Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Michael Fayez's avatar

How to prevent users from seeing other emails

Hello best dev I have a system with internal messages How to prevent users from seeing other emails and send only to Admin I tried to use If but not working

@extends('layouts.admin')
@section('content')
<div class="row">
    @if(auth()->user()->is_Admin)
    <div class="flex flex-wrap">
        <div class="w-full pt-6 lg:w-64 lg:pt-0">
            @include('admin.message.nav-messages')
        </div>

        <div class="w-1 flex-grow lg:pl-4">
            <div class="card bg-blueGray-100">
                <div class="card-header border-b border-blueGray-200">
                    <div class="flex flex-col lg:flex-row lg:justify-between">
                        <h6 class="card-title">
                            {{ __('global.new_message') }}
                        </h6>
                    </div>

                </div>

                <div class="card-body">
                    <form action="{{ route('admin.messages.store') }}" method="POST" class="pt-3">
                        @csrf

                            <div class="form-group {{ $errors->has('to') ? 'invalid' : '' }}">
                                <div class="flex flex-col lg:flex-row lg:items-center">
                                    <label class="block uppercase text-blueGray-600 text-xs font-bold lg:w-20 pb-3 lg:pb-0" for="to">
                                        {{ __('global.to') }}
                                    </label>
                                            <select name="to[]" id="to" class="select2 form-control" required multiple>
                                                <option></option>
                                                <option value="null" disabled>{{ __('global.pleaseSelect') }}</option>
                                                @foreach($users as $id => $email)
                                                    <option value="{{ $id }}">{{ $email }}</option>
                                                @endforeach
                                            </select>
                                </div>
                                <div class="validation-message">
                                    {{ $errors->first('to') }}
                                </div>
                            </div>
                        

                        <div class="form-group {{ $errors->has('subject') ? 'invalid' : '' }}">
                            <div class="flex flex-col lg:flex-row lg:items-center ">
                                <label class="block uppercase text-blueGray-600 text-xs font-bold lg:w-20 pb-3 lg:pb-0" for="subject">
                                    {{ __('global.subject') }}
                                </label>
                                <input class="form-control" type="text" name="subject" id="subject" required placeholder="{{ __('global.subject') }}">
                            </div>
                            <div class="validation-message">
                                {{ $errors->first('subject') }}
                            </div>
                        </div>
                        <div class="form-group {{ $errors->has('body') ? 'invalid' : '' }}">
                            <textarea class="form-control" name="body" id="body" required rows="8" placeholder="{{ __('global.body') }}"></textarea>
                            <div class="validation-message">
                                {{ $errors->first('body') }}
                            </div>
                        </div>
                        <div class="form-group">
                            <button class="btn btn-indigo mr-2" type="submit">
                                {{ trans('global.send') }}
                            </button>
                            <a href="{{ route('admin.messages.index') }}" class="btn btn-secondary">
                                {{ trans('global.discard') }}
                            </a>
                        </div>

                    </form>
                </div>
            </div>
        </div>
    </div>
    @else
    <div class="flex flex-wrap">
        <div class="w-full pt-6 lg:w-64 lg:pt-0">
            @include('admin.message.nav-messages')
        </div>

        <div class="w-1 flex-grow lg:pl-4">
            <div class="card bg-blueGray-100">
                <div class="card-header border-b border-blueGray-200">
                    <div class="flex flex-col lg:flex-row lg:justify-between">
                        <h6 class="card-title">
                            {{ __('global.new_message') }}
                        </h6>
                    </div>

                </div>

                <div class="card-body">
                    <form action="{{ route('admin.messages.store') }}" method="POST" class="pt-3">
                        @csrf

                            <div class="form-group {{ $errors->has('to') ? 'invalid' : '' }}">
                                <div class="flex flex-col lg:flex-row lg:items-center">
                                    <label class="block uppercase text-blueGray-600 text-xs font-bold lg:w-20 pb-3 lg:pb-0" for="to">
                                        {{ __('global.to') }}
                                    </label>
                                            <select name="to[]" id="to" class="select2 form-control" required multiple>
                                                <option></option>
                                                <option value="null" disabled>{{ __('global.pleaseSelect') }}</option>
                                                <option>[email protected]</option>
                                            </select>
                                </div>
                                <div class="validation-message">
                                    {{ $errors->first('to') }}
                                </div>
                            </div>

                        <div class="form-group {{ $errors->has('subject') ? 'invalid' : '' }}">
                            <div class="flex flex-col lg:flex-row lg:items-center ">
                                <label class="block uppercase text-blueGray-600 text-xs font-bold lg:w-20 pb-3 lg:pb-0" for="subject">
                                    {{ __('global.subject') }}
                                </label>
                                <input class="form-control" type="text" name="subject" id="subject" required placeholder="{{ __('global.subject') }}">
                            </div>
                            <div class="validation-message">
                                {{ $errors->first('subject') }}
                            </div>
                        </div>
                        <div class="form-group {{ $errors->has('body') ? 'invalid' : '' }}">
                            <textarea class="form-control" name="body" id="body" required rows="8" placeholder="{{ __('global.body') }}"></textarea>
                            <div class="validation-message">
                                {{ $errors->first('body') }}
                            </div>
                        </div>
                        <div class="form-group">
                            <button class="btn btn-indigo mr-2" type="submit">
                                {{ trans('global.send') }}
                            </button>
                            <a href="{{ route('admin.messages.index') }}" class="btn btn-secondary">
                                {{ trans('global.discard') }}
                            </a>
                        </div>

                    </form>
                </div>
            </div>
        </div>
    </div>
    @endif

</div>
@endsection

@push('scripts')
    <script>
        $(function(){
    $('#to').select2({
        placeholder: '{{ __('global.pleaseSelect') }}',
        allowClear: false
    })
});
    </script>
@endpush
0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

To prevent users from seeing other users' emails and ensure they can only send messages to the admin, you can modify the view to only display the admin's email as the recipient when a non-admin user is creating a message. Here's how you can adjust the code:

@extends('layouts.admin')
@section('content')
<div class="row">
    <div class="flex flex-wrap">
        <div class="w-full pt-6 lg:w-64 lg:pt-0">
            @include('admin.message.nav-messages')
        </div>

        <div class="w-1 flex-grow lg:pl-4">
            <div class="card bg-blueGray-100">
                <div class="card-header border-b border-blueGray-200">
                    <div class="flex flex-col lg:flex-row lg:justify-between">
                        <h6 class="card-title">
                            {{ __('global.new_message') }}
                        </h6>
                    </div>
                </div>

                <div class="card-body">
                    <form action="{{ route('admin.messages.store') }}" method="POST" class="pt-3">
                        @csrf

                        <div class="form-group {{ $errors->has('to') ? 'invalid' : '' }}">
                            <div class="flex flex-col lg:flex-row lg:items-center">
                                <label class="block uppercase text-blueGray-600 text-xs font-bold lg:w-20 pb-3 lg:pb-0" for="to">
                                    {{ __('global.to') }}
                                </label>
                                @if(auth()->user()->is_Admin)
                                    <select name="to[]" id="to" class="select2 form-control" required multiple>
                                        <option></option>
                                        @foreach($users as $id => $email)
                                            <option value="{{ $id }}">{{ $email }}</option>
                                        @endforeach
                                    </select>
                                @else
                                    <select name="to[]" id="to" class="select2 form-control" required>
                                        <option value="admin_id">[email protected]</option>
                                    </select>
                                @endif
                            </div>
                            <div class="validation-message">
                                {{ $errors->first('to') }}
                            </div>
                        </div>

                        <!-- Rest of the form fields remain unchanged -->

                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

@push('scripts')
<script>
    $(function(){
        $('#to').select2({
            placeholder: '{{ __('global.pleaseSelect') }}',
            allowClear: false
        });
    });
</script>
@endpush

In this solution, I've made the following changes:

  1. Removed the @if(auth()->user()->is_Admin) check around the entire form since we want both admins and non-admins to use the form, but with different recipient options.
  2. Within the to select field, I've added an @if directive to check if the user is an admin. If they are, they can see and select from all users. If not, they only see the admin's email as the option.
  3. For non-admin users, the select field is not set to multiple since they should only be able to send to the admin.
  4. Replace admin_id with the actual ID of the admin user in your system and [email protected] with the actual admin email.

Make sure to replace admin_id with the actual ID of the admin user in your database and [email protected] with the actual email address of the admin. This will ensure that non-admin users can only select the admin as the recipient.

Please or to participate in this conversation.