Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
here is the dirty way tha I have come up with :
public function update(\App\Http\Requests\CancelMyOrderRequest $request,\App\Order $MyOrder)
{
if (auth()->user()->id != $MyOrder->user->id) {
return response([],403);
}
$MyOrder->update(['status' => 'canceled']);
return response([],200);
}
I how can I refactor it ? I wanted to put it to "CancelMyOrderRequest" but I don't know how to gain access to the uri ID , please help, thank You
You've basically just recreated laravels built-in authorization. https://laravel.com/docs/5.6/authorization
You couldn't put it in CancelMyOrderRequest, as that's only for validating the fields.
Use authorization, it's much cleaner and can be kept separate from your controller code, just like the validation you're using isn't done "in" the controller.
Please or to participate in this conversation.