Laravel - 不允许用户访问其他用户数据

Question

在Laravel中,我们如何限制用户访问其他用户的数据？

我是否需要在每个路由功能中写下代码？或laravel提供中心方法？

Answer 1

虽然我不知道您的用例,但我们假设您希望保护您的用户免于查看其他用户的个人资料.现在,如果你的节目用户路线是这样的

/users/{id}

然后就是创建一个中间件吧 myAuth

class MyAuth
{
  public function handle($request, Closure $next)
  {
    if(!auth()->check && !auth()->user()->id == request()->get('id'))
    {
      dd("you are not allowed to see this");
    }

    return $next($request);
  }
}

并将其包含在您的 Http/kernel.php

protected $routeMiddleware = [
    'auth' => \App\Http\Middleware\Authenticate::class,
    'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
    'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
    'admin' => \App\Http\Middleware\Admin::class,
    //Your new middleware
    'myAuth' => \App\Http\Middleware\MyAuth::class,
];

并在此中间件中包含您的路由

Route::group(['middleware' => 'myAuth'], function () {    
    Route::get('user/{id}', function () {
        //Only user with id 1 can see profile of user with id 1
    });
});