Building a blog platform and my goal is to stop a user from being able to directly access any pages that allow them to post under a different user.
For example, they have created a blog 'Blog 1'
If a different user goes to add a new post to that blog:
/blog/newupdate/1
Then I want to block that.
I have methods set up already for my user as I check it in the views, but need a way to block this access.
I have a middleware set up in a group:
Route::group(['middleware' => 'auth','OwnsProject'], function () {
Route::get('/project/newupdate/{id}',[
'as' => 'project/newupdate',
'uses' => 'ProjectController@createUpdate'
]);
});
In my middle ware I want to do:
public function handle($request, Closure $next)
{
if (!Auth::user()->ownsProject($id)) {
// nada
}
return $next($request);
}
But nothing seems to be coming through in the request?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire