Consider below scenario.
- There are 2 users who registered with the system.
- If user 1 is logged in and tries to update User 2's profile. It should not be allowed.
I have tried it using Request class.
use App\Http\Requests\Request;
use Auth;
use App\User;
class ProfileRequest extends Request
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
$routeUser = $this->route('userId');
if($routeUser->id == Auth::user()->id){
return true;
}
else{
abort(403);
}
}
}
Problem: It displays form with all information. It only blocks user when tries to update the info. How to block a user so that he/she cannot even view the form with data??