Laravel用户更新自己帖子的权限

I'm following a tutorial on Laravel gates where users with the permission 'update-post' are allowed to edit any post in the database. In addition, any user regardless of permissions can edit posts they've submitted.

app/Providers/AuthServiceProvider.php:

Gate::define('update-post', function ($user, \App\Post $post) {
     return $user->hasAccess(['update-post']) or $user->id == $post->user_id;
});

routes/web.php:

Route::get('/edit/{post}', 'PostController@edit')
    ->name('edit_post')
    ->middleware('can:update-post,post');

Route::post('/edit/{post}', 'PostController@update')
    ->name('update_post')
    ->middleware('can:update-post,post');

What I'm looking for is a way to add a new permission, say 'update-own-post', where only users with that permission are allowed to edit their own posts.

So, a moderator for example would have the permission 'update-post' that allows them to edit all posts. A regular user will only be able to edit their own post if they are assigned the new permission 'update-own-post' but not every user as is currently implemented.

What's the best way to go about implementing this change in my code?

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
douju4278 2017-09-25 21:13
关注
In the Gate you want to check the type of user, so they should be able to edit if one of the following are true:

$user->hasAccess(['update-post'])

$user->id == $post->user_id

$user->isModerator()

I don't know how you have your user types set up, but I would recommend adding a method to your user model that checks the type of user, and if the type of user is 'moderator' or whatever name you chose, it should return true.

You would be left with something similar to:

Gate::define('update-post', function ($user, \App\Post $post) { return $user->hasAccess(['update-post']) || $user->id == $post->user_id || $user->isModerator(); });

Edit -- answer from comments

Based on your comment you can accomplish it like so, here is the cleaned up code:

Gate::define('update-post', function ($user, \App\Post $post) { return ($user->id == $post->user_id && $user->hasAccess(['update-own-post'])) || $user->hasAccess(['update-post']); });

The reason that this works is because your checking if {first condition} OR {second condition} meets the criteria. If the first block is true, the second block won't even be executed; however, if the first block isn't true it will then check the second to see if it is true.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

laravel5用户角色和权限 php
2015-11-23 13:11

回答 1 已采纳 Insert "cartalyst/sentry": "dev-feature/laravel-5" In your json file and do a composer update.
Laravel - 加入评论，帖子和用户 laravel php
2018-08-03 22:00

回答 2 已采纳 Your Comment model: public function users() { return $this->hasOne('App\User'); } Implie
Laravel从帖子中获取用户 laravel php
2016-08-23 14:34

回答 3 已采纳 Try: Change this line $client = Client::find($cid); To $client = Client::find($cid)->load('
基于phplaravel框架的简易论坛.zip
2024-04-13 10:18

最后，为了让论坛具有更好的用户体验，我们可以利用Laravel的中间件（Middleware）来实现权限控制、缓存策略等功能。例如，我们可以创建一个中间件来确保用户必须登录才能发布帖子。总结，基于Laravel框架构建简易...
Laravel Spatie /多租户权限过滤器 laravel php
2019-02-15 12:15

回答 1 已采纳 The aproach you are using does make sense, the only thing that concerns me is using the authentica
如何管理laravel大更新方法 laravel php
2019-07-16 11:19

回答 3 已采纳 Use update() method to update all fields public function update(Request $request, Something $some
具有多个条件的laravel查询更新 laravel php
2019-02-17 06:00

回答 3 已采纳 it occurred because you called whereNull method on update method. You should run 3 separate query
Laravel框架中如何实现用户认证和权限管理？
2024-04-23 13:10

a编程小工匠的博客 Laravel框架为开发者提供了强大的工具和机制，用于实现高效且安全的用户认证和权限管理。通过使用Laravel自带的Auth系统和扩展包或自定义实现，你可以轻松地构建出安全且高效的Web应用。Laravel框架本身并没有提供...
如何检查用户在laravel中是否喜欢某些帖子 laravel php
2017-10-07 13:07

回答 1 已采纳 You could use toggle(): User::find(3)->favorites()->toggle($post->id); This would like
laravel模型中插入,更新数据时间没有插入数据库 laravel mysql php
2021-07-21 14:21

回答 1 已采纳 insert方法不会触发model事件的，你需要把insert改成create
Laravel 4中的Entrust权限更新未保存 laravel php
2013-07-10 11:51

回答 1 已采纳 As the section in the docs which mentions the update() method is under the headline Saving A Model
PHP 基于 Laravel 5.5 构建的论坛项目源码.zip
2022-11-30 12:44

论坛的用户权限管理也可以通过Laravel的授权机制来实现。 9. **事件与监听器**：通过事件系统，可以在代码的特定点触发事件，并由监听器来响应，实现松耦合的扩展。例如，在论坛中，每当有新帖子发布时，可以触发一...
php框架Laravel的api工具的设置
2024-04-30 14:38

赵俊杰_IT的博客 5、两个用户给1号用户的帖子发回复植入一段危险脚本 alert('我是XSS攻击，这是危险脚本，会盗取你的cookie');#16、图片上传，图片分辨率验证，图片裁剪，图片运用在用户头像上传和富文本编辑，对富文本编辑上传图片...
Laravel开发-yos-social-php5
2019-08-28 18:11

在 `database/migrations` 目录下，使用 Laravel 的迁移功能来创建和更新数据库表结构。 ### 5. 用户认证与授权 Laravel 自带了强大的用户认证系统，包括注册、登录、密码重置等功能。`Auth` 命名空间提供了预定义...
Laravel为什么会成为最优雅的PHP框架？
2024-07-05 14:58

FLK_9090的博客路由是Web应用的基础，Laravel通过简单而直观的方式定义路由，使得开发者可以轻松地管理应用的URL映射。// 定义一个 GET 请求的路由});这种定义方式不仅易于理解，还能有效减少代码量，使得路由配置变得非常清晰。//...
没有解决我的问题, 去提问

悬赏问题

¥15 做个有关计算的小程序
¥15 MPI读取tif文件无法正常给各进程分配路径
¥15 如何用MATLAB实现以下三个公式（有相互嵌套）
¥30 关于#算法#的问题：运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题求各位帮我解答一下
¥15 setInterval 页面闪烁，怎么解决
¥15 如何让企业微信机器人实现消息汇总整合
¥50 关于#ui#的问题：做yolov8的ui界面出现的问题
¥15 如何用Python爬取各高校教师公开的教育和工作经历
¥15 TLE9879QXA40 电机驱动
¥20 对于工程问题的非线性数学模型进行线性化

Laravel用户更新自己帖子的权限

1条回答 默认 最新

悬赏问题

1条回答默认最新