I'm working on an application where the user has projects assigned to him, which he sees on his website. After clicking on a given project, it is moved to the page of this project where the url looks like eg ./project/22 - 22 is the id of the project. The problem is that another user entering in the search engine eg / project / 22 can see this project even though it is not assigned to it. I also have a pivot table where the project id and user id are stored. This is my code to show project: Controller:
public function projects($id)
{
$project = Project::findOrFail($id);
return view('pages.project')->with('project', $project);
}
Project model:
public function users()
{
return $this->belongsToMany('App\User')->withTimestamps();
}
user model:
public function projects()
{
return $this->belongsToMany('App\Project')->withTimestamps();
}
web.php:
Route::get('/projects/{id}', 'PagesController@projects');
Try this at the top of your controller:
$project = Project::findOrFail($id);
if (!$project->users->where('id', Auth::user()->id)->first()) {
App::abort(403, 'You cannot view this project.');
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.