How to make sure a user can only delete his own records using Laravel

How to make sure a user can only delete his own records.

Here how i am deleting a post with the following url.

http://example.com/dashboard/sessions/delete/{id}

Now user can also pass any post id here and then record will be deleted for that id regardless if the post does not belong to user. How can i overcome this issue using Laravel

Solution

The best way is to use policies for this purpose

Policies are classes that organize authorization logic around a particular model or resource. For example, if your application is a blog, you may have a Post model and a corresponding PostPolicy to authorize user actions such as creating or updating posts.

If for some reason you don't want to use policies, you can check user manually:

if (auth()->check && auth()->user()->id === $post->user_id) {
    // Delete post.
}

Why am I getting 401 errors on Livewire uploads
Railway.app Laravel / Vue deployment: filepath error
focus:outline-none not working Tailwind CSS with Laravel
Laravel 9 mail on production get only this error - Expected response code "250" but got code "451"
Consume API endpoint from Laravel + Inertia App
Missing routes.php File in New Laravel Project
Best case for seeding large data in Laravel
Redis keys are not expiring - Laravel, Predis
Disable Edit or Delete for specific record in Filament Laravel
laravel 11. lorisleiva/laravel-actions. How to register command
Laravel task scheduler doesn't work
How to reference another docker service from Dockerfile
Laravel Sail is not working properly in Ubuntu 20.04 LTS
Undefined variable $form on remote server
search with pagination is not working in laravel
Does Laravel's "soft_delete" need index on MySQL?
Optimize aggregate queries
Not getting unpaid or partially paid records some can help me?
In Laravel, how can I get the validation errors
Laravel Database Insert Error in artisan tinker
Display hidden not working with flex in Tailwind
Laravel Nova: How to Create User and Associated Profile Simultaneously in One Step
How do I get the @inertia directive to work in InertiaJS with Laravel?
Laravel - htmlspecialchars() expects parameter 1 to be string, object given
How to build vite each css files in a specific path (JS path working but not for CSS files) (Fixed!)
How to Load Background Images from the Public Directory in CSS with Vite in Laravel?
Member has protected visibility and is not accessible from the current context.PHP
Target class [config] does not exist error in laravel for testing
How to install all required PHP extensions for Laravel?
Default Persistent Layout In Laravel + Inertia + Vite