[英]Laravel owner middleware not working
I created a middleware (app/Http/Middleware/AbortIfNotOwner.php), this is code from another Stackoverflow post 我创建了一个中间件(app / Http / Middleware / AbortIfNotOwner.php),这是另一个Stackoverflow帖子中的代码
<?php
namespace App\Http\Middleware;
use Closure;
use DB;
class AbortIfNotOwner
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $resourceName
* @return mixed
*/
public function handle($request, Closure $next, $resourceName)
{
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
if ($request->user()->id != $user_id) {
abort(403, 'Unauthorized action.');
}
return $next($request);
}
}
I register it in the app\\Http\\Kernel.php 我在app \\ Http \\ Kernel.php中注册它
protected $routeMiddleware = [
'owner' => 'App\Http\Middleware\AbortIfNotOwner',
];
and in my route file I have: 在我的路线文件中,我有:
Route::group(['middleware' => ['owner:bids']], function() {
Route::get('user/{id}/bids', ['as' => 'buyer_bids', 'uses' => 'User\Buyer\BidsController@getBidsPerUser']);
});
When I run this code I get an 当我运行此代码时,
ErrorException in AbortIfNotOwner.php line 23: Trying to get property of non-object AbortIfNotOwner.php第23行中的ErrorException:试图获取非对象的属性
This refers to the following lines in the middleware: 这是指中间件中的以下行:
> $resourceId = $request->route()->parameter($resourceName);
> $user_id = \DB::table($resourceName)->find($resourceId)->user_id;
The issue seems to be that resourceId is null I think. 问题似乎是我认为resourceId为null。 I do have a field user_id in the bids table, so am not sure what is wrong. 我在bids表中确实有一个user_id字段,所以不确定是什么错误。 The route URL is like /user/2/bids. 路由URL类似于/ user / 2 / bids。
I found that the below works: 我发现以下作品:
$user_id = \DB::table($resourceName)->find($request->id)->user_id;
instead of 代替
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
This works with the routes like 这适用于类似的路线
Route::get('/{id}/bids' 路线:: get('/ {id} / bids'
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
will work if the route is changed to 如果将路线更改为将起作用
Route::get('/{bids}/bids' 路线:: get('/ {bids} / bids'
... instead of ... 代替
Route::get('/{id}/bids'... 路线:: get('/ {id} / bids'...
像这样更改您的路由Route::get('user/{bids}/bids'...
becasse以获得一个像$request->route()->parameter('name')
这样的$request->route()->parameter('name')
它必须与路由中的参数名称,表示加粗的一个用户/ {bids} / bids。
\\DB::table($resourceName)->find($resourceId)
is returning null (no results), so there's no user_id
property to it. \\DB::table($resourceName)->find($resourceId)
返回null(无结果),因此没有user_id
属性。 Check that you've found a result before attempting to access its properties. 尝试访问其属性之前,请检查是否已找到结果。
Same thing for $request->user()->id - if $request->user()
is null due to the user not being logged in, it'll fail. $ request-> user()-> id的情况相同-如果$request->user()
由于用户未登录而为null,则它将失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.