Consider below scenario.
I have tried it using Request class.
use App\Http\Requests\Request;
use Auth;
use App\User;
class ProfileRequest extends Request
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
$routeUser = $this->route('userId');
if($routeUser->id == Auth::user()->id){
return true;
}
else{
abort(403);
}
}
}
Problem: It displays form with all information. It only blocks user when tries to update the info. How to block a user so that he/she cannot even view the form with data??
Use Laravel ACL to manage the role wise user access. By using role wise access only authorized user can access his/her account and do some stuff.