Authorization check added in resouce controller in API
This commit is contained in:
parent
22b3d11e01
commit
6270c59566
|
|
@ -56,6 +56,10 @@ class ResourceController extends Controller
|
|||
public function index()
|
||||
{
|
||||
$query = $this->repository->scopeQuery(function($query) {
|
||||
if (isset($this->_config['authorization_required']) && $this->_config['authorization_required']) {
|
||||
$query = $query->where('customer_id', auth()->user()->id );
|
||||
}
|
||||
|
||||
foreach (request()->except(['page', 'limit', 'pagination', 'sort', 'order', 'token']) as $input => $value) {
|
||||
$query = $query->whereIn($input, array_map('trim', explode(',', $value)));
|
||||
}
|
||||
|
|
@ -85,10 +89,12 @@ class ResourceController extends Controller
|
|||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function get($id)
|
||||
{
|
||||
return new $this->_config['resource'](
|
||||
$this->repository->findOrFail($id)
|
||||
);
|
||||
{
|
||||
$query = isset($this->_config['authorization_required']) && $this->_config['authorization_required'] ?
|
||||
$this->repository->where('customer_id', auth()->user()->id)->findOrFail($id) :
|
||||
$this->repository->findOrFail($id);
|
||||
|
||||
return new $this->_config['resource']($query);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue