duaner5714 2017-06-17 13:34
浏览 66
已采纳

Laravel REST结构化

I am making a website which will have user login. Login form now leads to admin panel if your role is admin (route is behind admin middleware), and it leads back to home page if your role is user. Back on the home page you have the ability to see your profile page and add a product (which is behind auth middleware).

My question is what is the best approach to form my routes?

If I make site.com/user/{id} route, user ID's will be exposed to each user which logs in, as well as for example editing a product with site.com/user/{id}/product/{product_id}.

I see some security issues here and am wondering if a better solution is making site.com/profile route which will in turn in controller take Auth::user() not exposing ID's in the process?

  • 写回答

3条回答 默认 最新

  • duanliao3826 2017-06-17 17:47
    关注

    Add your route without the ID and use Auth::user() It's best practice and makes your routes simpler 

    Public function profile(){
    $user = Auth::user();
    return view('profile', compact('user');
}

    The above code is more straight forward than this:

    Public function profile($id){
    $user = User::find($id);
    //prevent authenticated from viewing other users
    if($user == Auth::user()){
         return view('profile', compact('user');
    }else{
        //return something else
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器