So if a user wants to edit their own ticket they can do it from a form. But if they change the ID in the form, they can also edit another user's ticket. How do I prevent this?
public function edit(Ticket $ticket)
{
$user = request()->user()->ticket()->get();
if ($ticket === $user){
return view('users.tickets.edit',['ticket' => $ticket,]);
}
else{
abort(403);
}
}
It automatically pick abort 403
This is the user Model
public function ticket(){
return $this->belongsToMany(Ticket::class, 'ticket_user');
}
This is the ticket model
public function users() {
return $this->belongsToMany(User::class, 'ticket_user');
}