Fatal编程技术网
  • angular/
  • Angular Laravel-如何确保登录用户只能访问其公司数据

Angular Laravel-如何确保登录用户只能访问其公司数据

angular laravel

Angular Laravel-如何确保登录用户只能访问其公司数据,angular,laravel,spatie,Angular,Laravel,Spatie,我正在开发一个客户端门户应用程序,使用Angular-7作为前端和Laravel-5.8。我正在使用Larave Spatial进行用户管理。我有这三张桌子: CREATE TABLE `company` ( `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, `company_id` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL, `company_name`

我正在开发一个客户端门户应用程序,使用Angular-7作为前端和Laravel-5.8。我正在使用Larave Spatial进行用户管理。我有这三张桌子:

CREATE TABLE `company` (
  `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
  `company_id` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
  `company_name` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

CREATE TABLE `trips` (
  `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
  `dispatch_datetime` datetime DEFAULT NULL,
  `loading_date` date DEFAULT NULL,
  `loaded_from` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
  `destination` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
  `company_id` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

CREATE TABLE `users` (
  `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
  `name` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
  `email` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
  `password` varchar(255) COLLATE utf8mb4_unicode_ci NOT NULL,
  `company_id` varchar(255) COLLATE utf8mb4_unicode_ci DEFAULT NULL,
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
从上面的表格中,我有三个类:用户、公司和旅行

  • 每个用户都属于一个公司,但不属于多个公司

  • 每个公司都有几次旅行

  • 公司中的公司id也是主键

    • 在ApiController中,我使用了Laravel Spatial,使用户只能访问他们获得许可的数据。这是完美的工作:

    ApiController.php

    <?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Trip;
use App\User;
use App\Company;

use Illuminate\Support\Facades\Auth;

class TripController extends Controller
{
    public function index(Request $request){
        if(!Auth::user()->hasPermissionTo('View Trip')){
            return response()->json([ "message" => 'User do not have permission'], 401);
        }
        if(($request->get('sort')!='null' && $request->get('sort')!='') && $request->get('search')){
            $trip = Trip::where("trip_number", "LIKE", "%{$request->get('search')}%")->orderby($request->get('sort'), $request->get('order'))->paginate(10);
        } else if(($request->get('sort')!='null' && $request->get('sort')!='')){
            $trip = Trip::orderby($request->get('sort'), $request->get('order'))->paginate(10);
        }
        else if($request->get('search'))
            $trip = Trip::where("trip_number", "LIKE", "%{$request->get('search')}%")->paginate(10);
        else
            $trip = Trip::paginate(10);
        return response()->json($trip, 200);
    }
}


    我假设未经身份验证的用户无法到达此端点。您只需要为所有具有关于公司id的起始位置条件的情况创建起始行程查询生成器。因此,您可以将其他条件添加到此起始行程查询生成器
    

    $user = Auth::user();
if(!$user->hasPermissionTo('View Trip')){
    return response()->json([ "message" => 'User do not have permission'], 401);
}

$trip = Trip::where('company_id', $user->company_id);
if(($request->get('sort')!='null' && $request->get('sort')!='') && $request->get('search')){
    $trip = $trip->where("trip_number", "LIKE", "%{$request->get('search')}%")->orderby($request->get('sort'), $request->get('order'));
} else if(($request->get('sort')!='null' && $request->get('sort')!='')){
    $trip = $trip->orderby($request->get('sort'), $request->get('order'));
} else if($request->get('search')) {
    $trip = $trip->where("trip_number", "LIKE", "%{$request->get('search')}%");
}

return response()->json($trip->paginate(10), 200);

    

    我假设未经身份验证的用户无法到达此端点。您只需要为所有具有关于公司id的起始位置条件的情况创建起始行程查询生成器。因此,您可以将其他条件添加到此起始行程查询生成器
    

    $user = Auth::user();
if(!$user->hasPermissionTo('View Trip')){
    return response()->json([ "message" => 'User do not have permission'], 401);
}

$trip = Trip::where('company_id', $user->company_id);
if(($request->get('sort')!='null' && $request->get('sort')!='') && $request->get('search')){
    $trip = $trip->where("trip_number", "LIKE", "%{$request->get('search')}%")->orderby($request->get('sort'), $request->get('order'));
} else if(($request->get('sort')!='null' && $request->get('sort')!='')){
    $trip = $trip->orderby($request->get('sort'), $request->get('order'));
} else if($request->get('search')) {
    $trip = $trip->where("trip_number", "LIKE", "%{$request->get('search')}%");
}

return response()->json($trip->paginate(10), 200);