我有一个基于团队的应用程序,每个团队只能查看和使用自己的视图和数据。在个人资料视图中,团队可以使用“ ... / admin / teams / 2 / show_profile”之类的URL更改有关团队设置的信息。数字2代表团队的ID号,因此,如果用户选择这样做,他们可以更改将其编号更改为其他任何编号,该视图将显示其他团队的个人资料详细信息。因此,我需要这样做,以便使用者无法更改此特定的URL,以使他们无法覆盖路由。我一直在考虑使用签名URL作为应做的方式,但在控制器中实现它时遇到了麻烦。我已经将use \Illuminate\Support\Facades\URL;添加到了控制器的顶部。
这是我的路线:
Route::get('teams/{id}/show_profile', ['uses' => 'Admin\TeamsController@show_profile', 'as' => 'teams.show_profile'])->middleware('signed');
这是我的控制器功能:
public function show_profile($id)
{
if (! Gate::allows('team_view')) {
return abort(401, 'Sorry you are not authorized for this action at this time');
}
$created_bies = \App\User::get()->pluck('name', 'id')->prepend(trans('global.app_please_select'), '');
$created_by_teams = \App\Team::get()->pluck('name', 'id')->prepend(trans('global.app_please_select'), '');
$query = \App\User::query();
$query->select('users.*')
->leftJoin('team_user', function ($join) use ($id) { // include users with this church as an additional church
$join->on('team_user.user_id', '=', 'users.id');
$join->on('team_user.team_id', '=', DB::raw("'".$id."'"));
})
->where('users.team_id', $id)
->orWhere('team_user.team_id', '=', $id);
$query = $query->getQuery();
$user_list = $query->get();
$user_id_array = [];
foreach ($user_list as $one_user) {
$user_id_array[] = $one_user->id;
}
$users = \App\User::whereIn('id', $user_id_array)->get();
$interests = \App\Interest::where('created_by_team_id', $id)->get();
$activity = \App\Activity::where('created_by_team_id', $id)->get();
$usersettings = \App\Usersetting::where('created_by_team_id', $id)->get();
$team = Team::findOrFail($id);
return view('admin.teams.show_profile', compact('team', 'users', 'interests', 'activity', 'usersettings'));
}
所以我不知道的问题是,接下来我需要做些什么来生成签名的URL,我曾尝试使用某些版本的return URL::signedRoute(...);或$url = action('TeamController@team_profile', [...]);并通过传递的参数来修改返回视图放在括号和方括号中,但我似乎无法弄清楚如何使其正常运行。我知道路由上的中间件正在运行,因为我已经使用原始返回视图对其进行了测试。所以问题是,我需要怎么做才能将返回视图转换为签名的路线URL?
答案 0 :(得分:0)
您需要在/app/Http/Kernel.php中将新的ValidateSignature添加到您的路由中间件中。
protected $routeMiddleware = [
// ...
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
+ 'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
];
}
当前,在我们的route / web.php文件中有以下event.rsvp路由。
Route::get('event/{id}/rsvp/{user}/{response}', function ($id, $user, $response)
{
// Add response from user for event.
})->name('event.rsvp')->middleware('signed');
我们的网址是这样生成的
use \Illuminate\Support\Facades\URL;
Url::signedRoute('event.rsvp', ['id' => 25, 'user' => 100, 'response' => 'yes']);
它将生成:
https://example.com/event/25/rsvp/100/yes?signature=30a3877b00890fff0d7ca25f82c6387ff16a98d21008ddc9689ed3c20ef13cd4
答案 1 :(得分:0)
在刀片中使用签名URL,如下所示:
\Illuminate\Support\Facades\URL::signedRoute
作为示例
<a href="{{ \Illuminate\Support\Facades\URL::signedRoute('formreportlog.showformlog',['report_id'=>$person->id ] ) }}"
class="btn btn-success">@lang('user.active')</a>