I can delete comments when i type this in the url.. /delete/{id} from the comment. I need that to be private/disabled.
Route:
Route::get('/delete/{id}', 'commentController@delete');
controller:
function delete($id)
{
comment::where('id',$id)->delete();
return back();
}
view:
<a href="/delete/{{ $comment->id}}">
<button type="submit" class="btn btn-danger pull-right">Delete</button>
</a>
I think you want to show delete comment links only for comment owner
so in your view you should have if condition
for example:
@if (Auth::user() && (Auth::user()->id == $comment->user_id))
<a href="/delete/{{ $comment->id}}"> <button type="submit" class="btn btn-danger pull-right">Delete</button></a>
@endif
in this condition comment delete link only display for comment owner $comment->user_id is comment owner id that i dont know how you store it in your database
of course you should check it in you controller too like this:
{
if (Auth::user() && (Auth::user()->id == $comment->user_id)) {
comment::where('id',$id)->delete();
return back();
}else
return 'you dont have permission';
}
and if you want to limit it only for admin , in condition you should check user is admin like this:
Auth::user()->id == [admin_id]
OR define a admin role and check
Auth::user()->role == 'admin'
Don't remember to study form-method-spoofing to choose best way to delete data in your database