Laravel 5 Middleware “Owner”?

2019-05-10 11:43发布

站内问答 / PHP
406 2 3

I'm having a trouble with creating the "owner" middleware.

For example, I have a Articles and Usermodel associated with user_id key.

I want to add the "owner" middleware to the ArticlesController, so the only owner of that article can edit, update and delete it.

I've been searching for this issue for a while, but never found the code, which would work. Some of them tried to make it work with Form Requests, but I'm interested in using Middleware.

2条回答
smile是对你的礼貌
2楼-- · 2019-05-10 12:31

Alternatively you could use route and middleware parameters, it has some advantages:

  • Even if the request structure changes your middleware would still work
  • The middleware is reusable for differents resources
  • You can use it inside controllers

Here’s the middleware (app/Http/Middleware/AbortIfNotOwner.php):

<?php

namespace App\Http\Middleware;

use Closure;

class AbortIfNotOwner
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @param  string    $resourceName
     * @return mixed
     */
    public function handle($request, Closure $next, $resourceName)
    {
        $resourceId = $request->route()->parameter($resourceName);

        $user_id = \DB::table($resourceName)->find($resourceId)->user_id;

        if ($request->user()->id != $user_id) {
            abort(403, 'Unauthorized action.');
        }

        return $next($request);
    }
}

Inside app\Http\Kernel.php:

protected $routeMiddleware = [
     'owner' => 'App\Http\Middleware\AbortIfNotOwner',
];

Inside your route file (app/Http/routes.php):

Route::group(['middleware' => ['owner:articles']], function() {
    // your route
});

And optionally call it in the controller:

public function __construct()
{
    $this->middleware('owner:articles', ['only' => ['edit', 'update']]);
}
查看更多
0人赞 添加讨论(0) 举报
在下西门庆
3楼-- · 2019-05-10 12:40
  1. Create middleware:
php artisan make:middleware OwnerMiddleware

namespace App\Http\Middleware;

use App\Article;
use Closure;
use Illuminate\Contracts\Auth\Guard;

class OwnerMiddleware
{
    /**
     * The Guard implementation.
     *
     * @var Guard
     */
    protected $auth;

    /**
     * Create a new filter instance.
     *
     * @param  Guard  $auth
     * @return void
     */
    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $articleId = $request->segments()[1];
        $article = Article::findOrFail($articleId);

        if ($article->user_id !== $this->auth->getUser()->id) {
            abort(403, 'Unauthorized action.');
        }

        return $next($request);
    }
}
  1. Add it to app\Http\Kernel.php:
protected $routeMiddleware = [
    'owner' => 'App\Http\Middleware\OwnerMiddleware',
];
  1. Use middleware in your routes:
Route::group(['middleware' => ['owner']], function() {
    // your route
});
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(3)