I am using Laravel to build a simple Movie management System.
When a User creates a Movie in my DB, I use the following
public function store()
{
$input = Input::except('_token');
$id = Helpers::loggedInUser()->id;
$input['creator_id'] = $id;
$this->title->create($input);
return Redirect::back()->withSuccess( trans('main.created successfully') );
}
This successfully passes the users id and stores in it a creator_id field
I want to restrict users from editing Movies which they did not create. So in the edit function I have
public function edit($title)
{
$title = $this->title->byURi( e($title) );
$id = Helpers::loggedInUser()->id;
$titleuser=$title['creator_id'];
if ( $titleuser = $id )
{
return View::make('Titles.Edit')->withTitle($title)->withType('movies');
}
}
However, this does not seem to work. Anyone with a movie.edit permission in my sentry user db can still see the view.
If you compare two variables you have to use two equal signs, otherwise you set the first variable to the value of the second.
if ( $titleuser == $id )