From 186cbb6dccce482af65a87c449b3e89f697e94ce Mon Sep 17 00:00:00 2001 From: "iVampireSP.com" Date: Tue, 28 Feb 2023 18:05:27 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=20=E8=B5=84=E6=BA=90?= =?UTF-8?q?=E6=89=80=E6=9C=89=E8=80=85=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/Http/Kernel.php | 2 ++ app/Http/Middleware/ResourceOwner.php | 28 +++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 app/Http/Middleware/ResourceOwner.php diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php index bf5b7f1..d3f05fd 100644 --- a/app/Http/Kernel.php +++ b/app/Http/Kernel.php @@ -12,6 +12,7 @@ use App\Http\Middleware\RealNamed; use App\Http\Middleware\RedirectIfAuthenticated; use App\Http\Middleware\ReportRequestToCluster; +use App\Http\Middleware\ResourceOwner; use App\Http\Middleware\TrimStrings; use App\Http\Middleware\TrustedDomain; use App\Http\Middleware\TrustProxies; @@ -107,5 +108,6 @@ class Kernel extends HttpKernel 'banned' => ValidateUserIfBanned::class, 'admin.validateReferer' => ValidateReferer::class, 'real_named' => RealNamed::class, + 'resource_owner' => ResourceOwner::class, ]; } diff --git a/app/Http/Middleware/ResourceOwner.php b/app/Http/Middleware/ResourceOwner.php new file mode 100644 index 0000000..814dc6d --- /dev/null +++ b/app/Http/Middleware/ResourceOwner.php @@ -0,0 +1,28 @@ +route($model); + + if ($model && isset($model->user_id) && $request->user()) { + // if module has user_id and user is logined + if ($model->user_id != $request->user()->id) { + abort(403); + } + } + + return $next($request); + } +}