I'm currently making a Laravel project where a logged in user can select roles and projects they've been assigned using a Postgres Database. After logging in theHomeController
passes the roles and projects toprojectroles.blade.php
which utilises Vue.js to display the necessary data.
I've then got a GET route set up/map/{role}/{project}
where after a user selects the role and project fromprojectroles.blade.php
where it passes it toMapController
which then gets data relevant to the project chosen towelcome.blade.php
.
However, I've noticed an issue with my route. Modifying the URL to change the role and project IDs a user could in theory access a project that a user doesn't have the permission to access.
I have two ideas but don't know which one would be best practice or which one would give the desired effect.
HomeController
into theMapController
and check if the user is permitted to see the role/project that they're attempting to access. Obviously I know this isn't the best practice since it's the repetition of code but if it's the only thing I can do, is there anything I can add to make it more simplistic/efficient....
$user = Auth::user() ?? 'null';
$layers = array();
$roles = DB::table('users')
->join('user_roles', 'users.id', '=', 'user_roles.user_id')
->join('roles', 'roles.id', '=', 'user_roles.role_id')
->select('roles.*')
->where('users.id', '=', $user->id)
->get();
$roleprojects = array();
foreach ($roles as $role)
{
$roleproject = array(
'role' => $role->id,
'projects' => DB::table('roles')
->join('role_projects', 'roles.id', '=', 'role_projects.role_id')
->join('projects', 'projects.id', '=', 'role_projects.project_id')
->select('projects.*')
->where('roles.id', '=', $role->id)
->get()
);
array_push($roleprojects, $roleproject);
}
...
200
response but doesn't change the view. I'm not sure if this is due to the fact that I'm using an Axios POST to make the call to the controller.ProjectRoles.vue
...
axios.post('/map/' + this.selectedRole.id+ "/" + this.selectedProject.id).then((response) => {
console.log(response);
}, (xhr) => {
console.log(xhr);
});
...
Mapcontroller.php
index($role, $$project){
...
return View::make('welcome.blade.php');
}
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Find the answer in similar questions on our website.
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.
PHP (from the English Hypertext Preprocessor - hypertext preprocessor) is a scripting programming language for developing web applications. Supported by most hosting providers, it is one of the most popular tools for creating dynamic websites.
The PHP scripting language has gained wide popularity due to its processing speed, simplicity, cross-platform, functionality and distribution of source codes under its own license.
https://www.php.net/
Laravel is a free open source PHP framework that came out in 2011. Since then, it has been able to become the framework of choice for web developers. One of the main reasons for this is that Laravel makes it easier, faster, and safer to develop complex web applications than any other framework.
https://laravel.com/
Vue is an open source JavaScript framework for building a creative interface. Integration with Vue in projects using other JavaScript libraries is simplified because it is designed to be adaptable. Over 36,000 websites currently use Vue. Companies like Stackoverflow, PlayStation, etc. rely on Vue for their UI sites.
https://vuejs.org/
Welcome to the Q&A site for web developers. Here you can ask a question about the problem you are facing and get answers from other experts. We have created a user-friendly interface so that you can quickly and free of charge ask a question about a web programming problem. We also invite other experts to join our community and help other members who ask questions. In addition, you can use our search for questions with a solution.
Ask about the real problem you are facing. Describe in detail what you are doing and what you want to achieve.
Our goal is to create a strong community in which everyone will support each other. If you find a question and know the answer to it, help others with your knowledge.