Laravel所有者中间件不起作用
[英]Laravel owner middleware not working
问题描述
I created a middleware (app/Http/Middleware/AbortIfNotOwner.php), this is code from another Stackoverflow post 
我创建了一个中间件(app / Http / Middleware / AbortIfNotOwner.php),这是另一个Stackoverflow帖子中的代码
<?php
namespace App\Http\Middleware;
use Closure;
use DB;
class AbortIfNotOwner
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string $resourceName
* @return mixed
*/
public function handle($request, Closure $next, $resourceName)
{
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
if ($request->user()->id != $user_id) {
abort(403, 'Unauthorized action.');
}
return $next($request);
}
}
I register it in the app\\Http\\Kernel.php 我在app \\ Http \\ Kernel.php中注册它
protected $routeMiddleware = [
'owner' => 'App\Http\Middleware\AbortIfNotOwner',
];
and in my route file I have: 在我的路线文件中,我有:
Route::group(['middleware' => ['owner:bids']], function() {
Route::get('user/{id}/bids', ['as' => 'buyer_bids', 'uses' => 'User\Buyer\BidsController@getBidsPerUser']);
});
When I run this code I get an 当我运行此代码时,
ErrorException in AbortIfNotOwner.php line 23: Trying to get property of non-object
This refers to the following lines in the middleware: 这是指中间件中的以下行:
> $resourceId = $request->route()->parameter($resourceName);
> $user_id = \DB::table($resourceName)->find($resourceId)->user_id;
The issue seems to be that resourceId is null I think. 问题似乎是我认为resourceId为null。 I do have a field user_id in the bids table, so am not sure what is wrong. 我在bids表中确实有一个user_id字段,所以不确定是什么错误。 The route URL is like /user/2/bids. 路由URL类似于/ user / 2 / bids。
EDIT - SOLVED 编辑-解决
I found that the below works: 我发现以下作品:
$user_id = \DB::table($resourceName)->find($request->id)->user_id;
instead of 代替
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
This works with the routes like 这适用于类似的路线
Route::get('/{id}/bids'
EDIT - SOLVED - Other solution 编辑-解决-其他解决方案
$resourceId = $request->route()->parameter($resourceName);
$user_id = \DB::table($resourceName)->find($resourceId)->user_id;
will work if the route is changed to 如果将路线更改为将起作用
Route::get('/{bids}/bids'
... instead of ... 代替
Route::get('/{id}/bids'...
2 个解决方案
解决方案1
1 已采纳 2016-06-10 14:00:29
像这样更改您的路由Route::get('user/{bids}/bids'... becasse以获得一个像$request->route()->parameter('name')这样的$request->route()->parameter('name')它必须与路由中的参数名称,表示加粗的一个用户/ {bids} / bids。
解决方案2
0 2016-06-10 13:46:40
\\DB::table($resourceName)->find($resourceId) is returning null (no results), so there's no user_id property to it. \\DB::table($resourceName)->find($resourceId)返回null(无结果),因此没有user_id属性。 Check that you've found a result before attempting to access its properties. 尝试访问其属性之前,请检查是否已找到结果。
Same thing for $request->user()->id - if $request->user() is null due to the user not being logged in, it'll fail. $ request-> user()-> id的情况相同-如果$request->user()由于用户未登录而为null,则它将失败。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.