I'm wondering how to protect resources from access by other users with Laravel.
For example if I have this scenario:
how can I protect access of resource 2 from user 1?
An example is accessing a resource for edit via this URL:
http://localhost:8000/resource/2/edit
Does Laravel has a feature to do that or should I manually check the ownership in every Controller's method?
Thanks in advance.
You can create policy for that :
public function update(User $user, Resource $resource)
{
return $user->id == $resource->user_id; //for example
}
then you can add it as middleware to your edit route :
Route::get('resource/{resource}/edit', ResourceController@edit)->middleware('can:update,resource');
Ps: that's just an example in the documentation there are many usful things that can help you
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.