lundi 29 juillet 2019

Block the access to a page students.index()

In my navbar I have 2 pages which are Student Add and Student Index.

enter image description here

When I click on Student Add, I have an error message Access Denied. Great, no problem...

enter image description here

Now, I would like to make the even thing with the page Students Index and display the items, I have a problem.

I have access to the content...

enter image description here

In my Controller Student I have this:

class StudentController extends Controller
{   

    public function __construct()
    {
        $this->middleware(['auth', 'clearance'])
            ->except('index', 'show');
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $students = Student::orderby('id', 'desc')->paginate(5);
        return view('students.index', compact('students'));
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        return view('students.create');
    }


    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {
        $this->validate($request, [
            'name'=>'required',
            'firstname' =>'required',
            ]);

        $name = $request['name'];
        $firstname = $request['firstname'];

        $student = Student::create($request->only('name', 'firstname'));

        return redirect()->route('students.index')
            ->with('flash_message', 'Article,
             '. $student->name.' created');
    }

Then, in my Class ClearanceMiddleware I have this:

public function handle($request, Closure $next) {        
        if (Auth::user()->hasPermissionTo('Administer roles & permissions')) {
            return $next($request);
        }

        if ($request->is('students/create')) {
            if (!Auth::user()->hasPermissionTo('Create Student')) {
                abort('401');
            } else {
                return $next($request);
            }
        }

        if ($request->is('students/index')) {
            if (!Auth::user()->hasPermissionTo('Index Student')) {
                abort('401');
            } else {
                return $next($request);
            }
        }

I don't see the missed step. I have to block the access please.



via Chebli Mohamed

Aucun commentaire:

Enregistrer un commentaire