dwaard
commented
4 years ago We definately need more authorization levels. The isadmin field is not sufficient. Add https://github.com/spatie/laravel-permission to the project and remove the isAdmin field entirely
Audit all the routes to see if authorization os correct. Also, add extra authorization for users who are admin (isAdmin==true)