问题
I'm trying to work out how to test that the logged in user in Laravel 4 can visit the correct user account.
At the moment this is what is in my routes.php file.
Route::get('user/{id}', array('before' => 'auth', function(){
// logged in user
// but can visit any account!!
}));
How would I restrict this to so user/1 could only see the profile if that is the current logged in users id?
Auth::user()->id
Returns the logged in id to test against but I can't work out how to write a filter that checks it's equal to the {id} in the url.
Please help! Thanks.
回答1:
Got some help through the Laravel irc channel.
This is the way I have gone with.
Route::filter('user', function($route, $request)
{
if( $request->segment(2) != Auth::user()->id)
{
return Redirect::to('/login');
}
});
Then on my route do.
Route::get('user/{id}', array('before' => 'auth|user', 'uses' => 'UsersController@index'));
来源:https://stackoverflow.com/questions/15737491/test-logged-in-user-has-correct-id-in-laravel-4