From f2c368ae67f0bfd8fc968a57d090175255b07c2a Mon Sep 17 00:00:00 2001
From: bad <badatnames@tutanota.com>
Date: Sun, 5 Dec 2021 19:22:52 +0100
Subject: [PATCH] Restrict product modification to admin

---
 routes/web.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/routes/web.php b/routes/web.php
index 8bdca1f..a87a229 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -36,6 +36,7 @@ Route::any("/logout", [LoginController::class, "logout"])->name("logout");
 Route::post("/product/{product}/addToCart", [CartController::class, "addToCart"])->name("addToCart")->middleware("auth");
 Route::post("/product/{product}/removeFromCart", [CartController::class, "removeFromCart"])->name("removeFromCart")->middleware("auth");
 
-Route::resource("product", ProductController::class);
+Route::resource("product", ProductController::class)->middleware("auth.admin");
+Route::resource("product", ProductController::class)->only(["show"]);
 Route::resource("order", OrderController::class)->middleware("auth");
 Route::resource("image", ImageController::class)->only(["store", "delete", "create"])->middleware("auth.admin");