Only access to certain resulsts in resource - How do i limit that?
Hi,
I´m working on a project, and really cant get my head around this issue.
In my model, i have made a check, to see which entries the user can edit - That works like a charm, and the user is only able to see ones they can edit in the list.
´´´->query(static::getAuthorizedModelQuery())´´´´
But in the edit view, the user can basicly just change the ID in the URL and chenge everything. I have mad a policy, and thought i should look in the update function - But that removes the edit availablity completely.
How do i achieve so the user only can edit the ones they have access to?
2 Replies
->contains('marina_id', $marina->id)
looks suspicious@John Your´e absolutely right. Right after i made this post, i rewrote it a bit, to get the marinas accesible from the model, and now it seems to be working as expected.
Thanks 🙂