2
votes

I have two user types admin and member. Now, members cannot view other profiles except their own. Only admins have access to all user profiles.

Now my route for the UsersController@show (only accessible by admins) is http://laravel.test/user/username

However if a user accesses that url with his own username, it should grant the request.

This applies to all other functions such as edit and update.

Now I could create another controller designated for the current user only, call it MyController. I could copy the code from the UsersController, just changing a few codes so that it gets the current user from auth(). But I would prefer not to.

Any help?

1
You may want to look at Laravel's Middleware to handle this. Then protect the routes you need to by add the middleware to those routes.Marc M.
show your users table structure , and 1 sample record for admin and usersSaurabh Mistry
Middleware is 100% the way to go.Fireynis
@MarcM. could you show me a snippet of this would be done, or at least link to a resource, I've been browsing the internet for hours, no luck.Gerard Balaoro
@GerardBalaoro - here's the link with a complete walk through: laravel.com/docs/5.7/middlewareMarc M.

1 Answers

0
votes

if you have your own conditions you should a little change this but logic is this

public function show($username)
{
    $user = User::where('username',$username)->get();
    if($user->id == Auth::id()){
        // show profile
    }
}