Answer the question
In order to leave comments, you need to log in
How to restrict user access to a record?
I am new to Laravel, I have the following task: When creating a blog entry, the administrator can select the circle of users who can view this entry in detail (get to the internal page), other users, after authorization, can see all entries, but open the entry to which they don't have access.
I have created a join table user_records
=====================
user_records_id
record_id
user_id
Answer the question
In order to leave comments, you need to log in
1) In the Record model, create a recordsForShowing relation method.
2) In the RecordController controller, in the index() method, display all records.
3) In the RecordController controller, in the show() method, add a check:
public function show(App\Models\Record $record) {
// если пользователь не авторизован или не существует в таблице user_records то выдаем ошибку "недостаточно прав"
abort_if(!auth('web')->check() || $record->recordsForShowing()->where('user_id', auth('web')->id())->count() < 1, 403);
// дальше обычным образом показываешь запись
return view('template_name', compact('record'));
}
read https://laravel.com/docs/8.x/authorization#creatin... and https://laravel.com/docs/8.x/authorization#via-con... to enlightenment
see everything, but open only those
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question