N
N
Nik Gubin2016-08-29 18:24:03
PHP
Nik Gubin, 2016-08-29 18:24:03

How to do an authorization check when updating a page in Laravel?

Good evening! My Laravel learning continues.
I figured out the authorization process itself in the system, sorted out the base model from which the user model is inherited, studied what lies in traits, validation, and stuff like that. I was inspired until I came across this.
It is necessary to check the user on each page update to see if they have thrown a ban, if they have demoted their admin rights, and also mark the last visit.
I did it just as I thought. Created an intermediary and hung it on the entire group of routers, created this inside:

public function handle($request, Closure $next, $guard = null)
  {
    if (Auth::check()) {
      $model = new UserModel();
      $userID = Auth::id();

      // Проверяем наличие бана у пользователя
      if (($userBlock = $model->checkBlock($userID)) !== true) {
        // Завершаем сессиию
        Auth::logout();

        // и перенаправляем на форму авторизации с сообщением
        return redirect()->to(route('auth::form'))->with([
          'result_message' => trans('auth.blocked'),
          'result_data' => $userBlock
        ]);
      }

      // Обновляем метку visited_at
      $model->updateVisitedAt($userID);
    }

    return $next($request);
  }

It works, it checks everything and updates the timestamp in the database (I do it myself with a simple request, because updated_at and created_at from another opera are not suitable). And now I understand that I cannot get a user instance through my own model, which is inherited from Illuminate\Database\Eloquent\Model and uses the Illuminate\Auth\Authenticatable trait.
When requesting the updateVisitedAt method from the intermediary, I try to display $this->getAttributes() inside this method, but it is empty there ... How is it? But shouldn't data be spilled there, since I have data in Auth: user ()? Enlighten, I will be grateful...
PS The provider used both database, and eloquent. I feel that I didn’t attach something to the model or to the intermediary, but I don’t understand what exactly ...
Offtop: I express my gratitude to each user of this service :-) The other day I asked for help on the forum, so I remembered the former arrogance of the "great programmers", and besides, I did not receive any answers. This site has always helped me learn something new :-)

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Saveli Tomak, 2016-08-29
@gubin_niko

Reconsider your decision completely, it's easier to edit the User model and then use something like this

public function handle($request, Closure $next, $guard = null)
{
  if (Auth::check()) {
    $user = Auth::user();

    if ($user->isBanned()) {
      // User is banned
    }

    // User is not banned
  }
}

D
D', 2016-08-29
@Denormalization

Why not just take Auth::user() and look at a specific user?
Why these quirks with new UserModel();?
updateVisitedAt - called on an empty model that has nothing in it, since it was created via new UserModel;

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question