laravel url / delete / id will delete a comment, need it be disabled

advertisements

I can delete comments when i type this in the url.. /delete/{id} from the comment. I need that to be private/disabled.

Route:

Route::get('/delete/{id}', 'commentController@delete');

controller:

function delete($id)
{
    comment::where('id',$id)->delete();
    return back();
}

view:

<a href="/delete/{{ $comment->id}}">
    <button type="submit" class="btn btn-danger pull-right">Delete</button>
</a>


I think you want to show delete comment links only for comment owner

so in your view you should have if condition

for example:

@if (Auth::user() && (Auth::user()->id == $comment->user_id))
    <a href="/delete/{{ $comment->id}}">   <button type="submit" class="btn btn-danger pull-right">Delete</button></a>
@endif

in this condition comment delete link only display for comment owner $comment->user_id is comment owner id that i dont know how you store it in your database

of course you should check it in you controller too like this:

{
if (Auth::user() && (Auth::user()->id == $comment->user_id)) {
    comment::where('id',$id)->delete();
    return back();
}else
return 'you dont have permission';
}

and if you want to limit it only for admin , in condition you should check user is admin like this:

Auth::user()->id == [admin_id]

OR define a admin role and check

Auth::user()->role == 'admin'

Don't remember to study form-method-spoofing to choose best way to delete data in your database