权限用户和角色
[英]Permissions User and Roles
问题描述
I need some advice, basically I have an application where users can register as normal customers, and inside the dashboard there is a option to register as an author for a list of categories. 
我需要一些建议,基本上我有一个用户可以注册为普通客户的应用程序,并且在仪表板内可以选择注册为类别列表的作者。 A customer can be many authors. 一个客户可以有很多作者。
So basically after registering/subscribing as an author in the custom dashboard appears a box of his author(s) that he created and after clicking it goes to a specific dashboard with different menu, etc. 因此,基本上,在自定义仪表板中注册/订阅了作者后,便会出现一个他创建的作者框,单击该框后,将转到具有不同菜单的特定仪表板,等等。
My only issue is when I start to create the permissions, for example I created a Middle-ware with the name of "author", so when someone try to access these pages it must be an author. 我唯一的问题是,当我开始创建权限时,例如,我创建了一个名为“作者”的中间件,因此当有人尝试访问这些页面时,它必须是作者。
Middleware code: 中间件代码:
public function handle($request, Closure $next)
{
if(isset($request->id) && auth()->check() && count(auth()->user()->authorsProfile) > 0){
return $next($request);
}
return redirect('/dashboard')->with("error","Only Authors Allowed");
}
example: 例:
Route::group(['middleware' => ['auth','author']], function() {
//Dashboard
Route::get('authorsarea/{id}','AuthorController@dashboard')->name('author-dashboard');
});
So the second validation i need to make is inside the controllers, I need to check based on the ID if this an author id belongs to the customer/user. 因此,我需要进行的第二次验证是在控制器内部,我需要根据ID来检查作者ID是否属于客户/用户。
example: 例:
public function dashboard($id)
{
$user = Auth::user();
$user_author = Author::find($id);
if($user_author->user_id != Auth::user()->id){
return back()->with("error","This Author is not you");
}
//Go to dashboard
return view('frontend.author.dashboard');
}
I feel that pasting alwasy this code and checking if this author belongs to the user doesnt feel quite clean, is there a better way than pasting always this code in each page controller where I try to access a private area for authors? 我觉得将这些代码粘贴并检查该作者是否属于用户并不觉得很干净,有没有比总是在每个页面控制器中粘贴此代码(试图访问作者的私有区域)更好的方法呢?
Or even if you guys feel that there is a completely different way of doing all of this I'm open to it. 甚至,即使你们觉得做这一切的方式完全不同,我也愿意接受。
1 个解决方案
解决方案1
2 已采纳 2018-05-18 11:40:26
You can make another middleware and have the check there, similar to the author middleware you have created. 您可以制作另一个中间件并在此处进行检查,类似于您创建的作者中间件。 Something like this: 像这样:
public function handle($request, Closure $next)
{
$authorID = $request->route()->parameter('id');
$user_author = Author::find($authorID);
if($user_author->user_id != auth()->user()->id){
return back()->with('error', 'This Author is not you');
}
return $next($request);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.