我正在关注jeffreys laravel基本级数,但在某个时刻我陷入了困境。
如何确保当前用户只能编辑/更新自己的文章?
我有一种感觉,我必须专注于我的ArticleRequest类,但不知道该告诉laravel在authorize()中做什么。
我的文章控制器:
<?php
namespace App'Http'Controllers;
use App'Article;
use Carbon'Carbon;
use App'Http'Requests'ArticleRequest;
use App'Http'Requests;
use Illuminate'Http'Request;
use Auth;
class ArticlesController extends Controller
{
public function __construct() {
$this->middleware('auth');
}
public function index() {
$articles = Article::latest('published_at')->published()->get();
return view('articles.index')->withArticles($articles);
}
public function show($id) {
$article = Article::findOrFail($id);
//dd($article->created_at->diffForHumans());
return view('articles.show')->withArticle($article);
}
public function create() {
return view('articles.create');
}
public function store(ArticleRequest $request) {
//Create new article witj the attributes from the form
$article = new Article($request->all());
//Get the authenticated users articles and save a new one (with passed trough $article object)
Auth::user()->articles()->save($article);
return redirect('articles');
}
public function edit($id) {
$article = Article::findOrFail($id);
return view('articles.edit')->withArticle($article);
}
public function update($id, ArticleRequest $request) {
$article = Article::findOrFail($id);
$article->update($request->all());
return redirect('articles');
}
}
文章请求:
<?php
namespace App'Http'Requests;
use App'Http'Requests'Request;
class ArticleRequest extends Request
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'title' => 'required',
'body' => 'required',
'published_at' => 'required|date'
];
}
}
我的文章标签模式:
Schema::create('articles', function (Blueprint $table) {
$table->increments('id');
$table->integer('user_id')->unsigned();
$table->string('title');
$table->text('body');
$table->timestamp('created_at');
$table->timestamp('published_at');
$table->foreign('user_id')
->references('id')
->on('users')
->onDelete('cascade');
});
,我可以给你建议
在我的大多数项目中,我使用Entrust Laravel。
这是链接:Entrust Laravel
您可以使用composer:轻松安装
composer require zizaco/entrust:5.2.x-dev
版本取决于您使用的laravel框架版本。
如果你要查看文档,你可以看到:
class Permission extends EntrustPermission
{
}
在App目录中创建此类。
在此之后,您将拥有刀片代码:
@permission('manage-admins')
<p>This is visible to users with the given permissions. Gets translated to
'Entrust::can('manage-admins'). The @can directive is already taken by core
laravel authorization package, hence the @permission directive instead.</p>
@endpermission
很简单,但你必须查看文档。
如果还有其他事情,请告诉我。
为了添加角色和权限,您可以使用github包zizaco/contrust。点击此处
查看如何添加角色和权限。查看我在下面链接中给出的所有答案。
点击链接,例如