如何限制从直接链接中删除访问权限?
我有2个问题,我需要你所有的help.First,我已经做了评论删除路线,但其他用户登录可以从直接的联系也删除评论... link.com/deleteComment/id。如何使此仅对评论的所有者可用?所有者 ID 保存在数据库中,可以使用{{ $comment->user_id }}.
第二个问题...在我看来,当我点击一张没有评论的照片时,我收到了undefined variable comment,但我不知道为什么,因为在有评论的照片上,我没有问题。我可以做点什么if comments != empty, dont show it吗?像那样?
评论控制器:
public function store(Request $request, $post_id)
{
$this->validate($request, array(
'comment' => 'required|min:5|max:2000',
));
$post = Post::find($post_id);
$comment = new Comment();
$comment->username = Auth::user()->username;
$comment->email = Auth::user()->email;
$comment->user_id = Auth::user()->id;
$comment->comment = $request->comment;
$comment->approved = true;
$comment->post()->associate($post);
$comment->save();
Session::flash('message', "Message posted successfully!");
return Redirect::back();
}
帖子控制器:
public function delete($id){
DB::table('posts')->where('id',$id)->delete();
return redirect('/profile/' . auth()->user()->id);
}
我的看法
@foreach($post->comments as $comment)
<div class="comment d-flex ">
<p><strong><a class="text-dark" href="/profile/{{ $comment->user_id }}">{{ $comment->username}}</a>: </strong> {{ $comment->comment}}</p>
@can('update', $post->user->profile)
<div class="dropdown col-md-6">
<button type="button" class="btn btn-primary dropdown-toggle btn-sm" style="background-color: #ffffff00;border: 1px solid #555;color: black;padding: 0 5px" data-toggle="dropdown">
Select
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#">Edit comment</a>
<a class="dropdown-item" title="Options" style="text-decoration: none;" href="/deleteComment/{{$comment->id}}">Delete comment</a>
</div>
</div>
</div>
@endcan
@endforeac
POPMUISE2回答
-
慕工程0101907
尝试此操作以限制仅对拥有评论的经过身份验证的用户进行删除:/** * Comments Controller Method Delete */public function delete($id){ if(!DB::table('comments')->where('id',$id)->where('user_id',auth()->user()->id)->delete()){ Session::flash('remove', "You do not have permission to delete the comment!"); }else{ Session::flash('remove', "Message removed successfully!"); } return Redirect::back();}对于您的第二个问题,我认为会发生的情况是,如果没有评论,您正在使用没有结果的变量。您可以尝试使用 this 将使用变量 $comments 的语句括起来。对于控制器或其他文件 phpif (!$comment->isEmpty()) { //your code }if ($comment->count()) { //your code }if (count($comment)) { //your code }刀片@if(!$comment->isEmpty()) //your code @endif@if($comment->count()) //your code @endif@if(count($comment)) //your code@endif我希望我能帮助你,如果没有,请附上更多的代码,它们与他所说的完全一样,因为评论并删除图片,因为我没有在你所附的代码中看到。谢谢,祝你好运。更新<div class="row"> <div class="col-md-12"> @if(!$post->comments->isEmpty()) //****Added @if($post->comments->count() > 0) @foreach($post->comments as $comment) <div class="comment d-flex "> <p><strong><a class="text-dark" href="/profile/{{ $comment->user_id }}">{{ $comment->username}}</a>: </strong> {{ isset($comment->comment) ? $comment->comment : "--" }}</p> @can('update', $post->user->profile) <div class="dropdown col-md-6"> <button type="button" class="btn btn-primary dropdown-toggle btn-sm" style="background-color: #ffffff00;border: 1px solid #555;color: black;padding: 0 5px" data-toggle="dropdown"> Select </button> <div class="dropdown-menu"> <a class="dropdown-item" href="#">Edit comment</a> <a class="dropdown-item" title="Options" style="text-decoration: none;" href="/deleteComment/{{$comment->id}}">Delete comment</a> </div> </div> </div> @endcan @endforeach @endif @endif //****Added </div></div>更新删除如果管理员或没有/** * Comments Controller Method Delete */public function delete($id){ $comment = DB::table('comments')->where('id', $id): if(!auth()->user()->admin){ $comment->where('user_id', auth()->user()->id); } if (!$comment->delete()) { Session::flash('remove', "You do not have permission to delete the comment!"); } else { Session::flash('remove', "Message removed successfully!"); } return Redirect::back();} -
慕姐8265434
第一个问题可以很容易地完成。在您的destroy()函数中,只需检查评论所有者:// Check comment owner if($comment->user_id != \Auth::id()){ return abort(401);}// Do logic code to delete comment.第二个问题,您可以像这样检查存在评论:if(! $comments->isEmpty()) { // Do logic code to show comment}
随时随地看视频慕课网APP
PHP