Support the ongoing development of Laravel.io →
Security Requests Architecture
Last updated 2 years ago.
0

Remove {id} from the middleware Call this inside your middleware: $request->id

0

You should be explicit with retrieving that id. $request->route('id').

The getter on Request will check all the inputs first then fallback to pulling a route parameter.

0

I used middleware, this isn't final but it works for now

<?php

namespace App\Http\Middleware;

use Closure;
use Auth;
use Illuminate\Http\Request;

class AccessMiddleware
{

    protected $permission;
    protected $slugged;

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next, $slugged)
    {
        $this->slugged = $slugged;
        $this->permission = $this->replaceSlugs($request);

        if(!Auth::user()->can($this->permission))
            abort(403);
        return $next($request);
    }



    function replaceSlugs(Request $request) {
        $slug = '~{([^}]*+)}~';
        $params = $request->route()->parameters();

        return preg_replace_callback( 
            $slug, 
            function ($a) use ($params) {
                return $params[$a[1]];
            },
            $this->slugged);
    }

}
Last updated 8 years ago.
0

Sign in to participate in this thread!

Eventy

Your banner here too?

BojanKogoj bojankogoj Joined 26 Nov 2015

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 Laravel.io - All rights reserved.