user6369603
Reputation:
Deleting a user post in Laravel 5.2
Users should have the ability to delete notes they have created. So far I have a delete link which has auth middleware.
Route::group(['middleware' => 'auth'], function () {
Route::get('auth/notes', 'Auth\NotesController@index');
Route::get('auth/notes/{note}/delete', 'Auth\NotesController@delete');
Route::get('auth/notes/{note}/edit', 'Auth\NotesController@edit');
});
In my notes controller, I have this function which handles the deletion.
public function delete($note_id)
{
$note = Note::where('id', '=', $note_id)->first();
$note->delete();
flash('Your note has been deleted.');
return redirect('/auth/notes');
}
However, I have noticed that any user may delete other users notes by changing the ID of the note in the delete route. I want to make a secure delete link for user's notes; any suggestions would be appreciated.
Upvotes: 0
Views: 62
Answers (1)
Rahul M
Reputation: 1509
What you can do here is make a post request instead of get for deletion, then utilise the authorize() method of the request class to check if the note actually relates to the logged-in user. Something like this:
if( Note::where('id', $note_id)
->where('user_id', Auth::user()->id)
->exists();
)
return true;
return false;
Upvotes: 1
Related Questions
- Laravel Soft Delete posts
- Laravel Delete Functions is Not Working with Post Method
- How to delete posts of user at delete account?
- Delete all posts related to a user in laravel
- Laravel: Can't delete a post created by the user
- How to delete user without posts in Laravel?
- Delete a users post using ajax and js in laravel 5.4
- Laravel - delete specific post from logged in user
- Delete user and user created data in Laravel 5
- laravel 5 not deleting user record