在 Laravel 中,我们如何限制用户访问其他用户的数据?
我需要在每个路由函数中写下代码吗?还是 laravel 提供了以中心为中心的方法?
最佳答案
虽然我不知道您的用例,但假设您想保护您的用户不看到其他用户的个人资料。现在,如果您的显示用户路线类似于
/users/{id}
然后创建一个中间件让我们说 myAuth
class MyAuth
{
public function handle($request, Closure $next)
{
if(!auth()->check && !auth()->user()->id == request()->get('id'))
{
dd("you are not allowed to see this");
}
return $next($request);
}
}
并将其包含在您的 Http/kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'admin' => \App\Http\Middleware\Admin::class,
//Your new middleware
'myAuth' => \App\Http\Middleware\MyAuth::class,
];
并在此中间件中包含您的路由
Route::group(['middleware' => 'myAuth'], function () {
Route::get('user/{id}', function () {
//Only user with id 1 can see profile of user with id 1
});
});
关于php - Laravel - 不允许用户访问其他用户数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37044957/