stackoom
  简体   繁体   中英

Laravel: How to protect resources from access by other users?

 原文  2017-10-24 08:06:10       php/ laravel/ security/ authentication/ authorization

Question

I'm wondering how to protect resources from access by other users with Laravel.

For example if I have this scenario:

  • User 1 has a resource with id 1
  • User 2 has a resource with id 2

how can I protect access of resource 2 from user 1?

An example is accessing a resource for edit via this URL:

http://localhost:8000/resource/2/edit

Does Laravel has a feature to do that or should I manually check the ownership in every Controller's method?

Thanks in advance.

1 answers

solution1
 2 ACCPTED  2017-10-24 08:16:12

You can create policy for that :

public function update(User $user, Resource $resource)
{
    return $user->id == $resource->user_id; //for example
}

then you can add it as middleware to your edit route :

Route::get('resource/{resource}/edit', ResourceController@edit)->middleware('can:update,resource');

Ps: that's just an example in the documentation there are many usful things that can help you

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Laravel prevent users from editing/viewing other users' resources How get access token from other users How to access protect variable within class Laravel How to access assets from resources sub folder in Laravel? How to access controller from other controller in Laravel? How to password protect a directory but still give users access How to access a field data from users table from a controller in Laravel? how to protect deleting files from other folder Laravel 5.2, how to access users information from any route how to prevent access database and resources in laravel blade?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM