I am having issues with Laravel 4. When a user logs in, they are able to create or edit a saved form called a "Project". I need to be able to make it where a user can only edit the forms "projects" that they created. Currently, anyone can edit anyone elses project by changing the project id in the url.
Example: projects/3/edit
edits the project with an id of 3
I tried using the following code but it returns an error "Trying to get property of non-object" but project is an object. Any advice is much appreciated.
Route::filter('auth', function()
{
if (Auth::guest()) return Redirect::guest('login');
});
Route::filter('auth.project', function($route, $request)
{
if($route->parameter('project')->user_id !== Auth::user()->id)
{
return Redirect::route('/')->with('error','sorry, you can only access projects that you created');
}
return Redirect::route('/');
});
Route::filter('auth.basic', function()
{
return Auth::basic();
});
Route::get('/projects/{projects}/edit','ProjectsController@edit', ['before' => 'auth.project']);
You have this filter
:
Route::filter('auth.project', function($route, $request)
{
if($route->parameter('project')->user_id !== Auth::user()->id)
{
return Redirect::route('/')->with('error','sorry, you can only access projects that you created');
}
return Redirect::route('/');
});
Here if($route->parameter('project')->user_id !== Auth::user()->id)
is not right because the first thing is that, your route is declared as given below:
// This is not right
Route::get('/projects/{projects}/edit','ProjectsController@edit', ['before' => 'auth.project']);
Try this:
Route::get('/projects/{projects}/edit', ['before' => 'auth.project', 'uses' => 'AuthorsController@edit']);
Also, the parameter is projects
not project
but you are using project
in your filter and then, the second problem is that, you are trying to get property of non-object
because $route->parameter('project')
returns null
and even if you use projects
then it may return the 3
but still that will throw an error because 3
is not an object. You need to grab that Project
whose id
is 3
or you may use a route model binding. So, if you use something like this:
$project = Project::find($route->parameter('projects')); // Assumed that 3 is id
if($project->user_id !== Auth::user()->id) {
//...
}
Also you may use a route model binding like this:
Route::model('projects', 'Project'); // Project Model must be existed
Route::get('/projects/{projects}/edit', ['before' => 'auth.project', 'uses' => 'AuthorsController@edit']);
Then in your edit
method:
public function edit(Project $project)
{
// $project is an Eloquent Object, will be injected automatically...
});
Well, just looking at what you've posted here, I see a couple issues.
First, you named your parameter projects
in your route and try to access project
in your filter, which is non-existent.
Second, $route
is of type Illuminate\\Routing\\Route
which has a method called getParameter
, not parameter
. More can be found in the documentation linked here .
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.