Laravel 5：在允许他编辑之前，检查用户是否属于主持人列表 [英] Laravel 5: check if user belongs to the moderators list before allowing him to edit

问题描述

我正在使用 Gate 授权来检查用户是否有权限访问或看到某些内容。

I am using Gate authorization to check if the user has permissions to access or see something.

例如，我有一个 update-post 门限定义，用于检查用户是否拥有该帖子或拥有该子项，如果是，他将能够看到编辑链接访问编辑路由。如果没有，他将无法看到任何内容。

For example I have a update-post gate definition that checks if the user owns the post or owns the sub, if yes, he will be able to see the "Edit" link and access the Edit route. If not, he won't be able to see anything.

我现在正在尝试添加另一个权限来检查用户是否属于主持人表，如果是的，他也可以看到 subreddit / show

I am now trying to add another permissions to check if the user belongs to the "moderators" table, if yes, he will also be able to see the "Edit" link on subreddit/show

上的编辑链接第一个2检查，但在第三个失败，但是编辑链接总是可见的，即使我无法访问不属于我或属于我自己的subreddit的帖子的编辑路线。

It works great for the first 2 checks, but fails on the third and the "Edit" link is always visible now, even though I cannot access the edit route of posts that aren't mine or belong to the subreddit I own.

编辑：我已经编辑了 $ moderators_list 它现在检查登录的用户是否是子代理的主持人他正在查看的帖子。 dd（$ moderators_list 获取正确值的列表，但是我不能使用 $ moderators_list-> user_id 这将给出未定义的属性：Illuminate\Database\Eloquent\Collection :: $ user_id

I have edited $moderators_list it now check if the logged in user is a moderator of the subreddit that the post he's viewing. dd($moderators_list gets me a list with correct values. But I can't use $moderators_list->user_id that will give Undefined property: Illuminate\Database\Eloquent\Collection::$user_id

编辑2：我已经修正了在subreddit中获取主持人用户的user_id的查询，所以现在使用 $ moderators_list-> user-id 得到我的ID为3，这是当前登录的用户标识，但门检查仍然失败，无法编辑subreddit中的帖子我是主持人。

EDIT 2: I have fixed the query that gets the user_id of the user who is a moderator in a subreddit. So now using $moderators_list->user-id gets me the id of 3 which is the user id of the current logged in. But the gate checking still fails, unable to edit posts in the subreddit I am moderator in.

我的表

users: id, name, email...
subreddits: id, user_id...
posts: id, user_id, subreddit_id...
moderators: id, user_id, subreddit_id...

这是 $ gate 定义

$gate->define('update-post', function ($user, $post, $moderators_list) {
        // Check if user is subreddit owner
        if ($user->id === $post->subreddit->user->id) {
            return true;
        }

        // Check if user is the post author
        if ($user->id === $post->user_id) {
            return true;
        }

        // Check if user is a moderator of a subreddit
        if ($user->id === $moderators_list->user_id) {
            return true;
        }

        return false;
});

这是 show（） PostsController

请注意， dd（$ moderators_list）将输出这个帖子所在的subreddit的所有主持人的列表，所以我得到正确的结果。

Please note that dd($moderators_list) will output a list of all moderators of the subreddit this post is located in, so I am getting the correct result.

public function show(Post $post, Subreddit $subreddit, Moderator $moderator)
{
        $post = Post::with('user.votes')->findOrFail($post->id);
        $moderator = Moderator::where('user_id', '=', Auth::id())->first();
        $moderators_list = Moderator::where('subreddit_id', '=', $post->subreddit->id)->where('user_id', '=', Auth::id())->first();

        return view('post/show')->with('post', $post)
                                ->with('moderator', $moderator)
                                ->with('moderators_list', $moderators_list);
}

这是我检查用户是否有权限查看编辑链接

And this is how I check to see if user has access to see the "Edit" link on the view

@can('update-post', [$post, $moderator, $moderators_list])
     <a href="{{ action('PostsController@edit', $post->id) }}">Edit</a>
@endcan

推荐答案

您可以检查用户是直接在DB中的主持人：

You can check if the user is a moderator directly in the DB:

$isModerator = $post->subreddit->moderators()->where('user_id', $user->id)->exists();

这篇关于Laravel 5：在允许他编辑之前，检查用户是否属于主持人列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！