Please explain this in more detail if it is unsecured. Anyways, this is admin app and on other videos we are adding admin role so admin can only perform this operation.
For those reading this: In this situation it's not a problem since it's an admin panel and all admins have access to the same data. In this example it is: There's different users who can make posts. They have an overview with their own posts and can delete it directly from the list like in this video. The delete button looks like this: wire:click.prevent="delete(2)" The user can open inspect element and change the 2 in something else like 6. The post with the id 6 will get deleted, even if it doesn't belong to this user. You can solve it by making a laravel policy and adding the authorize() function in every method. A more messy way to verify is to add something like this: if ($this->posts->contains('id', $this->postBeingRemoved->id)) { //the delete code }
Hi, I follow every step of this tutorial, at the minute of 7:12 the pop up window for delete form no appear. Which steps do I miss?
Nice..
Thanks.
good tutorial brother. can you sharing your social profile?
You can just do $this->reset() to reset the feilds. You dont have to list each field
that's cool, i like this. thank you.
just take care if you have mount with public property it will reset also and cause error on your app.
how do you use sweet alerts?
Hi, Muhamad, I will be making the video on it. stay tuned :)
@@Clovon okay thank you
@@muhamadardinurinsan572 Finally, i uploaded the video on it :) . Check this out: ruclips.net/video/CI5fZZrQOd4/видео.html
This is 100% unsecured. Coz, the deleted id can changed in the blade file.
Please explain this in more detail if it is unsecured. Anyways, this is admin app and on other videos we are adding admin role so admin can only perform this operation.
For those reading this: In this situation it's not a problem since it's an admin panel and all admins have access to the same data.
In this example it is:
There's different users who can make posts. They have an overview with their own posts and can delete it directly from the list like in this video.
The delete button looks like this: wire:click.prevent="delete(2)"
The user can open inspect element and change the 2 in something else like 6. The post with the id 6 will get deleted, even if it doesn't belong to this user.
You can solve it by making a laravel policy and adding the authorize() function in every method.
A more messy way to verify is to add something like this:
if ($this->posts->contains('id', $this->postBeingRemoved->id)) {
//the delete code
}
Please do you mind sharing your GitHub profile?
Nice Work
Thanks. Here it is: github.com/clovon