增加 资源所有者验证

This commit is contained in:
iVampireSP.com 2023-02-28 18:05:27 +08:00
parent 7f7167a5d3
commit 186cbb6dcc
No known key found for this signature in database
GPG Key ID: 2F7B001CA27A8132
2 changed files with 30 additions and 0 deletions

View File

@ -12,6 +12,7 @@
use App\Http\Middleware\RealNamed;
use App\Http\Middleware\RedirectIfAuthenticated;
use App\Http\Middleware\ReportRequestToCluster;
use App\Http\Middleware\ResourceOwner;
use App\Http\Middleware\TrimStrings;
use App\Http\Middleware\TrustedDomain;
use App\Http\Middleware\TrustProxies;
@ -107,5 +108,6 @@ class Kernel extends HttpKernel
'banned' => ValidateUserIfBanned::class,
'admin.validateReferer' => ValidateReferer::class,
'real_named' => RealNamed::class,
'resource_owner' => ResourceOwner::class,
];
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class ResourceOwner
{
/**
* Handle an incoming request.
*/
public function handle(Request $request, Closure $next, $model): Response|RedirectResponse
{
$model = $request->route($model);
if ($model && isset($model->user_id) && $request->user()) {
// if module has user_id and user is logined
if ($model->user_id != $request->user()->id) {
abort(403);
}
}
return $next($request);
}
}