laravel - 用户的 Laravel 异常
问题描述
寻求帮助,我如何为用户例外,如果他不属于调查所属的团队,则看不到调查?因为现在每个人都可以看到所有调查,当更改链接最后一个 ID 号时。也许有人有一些建议我如何制定规则或检查用户 ID,如果存在于调查 ID 属于团队或其他东西的团队中
这是我的控制器:
public function viewSurvey($id)
{
$object = DB::table('question')->where('survey_id' , '=', $id)->get();
$date = Survey::where('surveyId' , '=', $id)->get();
$teams = Auth::user()->teams;
$members = Survey::where('surveyId' , '=', $id)
->join('team','team.teamId', '=', 'survey.teamId')
->join('teammembersall','teammembersall.TeamId', '=', 'team.TeamId')
->join('users','users.id', '=', 'teammembersall.UserId')
->select('users.*')
->whereNotExists(function($query){
$query->select(DB::raw(1))
->from('answer')
->whereRaw('answer.answerAboutUserId = users.id');
})
->get();
$questions = DB::table('answer')->get();
return view('survey_details', ['object' => $object, 'date' => $date, 'teams' => $teams, 'members' => $members, 'questions' => $questions]);
}
这是我的观点:
<html>
<head>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" />
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.0/jquery.min.js"></script>
</head>
<body>
<div class="container">
<hr>
<div class="row">
<div class="col-md-2">
</div>
<div class="col-md-8">
<br>
<div style="display:none">
{{ $dates = date('Y-m-d H:i:s') }}
</div>
<div class="container-survey-logo">
<img src={{url('/img/survey-banner.jpg')}} width="100%" height="auto" alt=""/>
<div class="text-block-survey-date">
@foreach($date as $dat)
<h4>End date:</h4>
<p>{{ $dat->ended_at}}</p>
@endforeach
</div>
</div>
<div style="display:none;">
@foreach($questions as $quest)
<p>{{ $quest->answerAboutUserId}}</p>
@endforeach
</div>
@if($dat->ended_at > $dates )
<div class="survey-theme">
@foreach($members as $memb)
@if($memb->id != Auth::user()->id)
<form action="/confirmSurveyAnswers" method="post">
{{csrf_field()}}
<br>
<div class="well well-lg">
<h5>
Questions about member:
<h2><input style="border:none;background:none" name="surveyName" value="{{ $memb->name}}" readonly></h2>
<input style="border:none;background:none;display:none" name="surveyUserDataId" value="{{ $memb->id}}" readonly>
</h5>
<br>
@foreach($object as $object_each)
<input style="font-size:20px;" type="text" class="form-control" id="exampleInputAnswer" name="questionName[{{$object_each->id}}]" value="{!! $object_each->name !!}" readonly>
<div class="survey-questions">
<label class="radio-inline-text">
Not agree -
</label>
<label class="radio-inline">
<input type="checkbox" value="1" name="QuestionsAnswers[{{$object_each->id}}]" >1
</label>
<label class="radio-inline">
<input type="checkbox" value="2" name="QuestionsAnswers[{{$object_each->id}}]" >2
</label>
<label class="radio-inline">
<input type="checkbox" value="3" name="QuestionsAnswers[{{$object_each->id}}]" >3
</label>
<label class="radio-inline">
<input type="checkbox" value="4" name="QuestionsAnswers[{{$object_each->id}}]" >4
</label>
<label class="radio-inline">
<input type="checkbox" value="5" name="QuestionsAnswers[{{$object_each->id}}]" >5
</label>
<label class="radio-inline">
<input type="checkbox" value="6" name="QuestionsAnswers[{{$object_each->id}}]" >6
</label>
<label class="radio-inline">
<input type="checkbox" value="7" name="QuestionsAnswers[{{$object_each->id}}]" >7
</label>
<label class="radio-inline">
<input type="checkbox" value="8" name="QuestionsAnswers[{{$object_each->id}}]" >8
</label>
<label class="radio-inline">
<input type="checkbox" value="9" name="QuestionsAnswers[{{$object_each->id}}]" >9
</label>
<label class="radio-inline">
<input type="checkbox" value="10" name="QuestionsAnswers[{{$object_each->id}}]" >10
</label>
<label class="radio-inline-text">
- Fully agree
</label>
</div>
@endforeach
<div class="im-done-button">
<button type="submit" class="btn btn-primary">I'm Done</button>
</div>
</div>
@endif
</form>
@endforeach
<Br>
@include('layouts.errors')
</div>
@else <h1>This survey ended</h1> @endif
</div>
<div class="col-md-2">
</div>
</div>
<hr>
</div>
</body>
</html>
解决方案
您可以为此使用不同的替代方案:
Laravel 策略和盖茨根据经过身份验证的用户生成不同类型的视图授权,您可以在此处搜索更多信息:https ://laravel.com/docs/5.6/authorization
使用第三方包来处理权限、角色,例如https://cartalyst.com/manual/sentinel/2.0或https://github.com/spatie/laravel-permission
推荐阅读
- c# - 将参数传递给 AJAX 模式弹出窗口?
- c++ - 将现代 C++ 从 Linux 交叉编译到 Windows
- flutter - PhotoView 库无法放大/缩小图像
- android - 安卓谷歌地图方向从a到b
- python - 在 QGraphicsScene 中的 GGraphicsEllipseItem 的中心对齐 QLabel
- sql - 使用 SQLAlchemy 引擎执行 SQL 文件的问题 - 在类似条件下使用 %
- sql-server - 将现有用户分配给 Azure 中的登录帐户的语法问题
- python - 如何重新初始化 keras 模型的权重?
- android - Bitrise google play deploy 无法执行编辑插入调用,错误:发布 https://www.googleapis.com/androidpublisher/v3/applications/
- c# - 文件对象总是在控制器中返回 null