I have a small tutorial on using the Authroziation system if you want to go that route.
asklagbox - Lets do this - part 2
If you want to do that via a middleware, maybe something like this:
public function handle($request, Closure $next)
{
if (Comment::findOrFail($request->route('id'))->author_id != $request->user()->id) {
// return some redirect with message
// or return an unauthorized response
}
// continue through
return $next($request);
}
If you apply this middleware to that route, only the author will be able to make it through, to the controller method where you will delete the record.
You would have to make some adjustments depending on your schema but that is the general idea. I would recommend using the Authorization system if on a version higher than 5.1.11 where you can write this logic into there and check it via the Gate.
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community