protect apis

app/Modules/LoanOrder/Controllers/LoanOrderController.php

@@ -83,6 +83,10 @@ class LoanOrderController extends Controller
      */
     public function show(LoanOrder $loanOrder)
     {
+        if ($loanOrder->user_id === auth()->id()) {
+            return response()->status(403);
+        }
+
         return response()->json(new LoanOrderShowResource($loanOrder));
     }
 
@@ -99,6 +103,10 @@ class LoanOrderController extends Controller
      */
     public function destroy(LoanOrder $loanOrder): void
     {
+        if ($loanOrder->user_id === auth()->id()) {
+            return response()->status(403);
+        }
+
         $loanOrder->delete();
     }
 }