Laravel用户更新自己帖子的权限

I'm following a tutorial on Laravel gates where users with the permission 'update-post' are allowed to edit any post in the database. In addition, any user regardless of permissions can edit posts they've submitted.

app/Providers/AuthServiceProvider.php:

Gate::define('update-post', function ($user, \App\Post $post) {
     return $user->hasAccess(['update-post']) or $user->id == $post->user_id;
});

routes/web.php:

Route::get('/edit/{post}', 'PostController@edit')
    ->name('edit_post')
    ->middleware('can:update-post,post');

Route::post('/edit/{post}', 'PostController@update')
    ->name('update_post')
    ->middleware('can:update-post,post');

What I'm looking for is a way to add a new permission, say 'update-own-post', where only users with that permission are allowed to edit their own posts.

So, a moderator for example would have the permission 'update-post' that allows them to edit all posts. A regular user will only be able to edit their own post if they are assigned the new permission 'update-own-post' but not every user as is currently implemented.

What's the best way to go about implementing this change in my code?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douju4278 2017-09-25 21:13
关注
In the Gate you want to check the type of user, so they should be able to edit if one of the following are true:

$user->hasAccess(['update-post'])

$user->id == $post->user_id

$user->isModerator()

I don't know how you have your user types set up, but I would recommend adding a method to your user model that checks the type of user, and if the type of user is 'moderator' or whatever name you chose, it should return true.

You would be left with something similar to:

Gate::define('update-post', function ($user, \App\Post $post) { return $user->hasAccess(['update-post']) || $user->id == $post->user_id || $user->isModerator(); });

Edit -- answer from comments

Based on your comment you can accomplish it like so, here is the cleaned up code:

Gate::define('update-post', function ($user, \App\Post $post) { return ($user->id == $post->user_id && $user->hasAccess(['update-own-post'])) || $user->hasAccess(['update-post']); });

The reason that this works is because your checking if {first condition} OR {second condition} meets the criteria. If the first block is true, the second block won't even be executed; however, if the first block isn't true it will then check the second to see if it is true.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Laravel用户更新自己帖子的权限 laravel php
2017-09-25 21:08

回答 1 已采纳 In the Gate you want to check the type of user, so they should be able to edit if one of the follo
laravel5用户角色和权限 php
2015-11-23 13:11

回答 1 已采纳 Insert "cartalyst/sentry": "dev-feature/laravel-5" In your json file and do a composer update.
Laravel - 加入评论，帖子和用户 laravel php
2018-08-03 22:00

回答 2 已采纳 Your Comment model: public function users() { return $this->hasOne('App\User'); } Implie
PHP框架Laravel如何创建帮助函数文件
2024-04-30 14:41

赵俊杰_IT的博客 5、两个用户给1号用户的帖子发回复植入一段危险脚本 alert('我是XSS攻击，这是危险脚本，会盗取你的cookie');#16、图片上传，图片分辨率验证，图片裁剪，图片运用在用户头像上传和富文本编辑，对富文本编辑上传图片...
Laravel从帖子中获取用户 laravel php
2016-08-23 14:34

回答 3 已采纳 Try: Change this line $client = Client::find($cid); To $client = Client::find($cid)->load('
Laravel Spatie /多租户权限过滤器 laravel php
2019-02-15 12:15

回答 1 已采纳 The aproach you are using does make sense, the only thing that concerns me is using the authentica
如何管理laravel大更新方法 laravel php
2019-07-16 11:19

回答 3 已采纳 Use update() method to update all fields public function update(Request $request, Something $some
php框架Laravel的api工具的设置
2024-04-30 14:38

赵俊杰_IT的博客 5、两个用户给1号用户的帖子发回复植入一段危险脚本 alert('我是XSS攻击，这是危险脚本，会盗取你的cookie');#16、图片上传，图片分辨率验证，图片裁剪，图片运用在用户头像上传和富文本编辑，对富文本编辑上传图片...
具有多个条件的laravel查询更新 laravel php
2019-02-17 06:00

回答 3 已采纳 it occurred because you called whereNull method on update method. You should run 3 separate query
如何检查用户在laravel中是否喜欢某些帖子 laravel php
2017-10-07 13:07

回答 1 已采纳 You could use toggle(): User::find(3)->favorites()->toggle($post->id); This would like
laravel模型中插入,更新数据时间没有插入数据库 laravel mysql php
2021-07-21 14:21

回答 1 已采纳 insert方法不会触发model事件的，你需要把insert改成create
PHP框架Laravel+Bootstrap+进级项目
2024-04-30 14:04

赵俊杰_IT的博客 5、两个用户给1号用户的帖子发回复植入一段危险脚本 alert('我是XSS攻击，这是危险脚本，会盗取你的cookie');#16、图片上传，图片分辨率验证，图片裁剪，图片运用在用户头像上传和富文本编辑，对富文本编辑上传图片...
Laravel 4中的Entrust权限更新未保存 laravel php
2013-07-10 11:51

回答 1 已采纳 As the section in the docs which mentions the update() method is under the headline Saving A Model
Laravel框架中如何实现用户认证和权限管理？
2024-04-23 13:10

a编程小工匠的博客 Laravel框架为开发者提供了强大的工具和机制，用于实现高效且安全的用户认证和权限管理。通过使用Laravel自带的Auth系统和扩展包或自定义实现，你可以轻松地构建出安全且高效的Web应用。Laravel框架本身并没有提供...
关于Laravel框架的心得体会
2023-06-12 11:21

不忘的魂lsq的博客 Lavael框架是基于PHP语言所建立的框架，所以想要学好这个框架，就得先学习PHP语言，我在之前便已经学习了一部分PHP语言，让我对它有了一些我的理解。学习 PHP 让我认识到它是一种功能强大且可扩展性很强的脚本语言，...
没有解决我的问题, 去提问

悬赏问题

¥60 求一个简单的网页(标签-安全|关键词-上传)
¥35 lstm时间序列共享单车预测，loss值优化，参数优化算法
¥15 基于卷积神经网络的声纹识别
¥15 Python中的request，如何使用ssr节点，通过代理requests网页。本人在泰国，需要用大陆ip才能玩网页游戏，合法合规。
¥100 为什么这个恒流源电路不能恒流？
¥15 有偿求跨组件数据流路径图
¥15 写一个方法checkPerson，入参实体类Person，出参布尔值
¥15 我想咨询一下路面纹理三维点云数据处理的一些问题，上传的坐标文件里是怎么对无序点进行编号的，以及xy坐标在处理的时候是进行整体模型分片处理的吗
¥15 CSAPPattacklab
¥15 一直显示正在等待HID—ISP

Laravel用户更新自己帖子的权限

1条回答 默认 最新

悬赏问题

1条回答默认最新