Laravel has a cool way of filtering HTTP requests entering your application. The HTTP Middleware. You can find all your Middleware inside your ‘App\Http\Middleware‘ folder. Middleware is in charge of the default user authentication and verification filters. Like if a user is not logged in, then it will be redirected to a login screen. And so much more you can do about it.
To learn more about Middleware check the official docs here.
I will share basic filter that will only allow admin user to delete records in your app. This means that even the one who created the record, if he is not administrator, he cannot delete his own record. ( of course if you want him to delete record you can just tweak the code ).
Before we proceed:
- If you don’t have categorization of your user role (admin, encoder, author, 1, 2 etc…), just make sure to alter user table, add a field named ‘role’ or any identifier for your role.