So now that we have the user_id in our DB table, let's filter by that, so that each user would access only their projects.
Option 1. Straightforward where()
Of course, the most typical filter method is to filter with the where() statement.
app/Http/Controllers/ProjectController.php:
class ProjectController extends Controller{ public function index() { $projects = Project::where('user_id', auth()->id())->get(); return view('projects.index', compact('projects')); } // ...}If I register with a new user and visit the Projects page, I will not see any projects.
But the problem is I can still enter the Edit page for other projects by guessing the URL of /projects/1/edit even if different user has created that project.
So, you must add those where() conditions in...
This is really cool and I like the approach with the global scope very much. But what if an Admin signs in, that is able to see a list of all projects?
You can add an if statement at the scope, that if the user is admin then not apply the global scope.
Hi, the video links seems faulty :
Hi, this could be due to country limitations done by Vimeo. Please check if vimeo.com works in your country (there is nothing we can do to change which countries they support, sorry)
The problem with the global scope is that in jobs or command there is not authenticated user,
auth()will returnnull.Why not just use
auth()->user()->projectsin the controller ?Seeder also sees an issue with this approach. Authenticating as the user first becomes slow: Auth::login($user);
awesome content