stackoom
  简体   繁体   中英

Permissions User and Roles

 原文  2018-05-18 11:33:32       php/ laravel/ laravel-5

Question

I need some advice, basically I have an application where users can register as normal customers, and inside the dashboard there is a option to register as an author for a list of categories. A customer can be many authors.

So basically after registering/subscribing as an author in the custom dashboard appears a box of his author(s) that he created and after clicking it goes to a specific dashboard with different menu, etc.

My only issue is when I start to create the permissions, for example I created a Middle-ware with the name of "author", so when someone try to access these pages it must be an author.

Middleware code: 

public function handle($request, Closure $next)
    {

        if(isset($request->id) && auth()->check() && count(auth()->user()->authorsProfile) > 0){
            return $next($request);
        }
        return redirect('/dashboard')->with("error","Only Authors Allowed");
    }

example: 

Route::group(['middleware' => ['auth','author']], function() {
//Dashboard
Route::get('authorsarea/{id}','AuthorController@dashboard')->name('author-dashboard');
});

So the second validation i need to make is inside the controllers, I need to check based on the ID if this an author id belongs to the customer/user.

example: 

 public function dashboard($id)
    {

        $user = Auth::user();

        $user_author = Author::find($id);

        if($user_author->user_id != Auth::user()->id){
            return back()->with("error","This Author is not you");
        }

        //Go to dashboard
        return view('frontend.author.dashboard');
    }

I feel that pasting alwasy this code and checking if this author belongs to the user doesnt feel quite clean, is there a better way than pasting always this code in each page controller where I try to access a private area for authors?

Or even if you guys feel that there is a completely different way of doing all of this I'm open to it.

1 answers

solution1
 2 ACCPTED  2018-05-18 11:40:26

You can make another middleware and have the check there, similar to the author middleware you have created. Something like this: 

public function handle($request, Closure $next)
{
    $authorID = $request->route()->parameter('id');
    $user_author = Author::find($authorID);

    if($user_author->user_id != auth()->user()->id){
        return back()->with('error', 'This Author is not you');
    }

    return $next($request);
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Customized User Registration/Login and roles/permissions in CakePHP? Custom user-roles and -permissions in installation script Laravel 8 User roles & Permissions using jetstream Update Permissions User Roles & Permissions using multiple checkboxes in PHP Laravel 5.5 Permissions - User does not have the right roles Showing multiple roles assigned to a user in Laravel using Spatie Permissions Laravel 5.6 - User Roles and Permissions (ACL) using Spatie Tutorial Laravel 5 roles and permissions (Bican/Roles) Roles and permissions in php Laravel 7 - Roles and Permissions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM