Currently I have this as a get request so you can see the parameters via the URL. So there is actually nothing to stop me changing record ID 44 and changing it to 56 and I can delete this value also through the URL.
I actually just got a chill.
For security would it be best to first pass this type of data as post?
Yes, but that still doesn't prevent a person from changing the post value.
Also would there also be a need to make another parameter inside the class such as a private property to run it through?
You need something that makes sure the user requesting the deletion has permissions to delete.
Is this the point of encapsulation?
I don't know I'm too brain dead to think that deeply on it.
Is this the point of encapsulation?
No. The point of encapsulation is to decouple parts of your application, so that your parts are individual components without unnecessary or tight-coupled dependencies.
For example: Your User class sends confirmation mails after a user has been created. That's tight-coupling. Your User Class should be responsible for handling users and not for sending E-Mails. So what you want to do in this situation is to encapsulate the E-Mail Handling into a dedicated component (would be a tailor-made solution for events too).
For security would it be best to first pass this type of data as post?
As already has been said that would not prevent someone to change the value. What you need to do is to check if a User owns a certain model. e.g.
<?php
class Post extends Eloquent
protected function validateUserHasPost( User $user )
{
if( $user->posts->contains( $this ) )
return true;
return false;
}
public function delete( User $user )
{
if( ! $this->validateUserHasPost($user) )
throw new DomainException('User ' . $user->name . ' does not own this post. Therefore it cannot be deleted');
return parent::delete();
}
}
Of course that's only one possibility but you should get the concept.
Happy coding!
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community