I have the following tables:
- companies
- users
- departments
- services
We have the following structure:
A user belongs to a company
A company has many departments
One department has multiple services.
The problem is that I want to validate the service department that has a specific company_id
flag using only the service ID.
Database:
company
| id | name |
| 1 | Company 1 |
| 2 | Company 2 |
user
| id | name | company_id |
| 1 | User 1 | 1 |
departments
| id | name | company_id |
| 1 | Department 1 | 1 |
| 2 | Department 2 | 2 |
services
| id | name | departments_id |
| 1 | Service 1 | 1 |
| 2 | Service 2 | 2 |
The endpoints looks like this:
Looged in user belongs to Company 1
$app->delete('/{id}', ['uses' => 'ServicesController@deleteService']);
Delete service method
public function deleteService($id, Request $request)
{
$request['id'] = $id;
$this->validate($request, [
'id' => 'required|exists:services,id',
]);
$result = Service::deleteService($id, $this->user->company_id);
return response()->json($result);
}
The user of Company 1
should not be able to delete the Service 2
. How can I achieve this?
Thanks.
最可监督的方式是编写自定义验证器
You can do it using policies
in Laravel, check the docs
it will be something like this
$request['id'] = $id;
$this->validate($request, [
'id' => 'required|exists:services,id',
]);
$this->authorize('delete', $id); // will check if user can delete the company as the needed logic.
$result = Service::deleteService($id, $this->user->company_id);
return response()->json($result);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.