From 1a3d24f595a97d56c9d75791f2ee00c3e80dfa40 Mon Sep 17 00:00:00 2001
From: Rachel Sidney <13515124@std.stei.itb.ac.id>
Date: Tue, 24 Apr 2018 23:31:23 +0700
Subject: [PATCH] add credentials to destroy a member

---
 app/Http/Controllers/MembersController.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Http/Controllers/MembersController.php b/app/Http/Controllers/MembersController.php
index 9dbfe19..93708f5 100644
--- a/app/Http/Controllers/MembersController.php
+++ b/app/Http/Controllers/MembersController.php
@@ -202,6 +202,11 @@ class MembersController extends Controller
      */
     public function destroy($id)
     {
+        $isAdmin = Auth::user() != null && Auth::user()->IsAdmin == 1;
+
+        if(!$isAdmin)
+            return redirect('/');
+
         $user = Member::find($id);
         if($user !== null) {
             $user->delete();
-- 
GitLab