php - How to insert authenticated user id in database without using it in the fillable array
one text
I am a beginner in Laravel and following a Laravel tutorial where the instructor is using Laravel 7 while I have Laravel 8 installed. He said we do not want to use user_id in the $fillable array because of security reasons so while creating a new record he used
auth()->user()->stories()->create([
'title' => $request->title,
'body' => $request->body,
'type' => $request->type,
'status' => $request->status,
]);
instead of
Story::create([
'title' => $request->title,
'body' => $request->body,
'type' => $request->type,
'status' => $request->status,
'user_id' =>auth()->id()
]);
but this code is not working for me with the error "Undefined method stories".
Here is my StoriesController
<?php
namespace App\Http\Controllers;
use App\Models\Story;
use Illuminate\Http\Request;
class StoriesController extends Controller
{
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
$stories = Story::where('user_id',auth()->id())->orderBy('id','desc')->paginate(4);
return view('stories.index')->with('stories',$stories);
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
return view('stories.create');
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
auth()->user()->stories()->create([
'title' => $request->title,
'body' => $request->body,
'type' => $request->type,
'status' => $request->status,
'user_id' =>auth()->id()
]);
return redirect('/stories');
}
/**
* Display the specified resource.
*
* @param \App\Models\Story $story
* @return \Illuminate\Http\Response
*/
public function show(Story $story)
{
return view('stories.show',[
'story' => $story
]);
}
/**
* Show the form for editing the specified resource.
*
* @param \App\Models\Story $story
* @return \Illuminate\Http\Response
*/
public function edit(Story $story)
{
//
}
/**
* Update the specified resource in storage.
*
* @param \Illuminate\Http\Request $request
* @param \App\Models\Story $story
* @return \Illuminate\Http\Response
*/
public function update(Request $request, Story $story)
{
//
}
/**
* Remove the specified resource from storage.
*
* @param \App\Models\Story $story
* @return \Illuminate\Http\Response
*/
public function destroy(Story $story)
{
//
}
}
Here is the Story Model
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class Story extends Model
{
use HasFactory;
protected $fillable = ['title','body','type','status'];
public function user(){
return $this->belongsTo(user::class);
}
}
and here is the User Model
<?php
namespace App\Models;
use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var string[]
*/
protected $fillable = [
'name',
'email',
'password',
];
/**
* The attributes that should be hidden for serialization.
*
* @var array
*/
protected $hidden = [
'password',
'remember_token',
];
/**
* The attributes that should be cast.
*
* @var array
*/
protected $casts = [
'email_verified_at' => 'datetime',
];
public function stories(){
return $this->hasMany(Story::class);
}
}
I would really appreciate any assistance provided . Thank You
Source