Sometimes, you don’t want that certain users can access to certain parts of the web, either because of their role, because they aren’t the creators or for whatever reason. Laravel has a feature that allows us to do this very easily, the so-called Middlewares. This is what we are going to try today, together with database field relationships with Eloquent ORM. So, we will learn to assign a post to its creator and then how to access that data.
Assign a post to its creator
First of all we have to associate a user to the post, that we are going to do it through a field in the table posts called user_id. To create it, as always, we have to create a migration:
|
1 |
php artisan make:migration add_user_id_to_post_table |
Open it:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
<?php use Illuminate\Support\Facades\Schema; use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Migrations\Migration; class AddUserIdToPostTable extends Migration { /** * Run the migrations. * * @return void */ public function up() { Schema::table('posts', function(Blueprint $table) { $table->integer('user_id'); }); } /** * Reverse the migrations. * * @return void */ public function down() { Schema::table('posts', function(Blueprint $table) { $table->dropColumn('user_id'); }); } } |
Execute it:
|
1 |
php artisan migrate |
Now we have to modify the models post and user, to indicate that there is a relationship between these two tables across the field user_id.
Open the user model and add this method:
|
1 2 3 |
public function posts() { return $this->hasMany("App\Post"); } |
Open the post model and replace with this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<?php namespace App; use Illuminate\Database\Eloquent\Model; class Post extends Model { // fields can be filled protected $fillable = ['title', 'body', 'user_id']; public function user() { return $this->belongsTo('App\User'); } } |
We have already indicated that there is a relationship in the database between these two tables.
Now we will hide the post submission form if you aren’t logged in, because now it will not make sense to show it, since when it tries to save the post, it will not be able to access the user id, because there will not be any user logged in. Open the file where the form is and put the two includes like this. With this, it will be hidden if you are not logged in:
|
1 2 3 4 |
@if (Auth::check()) @include('includes.errors') @include('includes.form-submit-post') @endif |
Now simply modify the method of creating posts and add the id of the user, which will be the id of the user who is logged in.
|
1 2 3 4 5 6 7 8 |
public function store(PostRequest $request) { Post::create([ 'title' => $request->title, 'body' => $request->body, 'user_id' => Auth::id() ]); return redirect('posts'); } |
And it would be saving the user id and hiding the post submission form.
If we want to show the user object, we will have to put the next line where we want:
|
1 |
<p>By {{ $post->user->name }}</p> |
You can find more info about the different types of relationships and more things, here.
Middlewares
A middleware is a function that is executed before access to the URL that we address, in other words, it acts as a filter and lets pass to those who meet the requirements that we add.
For example, it makes no sense that someone not logged in can access to URL POST (method store) of posts creation, therefore, we will restrict access so that only logged-in users can access. Open the controller and add this constructor:
|
1 2 3 |
public function __construct() { $this->middleware('auth', ['only' => ['store']]); } |
We are saying that apply the middleware auth (it comes with Laravel) just to the method store.
We have already restricted the access.
But there are times that it is not enough to simply check if it is logged or not, maybe we want to check its role, what country it is, etc., etc. Then we must create a custom middleware. For this, as always, Laravel provides us with a command that creates the middleware in the appropriate folder very easily
Note: this middleware we will use later when we do the editing and deleting posts. Although there are other better ways (for example, policies) that we will explain and apply, but at the moment this is useful for us.
|
1 |
php artisan make:middleware Owner |
We will have created a file in the middleware folder. Open it and put:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<?php namespace App\Http\Middleware; use Closure; use App\Post; use Illuminate\Support\Facades\Auth; class Owner { /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure $next * @return mixed */ public function handle($request, Closure $next) { $post = Post::find($request->id); if ($post->user_id != Auth::user()->id) { return redirect("/posts"); } return $next($request); } } |
We are checking the post creator and if is this user, we let him continue, if it isn’t, we redirect him to the list. We still need to register it, for that, we open the Kernel.php file and add this line to the array of middlewares:
|
1 |
'owner' => \App\Http\Middleware\Owner::class, |
To use it, we have to use the previous syntax to add middlewares, also you can see here that there are other ways to do it.