I have 2 models: User and Account.
Account is an company account, it has a slug field. Slug is needed to determine which company the user is accessing. In example, route /account/*company_slug*/deals means that user trying to get an array of deals of company_slug company.
Each entity associated with a company has a field account_id. That's why I need to get an of the current account. Where should I do this and how?
In example, I get the middleware CheckIfAccountAcceptedForUser with the following code:
public function handle($request, Closure $next)
{
$account = Account::find($request->route()->parameter('account'));
abort_if(empty($account), 404) ;
abort_if(DB::table('account_user')
->where(function (Builder $query) use ($account) {
$query->where('account_slug', '=', $account->slug);
$query->where('user_id', '=', Auth::id());
})
->get()
->isEmpty(), 403);
return $next($request);
}
How to set the account_id globally for my application, if route is like /account/*account*/...?
Maybe this is not what you are looking for.
When you check account in middleware you make a query, after that you should make a new query in controller to take account data. In your situation you make 3 queries instead of 1.
You can check it in your account controller by one query.
Route:
Route::get('/account/{slug}/deals', 'AccountsController#deals');
Accounts controller:
public function deals($slug){
$account = Account::where('id', Auth::user()->account_id)
->where('slug', $slug)
->firstOrFail();
$deals = Deal::where('account_id', $account->id)->get();
return view('account.deals', compact('account', 'deals'));
}
It will always response 404 error if account with current slug doesn't exist or user can't access this account. Do you really need 403 response?
public function handle($request, Closure $next)
{
$account = Account::find($request->route()->parameter('account'));
abort_if(empty($account), 404) ;
abort_if(DB::table('account_user')
->where(function (Builder $query) use ($account) {
$query->where('account_slug', '=', $account->slug);
$query->where('user_id', '=', Auth::id());
})
->get()
->isEmpty(), 403);
//For global use in your all view file
View::share ( 'account_id', $account->id);
// to access account_id in controller
$request->request->add(['account_id' => $account->id]);
return $next($request);
}
In Controller
$account_id = request('account_id');
Related
Hey I am developing a project where I have roles and permissions for users and I am trying to protect my routes with the help of middleware by defining Gates but it's showing me 403| Not Authorized. I can't understand what the actual problem is?
Into Category Controller
public function addcategory(AdminsRole $adminsroles){
return view('add-category');
}
Into Routes
Route::get('/add-category', [CategoryController::class, 'addcategory'])->middleware('can:add-category')->name('addcategory');
Into AuthServiceProvider.php
$admin = Auth::guard('admin');
Gate::define('add-category', function ($admin, AdminsRole $adminsroles) {
if($admin->user()->u_type != 'superadmin'){
$adminRolescount = $adminsroles::where([
['admin_id', '=', $admin->user()->id],
['module', '=', 'categories'],
['add_access', '=', '1'],
])->count();
return $adminRolescount;
}else{
return $adminRolescount = 1;
}
});
I think what you're looking for can be simplified. The code in your controller and routes file does not need to be adjusted. I would however change your gate definition to the following:
Gate::define('add-category', function ($user = null) {
// Fetch user from custom guard
$user = Auth::guard('admin')->user();
// Check if a valid user instance was passed
if (is_null($user)) {
return false;
}
// Allow super admins to add categories regardless of AdminsRole existence
if ($user->u_type === 'superadmin') {
return true;
}
// Check if current user has a matching AdminsRole row with add_access permission
return AdminsRole::where([
['admin_id', '=', $user->id],
['module', '=', 'categories'],
['add_access', '=', '1'],
])->exists();
});
Note that a gate always receives a user instance as their first parameter if there is a logged in user, you needn't supply this yourself. Additionally, you can query for the AdminsRole existence directly via the model, using the id of the user instance that is being checked and automatically supplied to the gate.
I want redirect url from /topic/{title} to /topic/{category}/{title}.
So I try to registered this in routes:
Route::get('/topic/{title}',function(){
return redirect()->action('/topic/{category}/{title}','DetailController#index');
});
But I got error
Action App\Http\Controllers/topic/{category}/{title} not defined.
Anyone can help me about the routes?
Thanks for advance.
This is my Controller
class DetailController extends Controller
{
/**
* Display a listing of the resource.
*
* #return \Illuminate\Http\Response
*/
public function index($section=0,$title = 0)
{
$detail = DB::table('t_artikel')
->join('t_section', 't_section.id_section', '=', 't_artikel.id_section')
//->join('t_kolom', 't_kolom.id', '=', 't_artikel.penalar')
->where('publish', '=', 'Y')
->where('parent_id', '=', 0)
->where('tgl_pub', '<=', date('Y-m-d H:i:s'))
->where('t_artikel.urltitle', '=', $title)
->select('t_artikel.*', 't_section.*', 't_artikel.urltitle as urlartikel')
->first();
$kategori = DB::table('t_section')
->where('id_supsection', '=', 0)
->where('status', '=', 1)
->orderBy('position', 'asc')
->whereNotIn('id_section', [34])
->select('t_section.*')
->get();
$page = 'Detail';
return view ('detail.detail',
['detail' => $detail,
'kategori' => $kategori,
'page' => $page
]);
}
As per the documentation,
If your controller route requires parameters, you may pass them as the second argument to the action method
So, you need to pass the parameters like this:
return redirect()->action(
'DetailController#index', ['category' => <enter_value>, 'title' => <enter_value>]
);
I would suggest you to use 2 routes and 2 controllers. One handles the details of the topic and the other one handles the redirect of the "old" url.
For example: the user will visit "/topic/title" that is handled by a controller that will recognize topic and category, then will use the
public function handleTopic($title){
// the code here will recognize topic and category
// and will just provide the stuff to show the right page
// in the end will redirect to that controller
return redirect()->action('DetailController#index', ['category' => $category, 'title' => $title]);
}
public function index($stuffYouNeed){
// retrieve the rest of data you need to show the page
// you already know the title and category (cause of previous controller)
// in the end return the view with data
return view ('detail.detail',['data' => $data]);
}
In your routes you'll have to add one route and edit the existing one like:
Route::get('topic/{title}', 'DetailController#handleTopic')->name('handleTopic');
Route::get('topic/{category}/{title}', 'DetailController#index')->name('showTopic');
It's not tested cause atm i don't have a laravel env set up in local. But i think it should work. Let me know
Edit: I forgot to explain why you see the error
Action App\Http\Controllers/topic/{category}/{title} not defined.
You are using the redirect incorrectly
Route::get('/topic/{title}',function(){
return redirect()->action('/topic/{category}/{title}','DetailController#index');
});
You can only provide an action controller, not a route. And the destination route have to exist. So the right use is:
return redirect()->action('Controller#action');
Anyway, you should split logic from routes. You have controllers for that... even for really short blocks of code. It will keep everything in order and clear. In your route file you should have ONLY routes.
Solved, I found my way after modified. and this is the code:
Route::get('/topik/{title}',function($title){
$article = DB::table('t_artikel')
->join('t_section', 't_section.id_section', '=', 't_artikel.id_section')
->where('publish', '=', 'Y')
->where('parent_id', '=', 0)
->where('tgl_pub', '<=', date('Y-m-d H:i:s'))
->where('t_artikel.urltitle', '=', $title)
->select('t_artikel.*', 't_section.urltitle as urltitlesec', 't_artikel.urltitle as urlartikel')
->first();
$kategori = $article->urltitlesec;
return redirect("/topik/{$kategori}/{$title}");
});
If you want to redirect to a URI, then don’t use redirect()->action(); use redirect()->to() instead:
Route::get('/topic/{title}', function ($title) {
$category = ''; // Get category some how
return redirect()->to("/topic/{$category}/{$title}");
});
I have two routes for web middleware in my laravel app listed below:
Route::get('package/{slug}','GetPublicController#tourDetail')
->name('single');
And
Route::get('/trips/{category}','GetPublicPageController#getBycategory')
->name('getBycategory');
The first route works well but second route doesn't. The second route is in conflict with the first route as it tries to get view of first route, causing error and app to breakdown.
Method for 1st route:
public function tourDetail($slug)
{
$tour = Tour::where('slug', '=', $slug)
->first();
$itineraries = Itinerary::where('tour_id','=', $tour->id)
->orderBy('id', 'asc')->get();
$depature_dates = $tour->datePrice()->FixedDates($tour->id, date('m'),date('Y'))->get();
return view('public.tour.tour-detail')
->withTour($tour)
->withItineraries($itineraries)
->withDepatures($depature_dates);
}
And method for 2nd route
public function getByCategory($category)
{
$query = Tour::whereHas('category', function($r) use($category) {
$r->where('tcategories.name','=', $category);
});
return view('public.pages.category-list')
->withResults($query);
}
It would be very helpful if anyone could suggest the best approach to resolve this issue.
Thank you.
You have to call ->get() on the query in getByCategory.
I want to make a middleware to protect admin routes in laravel 5.2 app.
user_type isn't a field in users table in my db, but in a separate table :
Admin's user_type_id is 4
I made this middleware :
class AdminMiddleware
{
public function handle($request, Closure $next)
{
$authedUserID = Auth::id();
$user = User::query()
->leftjoin('users_user_types as uut', 'uut.user_id', '=', 'users.id')
->where('uut.user_id',"=","$authedUserID")
->get(['users.*',
'uut.user_type_id as userType'])->first();
if ($user['userType'] !=4)
{
return redirect('/home');
}
return $next($request);
}
}
and put this in $routeMiddleware array in kernel.php :
'admin' => \App\Http\Middleware\AdminMiddleware::class
and this is one of admin routes I want to apply my middleware on :
Route::get('ptyadmin', 'AdminController#show')->middleware('admin');
The Problem is that when I go to this route with admin user(user_type = 4) or normal user(user_type = 1) it redirects to /home in both cases !!
Why does this happen and how can I fix it ??
first method returns object
if ($user->userType !=4)
Also use selectinstead get
->select(['users.*','uut.user_type_id as userType'])->first();
It works when I put jwt.auth middleware in routes.php :
Route::get('ptyadmin', 'AdminController#show')
->middleware('jwt.auth')
->middleware('admin');
instead of putting it in AdminController :
public function __construct(User $user, JWTAuth $jwtauth)
{
$this->middleware('jwt.auth', ['except' => []]);
}
I'm using tabs but same controller, different methods. How to return values to different views with same route?
In /users, get value from db via BuyerSellerController#buyers method for buyer.
Route::get('users','BuyerSellerController#buyers');
In /users as well, get value from db via BuyerSellerController#sellers method for seller.
Route::get('users','BuyerSellerController#sellers');
//BuyerSellerController
public function buyers()
{
$buyerSeller = DB::table('buyerseller')
->where('buyerseller','=','Buyer')
->pluck('id');
$buyers = DB::table('users')
->where('buyerseller','=',$buyerSeller)
->get();
return View::make('pages.users')->with('buyers', $buyers);
}
public function sellers()
{
$buyerSeller = DB::table('buyerseller')
->where('buyerseller','=','Seller')
->pluck('id');
$sellers = DB::table('users')
->where('buyerseller','=',$buyerSeller)
->get();
return View::make('pages.users')->with('sellers', $sellers);
}
//users.blade.php
Then I got this error:
Undefined variable: sellers (View: ...)
compact saved my life! :D
public function index()
{
/* buyers */
$buyerSeller = DB::table('buyerseller')
->where('buyerseller','=','Buyer')
->pluck('id');
$buyers = DB::table('users')
->where('buyerseller','=',$buyerSeller)
->get();
/* sellers */
$buyerSeller = DB::table('buyerseller')
->where('buyerseller','=','Seller')
->pluck('id');
$sellers = DB::table('users')
->where('buyerseller','=',$buyerSeller)
->get();
return View::make('pages.users', compact('buyers', 'sellers'));
}