I have made a website where you can make a report, you have to submit a form with your account, and then a admin can handle that report, so the user can log in and see the reports and the status of it, but I want that the user can only see his own reports and not others? Here is my html
@extends('layouts.app')
@section('content')
<div class="container">
<div class="mTop">
<div class="row justify-content-center">
<div class="col-md-8">
@if(session('message'))
<div class="alert alert-success" role="alert">
{{session('message')}}
</div>
@endif
<div class="card">
<div class="card-header">Retourmeldingen</div>
<div class="card-body">
<table class="table table-hover">
<thead>
<tr>
<th scope="col">Firmanaam</th>
<th scope="col"></th>
<th scope="col"></th>
<th scope="col">Status</th>
<th scope="col">Verwerkingstijd</th>
<th scope="col"></th>
</tr>
</thead>
@foreach($retours as $retour)
<tbody>
<tr>
<th scope="row">{{ $retour->firmaname }}</th>
<td><a href="{{ route('return.show', $retour->id) }}">
<button type="button" class="btn btn-secondary btn-sm m-0">Bekijk
</button>
</a></td>
<td>@if( $retour->status === 0)
<a href="{{ route('return.edit', $retour->id) }}">
<button type="button" class="btn btn-secondary btn-sm m-0">Wijzig
</button>
</a>
@else
<a href="{{ route('return.edit', $retour->id) }}">
<button type="button" class="btn btn-secondary btn-sm m-0" disabled>
Wijzig
</button>
</a>
@endif
</td>
<td>@if( $retour->status === 0)
Open
@else
<i style="color: #05af00; font-size: 25px"
class="fa fa-check-circle"></i>
@endif</td>
<td>
@if($retour->status === 0)
Nog niet verwerkt
@elseif($retour->diffInDays === 0)
Zelfde dag verwerkt
@elseif( $retour->diffInDays === 1)
{{ $retour->diffInDays }} dag
@elseif( $retour->diffInDays >= 1)
{{ $retour->diffInDays }} dagen
@endif
</td>
<td>
<form method="post"
action="{{ route('return.destroy', $retour->id) }}">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-danger btn-sm m-0"><i
class="fa fa-trash" aria-hidden="true"></i>
</button>
</form>
</td>
</tr>
</tbody>
@endforeach
</table>
</div>
</div>
<div class="mt-3">{{ $retours->links() }}</div>
</div>
</div>
</div>
</div>
@endsection
So what I want is that the user can see only his own reports based on the firmaname, what I have now is that you can see all the reports
in my opinion you should apply filters at controller level, returning to view only collection of reports owns by the consultant user.
That should be accomplished by user_id field in reports table in case that any report belongs to a unique user, or a pivot table in case that a report can have many owners.
So, if a report only belongs to a unique user, you should filter in your sql query by a WHERE statement such as:
$reports = Reports::where('user_id', $auth->user()->id)->where('other conditions')->get();
And then, in your view yo will have only reports that belongs to current user, which also solves a security issue.