I am building an api with laravel and have the following models/tables:
user
---
id
name
customers
---
id
name
user_id
projects
---
id
name
customer_id
All requests to the api are done with a passport token, so I know which user is currently using the api.
How to prevent an user to create/update a project with a wrong customer_id? With wrong, I mean a customer_id, which doesn't belong to the user?
I know, that I could manually check it with a query, but is there a buildin / more elegant way to do this?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire