It should not be, if you are careful. Make sure you do not allow users to edit clients that are not theirs. Before edit or delete, check if that client belongs to the user that is making the edit/delete.
Yeah i've been sure to check that with $user->clients()->findOrFail($id);
before any form of action.
I've also been thinking about composite keys as alternative method to this.
Your url should not be like : something.com/1/113/edit
.
Rather clear like : someting.com/manager/1/client/113/edit
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community