Let's say there some users who have several posts. Every user has many posts, and every post belongs to one user. To change post frontend uses URL like users/1/posts/3. The goal is to check, that post number 3 belongs to user number 1. There are several ways to do it:
- Check inside controller method or service(bad method IMHO)
- Check inside custom request (authorize function)
- Check inside middleware
I choose between the last 2, but have some doubts. The custom request should contain validation rules and do not be linked with authorization(SOLID), and I don't know if it's good to do it inside middleware.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire