Answer the question
In order to leave comments, you need to log in
How to do an authorization check when updating a page in Laravel?
Good evening! My Laravel learning continues.
I figured out the authorization process itself in the system, sorted out the base model from which the user model is inherited, studied what lies in traits, validation, and stuff like that. I was inspired until I came across this.
It is necessary to check the user on each page update to see if they have thrown a ban, if they have demoted their admin rights, and also mark the last visit.
I did it just as I thought. Created an intermediary and hung it on the entire group of routers, created this inside:
public function handle($request, Closure $next, $guard = null)
{
if (Auth::check()) {
$model = new UserModel();
$userID = Auth::id();
// Проверяем наличие бана у пользователя
if (($userBlock = $model->checkBlock($userID)) !== true) {
// Завершаем сессиию
Auth::logout();
// и перенаправляем на форму авторизации с сообщением
return redirect()->to(route('auth::form'))->with([
'result_message' => trans('auth.blocked'),
'result_data' => $userBlock
]);
}
// Обновляем метку visited_at
$model->updateVisitedAt($userID);
}
return $next($request);
}
Answer the question
In order to leave comments, you need to log in
Reconsider your decision completely, it's easier to edit the User model and then use something like this
public function handle($request, Closure $next, $guard = null)
{
if (Auth::check()) {
$user = Auth::user();
if ($user->isBanned()) {
// User is banned
}
// User is not banned
}
}
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question