security. is this code enough to stop someone create/edit data via postman?
class UserResource extends Resource
{
protected static ?string $model = User::class;
protected static ?string $navigationIcon = 'heroicon-o-user-group';
public static function canViewAny(): bool
{
return Auth::user()?->hasRole('administrator');
}
public static function canCreate(): bool
{
return Auth::user()?->hasRole('administrator');
}
public static function canEdit(Model $record): bool
{
return Auth::user()?->hasRole('administrator');
}
public static function canDelete(Model $record): bool
{
return Auth::user()?->hasRole('administrator');
}
1 Reply
Well, via postman meaning an api, that’s on you and has nothing to do with filament.