Showing only current authenticated user orders in laravel 5.8

manpreet Best Answer 2 years ago

I'm creating an API for the android developer to be able to show the orders made by user.My code makes any user show any product, what I want is only showing orders made by authenticated user

I've protected the route like that:

Route::middleware('auth:api')->group( function () {
    Route::resource('orders', 'API\OrdersController');
});

and I use the following headers on the request:

'headers' => [    'Accept' => 'application/json',    'Authorization' => 'Bearer '.$accessToken,]

here is the controller code of the show($id) method

public function show($id)
{
    $user = Auth::id();
    $Orders = Orders::where('id',$id)->where('order_shopper_id', $user)->get();
    if (is_null($Orders) || empty($Orders)) {
        return $this->sendError('Orders not found.');
    }
    return $this->sendResponse($Orders->toArray(), 'Orders retrieved successfully.');
 }

it works but when for example I try to access order number "2" and the authenticated user didn't create that order, it still returns success with empty data.

All I want is, "Select Order Number (#) but make sure that the logged in user had created that order not someone else, if not return unAuthenticated"

Thank you in advance.

manpreet 2 years ago

The QueryBuilder::get() method returns a collection, a empty collection is still a collection object, so the $Orders never will be null or empty.

Try:

if (!$Orders->count()) {
    return $this->sendError('Orders not found.');
}