I need help, I have been trying to hide/protect some fields of my employee form, I want to protect the fields that are below the second header, I want only if the admin has the permission to assign employee to company can I see it, but the The problem comes if the user modifies the html creating fields that in theory he could not modify, so for this I need to validate it in the backend, I have thought about using a middleware to detect if the request has protected fields but I don't know if that is the way to do it , someone could help me?
here's my form:
<!DOCTYPE html>
<html lang="es">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Crear empleado</title>
</head>
<body>
<form action="{{ route('employee.store') }}" method="post">
@csrf
<H1>Datos personales del empleado</H1>
<label for="name">Nombre</label>
<input type="text" name="name" placeholder="Ruben" id="">
<label for="name">Apellido Paterno</label>
<input type="text" name="fathers_last_name" placeholder="Garcia" id="">
<label for="name">Apellido Materno</label>
<input type="text" name="mothers_last_name" placeholder="Garcia" id="">
<label for="name">Correo</label>
<input type="email" name="email" placeholder="[email protected]" id="">
<label for="name">Curp</label>
<input type="text" name="curp" placeholder="KUHP800903MWUIF" id="">
<label for="name">RFC</label>
<input type="text" name="rfc" placeholder="KUHP800903MWUIF" id="">
<label for="name">Imss</label>
<input type="text" name="imss" placeholder="KUHP800903MWUIF" id="">
<label for="name">Edad</label>
<input type="text" name="age" placeholder="50" id="">
<label for="name">Telefonos</label>
<input type="tel" name="telefono" placeholder="50" id="">
<label for="name">Fecha nacimiento</label>
<input type="date" name="birth_date" id="">
<label for="name">Genero</label>
<label for="name">Estado Civil</label>
<select name="gender_id" id="">
@foreach ($martialStatuses as $martialStatus)
<option value="{{$martialStatus->id}}">{{ $martialStatus->name }}</option>
@endforeach
</select>
<select name="gender_id" id="">
@foreach ($genders as $gender)
<option value="{{$gender->id}}">{{ $gender->name }}</option>
@endforeach
</select>
@livewire('adress')
<label for="street">Calle</label>
<input type="text" name="street" id="">
@error('street')
{{ $message }}
@enderror
<label for="interior_number">Numero Interior</label>
<input type="number" name="interior_number" id="">
@error('interior_number')
{{ $message }}
@enderror
<label for="exterior_number">Numero Exterior</label>
<input type="number" name="exterior_number" id="">
@error('exterior_number')
{{ $message }}
@enderror
<label for="zip_code">Codigo Postal</label>
<input type="number" name="zip_code" id="">
@error('zip_code')
{{ $message }}
@enderror
<br>
<label for="active">Puede Ingresa a la aplicacion</label>
<input type="checkbox" name="active" id="active">
<!-- only for administrator who has the permission -->
@can('assing.employee')
<h1>Datos del empleado</h1>
<label for="">Empresa asignada</label>
<select name="company_id" id="">
@foreach ($companies as $company)
<option value="{{$company->id}}">{{ $company->name }}</option>
@endforeach
</select>
<label for="">Equipo</label>
<select name="team_id" id="">
@foreach ($teams as $team)
<option value="{{$team->id}}">{{ $team->name }}</option>
@endforeach
</select>
<label for="">Codigo de empleado</label>
<input type="text" name="employe_code">
<label for="">Fecha de ingreso</label>
<input type="date" name="start_date">
<br>
@endcan
<input type="submit" value="Crear">
</form>
</body>
</html>