gate either allowing or not allowing the current "logged" in user access..
Either they can or cannot do something.
Reread the authorization chapter. Remember can or cannot, that's it.
1 like
Please or to participate in this conversation.