astroanu said:
just check the credentials from the controller. it should work I do not understand what you mean? I need to securely remove a database item (admin only). Thanks
Make a check in the controller, if the current user has the rights to remove an item? Also use blade to check if the user is admin, only then show the button.
marxi said:
Make a check in the controller, if the current user has the rights to remove an item? Also use blade to check if the user is admin, only then show the button.
Thanks. If the controller has already made the check then why have Blade check it to?
oliversb said:
marxi said:
Make a check in the controller, if the current user has the rights to remove an item? Also use blade to check if the user is admin, only then show the button.
Thanks. If the controller has already made the check then why have Blade check it to?
controller checking and blade checking are too different things! you dont want to show this option but also test/check in the controller so that someone couldnt hack their way and delete maliciously
Thanks. I just going to presume it is like an extra layer of security.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast