Restricted access to authenticated user data - Laravel 5.3

Asked

Viewed 250 times

1

I have a table that relates to another one and this relates to some user. How do I so that only the owner of this relation can change/delete the item. Even if I just bring on the form the records that have relation, if by chance I change the identifier that I am going through I will be able to change, so, I was wondering if there’s any way to perform this verification internally in some generic way because I have several cases like this.

  • I made an answer, but your question is vague, I could elaborate it better and if possible post the excerpt of your code so I rephrase the answer?

  • I have which user is logged in, but how do I check in a generic way during an issue, for example.

  • ..during an edition to know if it is really related to the logged in user..

  • 1

    You can store user_id in the table you want to compare, and do Auth::user()->id == $objeto->user_id, it is even possible to create a middleware for this

  • Can you give me an example of how I could do this middleware? I’m not being able to create a logic that allows me to do this in a generic way

  • Like the middleware Auth, you place the routes that will pass through it within a group with that middleware and inside it you do the checks. It is an alternative so that you do not create multiple times the same validation.. Have a look at the documentation: https://laravel.com/docs/5.3/middleware

Show 1 more comment

1 answer

2


You can access the authenticated user in the server part.

Auth::user()->oAtributoQueDeseja

or assign it to a temporary user:

$user = Auth::user();

Remembering that you need to import this Facade

use Illuminate\Support\Facades\Auth;

Browser other questions tagged

You are not signed in. Login or sign up in order to post.