laravel - 我可以在中间件上使用动态模型吗？

Question

我有 2 条路线需要标记一个人才能访问讨论。

1. http://localhost:8000/api/fieldReports/{fieldReport}/discussions
2. http://localhost:8000/api/agendas/{agenda}/discussions

目前，我已经创建了这个中间件，但我希望它更可重用，而不是直接指向特定模型，并为每个具有完全相同功能的模型复制它。

中间件\ForbidUntaggedUser.php

class ForbidUntaggedUser
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $user = $request->user();
        $report = $request->report; // <-- I hardcoded the model, I want this to be dynamic

        // The `taggedUsers` remains the same (identical) for each model that has tagging system on it.
        if (!$report || !$report->taggedUsers->contains($user->id)) {
            return response()->json('Your action is unauthorized.', 403);
        }

        return $next($request);
    }
}

我试过使用 Policy 但它不起作用，所以我想我需要一个中间件。

Policies\FieldReportDiscussionPolicy.php

class FieldReportDiscussionPolicy
{
    use HandlesAuthorization;

    /**
     * Determine whether the user can view any models.
     *
     * @param  \App\Models\User  $user
     * @return mixed
     */
    public function viewAny(User $user, FieldReport $fieldReport)
    {
        return $user->can('view any fieldReportDiscussion')
            && $fieldReport->taggedUsers->contains($user->id);
    }

    ... // and so on..
}

Controllers\FieldReportDiscussionController.php

class FieldReportDiscussionController extends Controller
{
    protected $model;

    /**
     * Create new instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->authorizeResource(
            FieldReportDiscussion::class,
            ['fieldReportDiscussion', 'fieldReport'] // This gave me error "Array to string conversion"
        );

        $this->model = new FieldReportDiscussion;
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(FieldReport $fieldReport)
    {
        $discussions = $this->model->registries($fieldReport)->paginate(100);
        return response()->json($discussions);
    }
}

我需要在 Controller 上进行依赖注入(inject)，因为路由嵌套在每个模型作为父模型中，就像这个......

routes\api.php

Route::apiResource('fieldReports', FieldReportController::class);
Route::apiResource('fieldReports.discussions', FieldReportDiscussionController::class)->except(['update'])->parameter('discussions', 'fieldReportDiscussion');

那么，解决这个问题的方法是什么？我可以让它动态化(第一个请求对象)吗？

Answer 1

我认为您在使用中间件方面走在正确的轨道上，尽管您需要进行一些条件检查，例如:

class ForbidUntaggedUser
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        $instance = null;

        if ($request->report !== null) {
            $instance = $request->report;
        } else if ($request->agenda !== null) {
            $instance = $request->agenda;
        }

        if (!$instance || !$instance->taggedUsers->contains(auth()->id())) {
            return response()->json('Your action is unauthorized.', 403);
        }

        return $next($request);
    }
}