Laravel 5确定当前用户是否有权更新帖子

时间:2016-07-20 06:09:11

标签: php laravel

我正在关注jeffreys laravel fundamental series,而且我在某个时候陷入困境。

如何确保当前用户只能编辑/更新自己的文章?

我觉得我必须专注于我的ArticleRequest课程,但不知道在authorize()内如何告诉laravel。

我的文章控制器:

<?php
namespace App\Http\Controllers;

use App\Article;
use Carbon\Carbon;
use App\Http\Requests\ArticleRequest;
use App\Http\Requests;
use Illuminate\Http\Request;
use Auth;

class ArticlesController extends Controller
{

public function __construct() {
  $this->middleware('auth');
}


public function index() {

  $articles = Article::latest('published_at')->published()->get();
  return view('articles.index')->withArticles($articles);
}

public function show($id) {

  $article = Article::findOrFail($id);
  //dd($article->created_at->diffForHumans());
  return view('articles.show')->withArticle($article);
}

public function create() {

  return view('articles.create');
}


public function store(ArticleRequest $request) {

  //Create new article witj the attributes from the form
  $article = new Article($request->all());
  //Get the authenticated users articles and save a new one (with passed trough $article object)
  Auth::user()->articles()->save($article);

  return redirect('articles');
}

public function edit($id) {

  $article = Article::findOrFail($id);
  return view('articles.edit')->withArticle($article);
}


public function update($id, ArticleRequest $request) {

  $article = Article::findOrFail($id);
  $article->update($request->all());
  return redirect('articles');

 }
}

ArticleRequest:

<?php

namespace App\Http\Requests;

use App\Http\Requests\Request;

class ArticleRequest extends Request
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {


        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {

        return [
            'title' => 'required',
            'body' => 'required',
            'published_at' => 'required|date'
        ];
    }
}

我的文章标签架构:

Schema::create('articles', function (Blueprint $table) {
          $table->increments('id');
          $table->integer('user_id')->unsigned();
          $table->string('title');
          $table->text('body');
          $table->timestamp('created_at');
          $table->timestamp('published_at');

          $table->foreign('user_id')
                ->references('id')
                ->on('users')
                ->onDelete('cascade');

      });

2 个答案:

答案 0 :(得分:0)

我可以给你建议,

在我的大多数项目中,我都使用Entrust Laravel。

这是链接:Entrust Laravel

您可以使用composer轻松安装:

composer require zizaco/entrust:5.2.x-dev

版本取决于您使用的laravel框架版本。

如果您将阅读文档,您可以看到:

class Permission extends EntrustPermission
{
}

在App目录中创建此类。

在此之后您将获得刀片代码:

@permission('manage-admins')
    <p>This is visible to users with the given permissions. Gets translated to 
    \Entrust::can('manage-admins'). The @can directive is already taken by core 
    laravel authorization package, hence the @permission directive instead.</p>
@endpermission

简单但你必须通过文档。

如果有的话,请告诉我。

答案 1 :(得分:0)

要添加角色和权限,您可以使用github包zizaco / entrust。 click here

检查如何添加角色和权限。检查我在下面链接中提供的所有答案。

click on link for example

相关问题
最新问题