我正在使用Laravel框架做一个博客,我有一个登录/注册和一个线程部分。在我的博客中,如果您已登录,则只能编辑主题。现在我遇到了一个问题,如果我登录,我可以编辑和删除每个线程。无论是我的线程还是来自其他用户,都没有关系。好吧,现在我需要一些东西来表达我的 laravel 代码,我只允许编辑/取消我自己的线程。
我找到了这个:https://laravel.com/docs/5.2/authorization#defining-abilities
但我真的不明白我是如何在我的代码中实现这一点的。我的数据库中是否需要任何参考?喜欢这个用户属于这个线程?
好吧,我在拉拉维尔有点新。.我希望有人能帮助我
PS:对不起,我的英语不好,我来自德国。
编辑/更新/删除功能:
public function edit($id)
{
$thread = Thread::query()->findOrFail($id);
return view('test.edit', [
'thread' => $thread
]);
}
public function update($id, StoreRequest $request)
{
$thread = Thread::query()->findOrFail($id);
$thread->fill($request->all());
$thread->save();
return redirect(action('Test\TestController@show', [$thread->id]));
}
public function destroy($id)
{
$thread = Thread::query()->findOrFail($id);
$thread->delete();
return redirect(action("Test\TestController@index"));
}
我的螺纹型号:
public function user() {
return $this->belongsTo(User::class, "name");
}
如何添加新线程:
如果我按"添加线程",我将被定向到控制器中的添加函数:
添加功能:
public function add()
{
return view('test.add', [
'entries' => Thread::query()->get()
]);
}
在我的add.blade中,我有我的公式器,这个公式器将我定向到控制器中的"存储函数":
存储功能:
public function store(StoreRequest $request)
{
Thread::create($request->all());
return redirect(action('Test\TestController@index'));
}
user_id附加到线程,以便随时要更新或删除,请检查当前登录的用户是否承受该user_id然后相应地进行操作。
将user_id添加到线程表
然后在您的保存函数()中执行此操作。
public function save(Request $request){
$thread = new Thread;
$thread->user_id = Auth::user()->id;
// rest of fields goes here
$thread->save();
}
然后在您的编辑、更新或删除功能中
public function edit($id)
{
$thread = Thread::query()->findOrFail($id);
// You can use laravel authorization/policies to achieve this too
if($thread->user_id != Auth::user()->id){
// Return to view with your custom error message telling
// the user he is not authorized to edit this thread
}
return view('test.edit', [
'thread' => $thread
]);
}
public function update($id, StoreRequest $request)
{
$thread = Thread::query()->findOrFail($id);
// You can use laravel authorization/policies to achieve this too
if($thread->user_id != Auth::user()->id){
// Return to view with your custom error message telling
// the user he is not authorized to edit this thread
}
$thread->fill($request->all());
$thread->save();
return redirect(action('Test\TestController@show', [$thread->id]));
}
public function destroy($id)
{
$thread = Thread::query()->findOrFail($id);
// You can use laravel authorization/policies to achieve this too
if($thread->user_id != Auth::user()->id){
// Return to view with your custom error message telling
// the user he is not authorized to delete this thread
}
$thread->delete();
return redirect(action("Test\TestController@index"));
}