public function destroy($id) { $request = Request::find($id); if ($request->submitted_by != Auth::User()->id && !Auth::User()->hasRole(['administrator', 'approver'])) { return view('security.401'); } Request::destroy($id); }