This episode is for members only
Sign up to access "Eloquent Relationships By Example" right now.
Get started
Already a member? Sign in to continue
Playing
11. Deleting records
Episodes
01. Introduction
02. One to one
03. One to many
04. Belongs to
05. Eager loading
06. Many to many
20. Defining many to many relationships
13m 46s
0%
21. Attaching relations
8m 58s
0%
22. Detaching relations
1m 52s
0%
23. Attaching and detaching multiple relations
3m 58s
0%
24. Eager loading
2m 15s
0%
25. Defining the inverse of the relationship
7m 40s
0%
26. Intermediate table columns
7m 54s
0%
27. Filtering by intermediate columns
8m 16s
0%
28. Syncing relations
7m 19s
0%
07. Has many through
08. Has one through
Transcript
00:00
We're now going to look at deleting a post. And again, there are a couple of ways that you can do this.
00:06
The first way that we're going to look at is the most simple. That is receiving a post in the post. We actually want to delete and then just deleting it. The second way is accessing the post through the relationship before we delete it.
00:20
There's a good reason why you might want to do that. And I'll explain why. So I'm going to go ahead and create out a just to get root in here. Normally, this would be a delete route, of course.
00:30
But let's go and create out a post slash. And then let's use root model binding to accept the post in that we want to delete. Now, we'll do this all within our web routes just so we can make this really quick. But let's accept that post in and then let's just die dump on that post.
00:49
So now all we're going to do is just pick a post from here. Let's choose one and let's go over to slash posts and slash this. In actual fact, let's change this to delete and post. So it's a little bit clearer.
01:03
And that's the post that we want to delete. Now, a really easy way to delete this post would now just be to say post delete, because we're working with the model itself. This will send a query through to delete this.
01:17
And if we head over and refresh the page here, sure enough, that gets removed from the database. Now, the problem that we have with this approach, particularly when we're learning Laravel, is that we're not authorizing this request.
01:32
If you did have an endpoint like this in your application, where the user could click through or submit a form to delete a post, you need to know that they own that post before they delete it. Otherwise, anyone could just pass any post ID in and this would just be deleted.
01:48
Now, of course, what you can do to protect this is add an if statement in here. But I wouldn't recommend that. I'd recommend waiting until you've learned about authorization before we get onto that. But there is another way that we can kind of bypass the need for authorization
02:02
and make sure that the post that we're deleting comes from that user. So I'm going to show you how to do that now. And then we're going to go ahead and look at adding in an extra record, adding in an extra user to see how this works.
02:15
So instead of saying post delete, we're instead going to access the currently authenticated user or the user that, in this case, we're just plucking out of the database. Then we're going to go into the post relationship and we're going to say where, and let's just keep this super simple for now, ID equals the post ID.
02:38
Now, let's just grab the first result that we get back from this, because when we say where ID, we should only really get one item back because IDs are unique in the database. So let's go ahead and assign this post here. In fact, we can't really do that.
02:52
So let's just call this user post. We'll die dump on this user post and see what we get. So if we head over to the database, we've got one post left with an ID of five. So let's say delete five.
03:05
That gives us back that post. That's only because that exists within the user's posts. So what we're doing here is we're saying grab the post with a post ID of five, but only within the user's post collection.
03:20
So effectively, now we wouldn't need to authorize this or check that the user owned the post because we're scoping this to the user's post. So this is a really important technique. Even if you are authorizing, it's a good idea to get into the habit of
03:35
accessing these through the relationship. This does slightly slow things down because we're having to look the post up, then technically look the post up again, and then technically go ahead and perform another query to delete it.
03:47
But I find the speed difference here isn't massive, and it just adds that extra layer of protection. OK. So let's take a look at an example of this where we have another user in the database.
04:00
So to demonstrate this, I'm just going to, in fact, let's go ahead and do this with Tinker. So we've got some slightly different data. So let's say PHP artisan Tinker, and we can re-bring up that factory command to create another user.
04:14
And we're going to go ahead and manually do this in the database. So I'm going to create another post. So another post. And I'm going to assign this to the user, this one here.
04:26
So user two. So now what would happen is if I pass through the ID of six into here, we get a null value because that post doesn't belong to us. And remember, we're trying to access a post within the user ID's one collection of posts.
04:44
So hopefully that makes sense. Now, with this user post directly now, because this is a model, we can just call the delete method on that. Before I do this, I'm going to show you a slightly different way
04:55
that we can go ahead without a where here. So we can actually still use find. So find usually takes just an ID in, but we can actually pass the post in here. And I find this a little bit easier to read.
05:06
So within the user's posts, find the post that we want to delete and grab the first one. And then we can go ahead and delete it. We can actually do this all in one line, which we're going to look at as well. So if you have a look here, you can see we get exactly the same thing.
05:20
If we head over to post five, you can see we get exactly the same thing as well. So just using find rather than building up a where clause manually, I find just looks a little bit better. So now that we've done this, let's go ahead and actually delete this post.
05:33
So we've got a user post, which we know is a post model, and we can just go ahead and delete this now. So that's just going to work as we would expect. We head over to the database.
05:42
Sure enough, that has now disappeared. Now I'm going to go ahead and bring back a test post here for my user, because there's a slightly different way we can do that as well without having to grab the first item and then delete it.
05:56
What we can actually do here is just delete it straight up. So we can do this all in one line. And that means we don't even have to assign this a variable. We just go into the user's posts, find the post that we want to delete,
06:10
and then we delete it. So much clearer. We've saved a couple of lines and it's a lot clearer. So if we head back over now and actually find the post that we want to delete,
06:20
this is now seven and we go over to seven. Okay. Yeah. So we do actually get an error here, and that is just because find is going to return us a collection.
06:29
But what we want to do here is say first, because when we find it by that particular thing, it's going to return us a collection, but then we grab the first post. So find this post and then delete it.
06:40
So let's give that a refresh. And there we go. It should disappear. And once again, we're still protected here.
06:45
So if we go and try and delete post six, like we saw before we head over here, that is just not going to work. Now we do get an error here because technically what we're trying to do is find a post that doesn't belong to us.
06:59
So it's just returning null. And then we can't call delete on null that's returned by first because we don't have any posts there. So, of course, you're going to want to, at some point,
07:10
add in authorization here to make sure that the user does own this post. But if you were to create this line out and just wanted it to silently fail and not do anything, and you did have authorization here, you can use a null safe operator to access the delete method
07:25
on a potential null value. So if we give this a refresh, it does nothing. So there's no error here, but that has not been deleted because it couldn't find that post it wanted to delete.
07:35
So although this was pretty long for an episode on deleting posts, I find things like this really interesting because there are lots of different ways to do things. Most of the time you would want to come in here,
07:47
authorize the fact that a, if we spell that correctly, authorize the fact that a post belongs to a user and then just delete that post. So you would just use post delete.
07:59
And that is absolutely good enough. But there are other ways to do this. And it's really important to think about security when we are working with deleting records in particular,
08:09
updating things, and of course, everything else. So there we go. That is how we delete posts in a couple of different ways with a few refactors along the way.
33 episodes•4 hrs 18 mins•1 year ago
Overview
Eloquent is Laravel's ORM (Object Relational Mapper). In simple terms, it's how your models work with the database.
The good news? There's a bunch of powerful relationship types available. Our task is to learn when and where to use each one.
In this course, we'll cover each basic relationship type, how to access related models, and then insert, sync, update and delete related data. Oh, and we'll build a practical example for each relationship type, to really make it stick.
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!
Comments
No comments, yet. Be the first to leave a comment.