protect apis

2024-11-06 14:50:30 +05:00
parent f745ce53d6
commit 55a12291d5
1 changed files with 8 additions and 0 deletions
--- a/app/Modules/LoanOrder/Controllers/LoanOrderController.php
+++ b/app/Modules/LoanOrder/Controllers/LoanOrderController.php
@@ -83,6 +83,10 @@ class LoanOrderController extends Controller
     */
    public function show(LoanOrder $loanOrder)
    {
+        if ($loanOrder->user_id === auth()->id()) {
+            return response()->status(403);
+        }
+
        return response()->json(new LoanOrderShowResource($loanOrder));
    }

@@ -99,6 +103,10 @@ class LoanOrderController extends Controller
     */
    public function destroy(LoanOrder $loanOrder): void
    {
+        if ($loanOrder->user_id === auth()->id()) {
+            return response()->status(403);
+        }
+
        $loanOrder->delete();
    }
 }