In my navbar I have 2 pages which are Student Add and Student Index.
When I click on Student Add, I have an error message Access Denied. Great, no problem...
Now, I would like to make the even thing with the page Students Index and display the items, I have a problem.
I have access to the content...
In my Controller Student I have this:
class StudentController extends Controller
{
public function __construct()
{
$this->middleware(['auth', 'clearance'])
->except('index', 'show');
}
/**
* Display a listing of the resource.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
$students = Student::orderby('id', 'desc')->paginate(5);
return view('students.index', compact('students'));
}
/**
* Show the form for creating a new resource.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
return view('students.create');
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function store(Request $request)
{
$this->validate($request, [
'name'=>'required',
'firstname' =>'required',
]);
$name = $request['name'];
$firstname = $request['firstname'];
$student = Student::create($request->only('name', 'firstname'));
return redirect()->route('students.index')
->with('flash_message', 'Article,
'. $student->name.' created');
}
Then, in my Class ClearanceMiddleware I have this:
public function handle($request, Closure $next) {
if (Auth::user()->hasPermissionTo('Administer roles & permissions')) {
return $next($request);
}
if ($request->is('students/create')) {
if (!Auth::user()->hasPermissionTo('Create Student')) {
abort('401');
} else {
return $next($request);
}
}
if ($request->is('students/index')) {
if (!Auth::user()->hasPermissionTo('Index Student')) {
abort('401');
} else {
return $next($request);
}
}
I don't see the missed step. I have to block the access please.
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire