jeudi 12 juillet 2018

only allow admin user to update a particular field

I have a model that I want to allow normal users to edit the main fields in the model (name,telephone etc) on the same model I have a status field.

I have added it to:

protected $guarded = ['id','status','formType'];

I only want the Admin user to be able to update that field, so i only display the status field on the form when the user is an admin.

then in my controller I check if the user is an admin then then set the status like this:

        if (Auth::check())
            $user = Auth::user();
        if ($user->is_admin()) {
            $venue->status = $request->input('status');
        }

This seems quite messy. is there a better way of protecting from update except for an admin.

thanks



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire