Support the ongoing development of Laravel.io →
Security Database Architecture
Last updated 2 years ago.
0

It should not be, if you are careful. Make sure you do not allow users to edit clients that are not theirs. Before edit or delete, check if that client belongs to the user that is making the edit/delete.

Last updated 2 years ago.
0

Yeah i've been sure to check that with $user->clients()->findOrFail($id); before any form of action.

I've also been thinking about composite keys as alternative method to this.

Last updated 2 years ago.
0

Your url should not be like : something.com/1/113/edit. Rather clear like : someting.com/manager/1/client/113/edit

Last updated 2 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

leon13 leon13 Joined 28 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.