There is some endpoint like users/{user_id}/events/. It's available only with auth token -
Route::group(['middleware' => 'auth:api'], function ()
But I need one more level of protection. This endpoint should be available only for the user which id is equal to user_id. I mean users/1/events/ is available for the user with id 1.
I know two ways to solve it:
- Create FormRequest and check all inside
authorizemethod. - Check it inside the method in the Controller.
I prefer the first approach to have thin controllers. But have doubts, is it good to do it thus or there is a better solution?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire