Query in Laravel with Relationships from blade? - laravel

I have the following tables
Users
request
servers
Which are related in the following way.
User has many request
Sever has many request
Now what I want is to get all the servers associated with the requests that the user has without repetitions.
I have to do it in the blade view since in the view I am iterating the services and showing them in a table.
So far I've been trying the following
#foreach($requests as $request)
#php
$serversUser = \App\Server::where('requestsofservice', function($query){
$query->where('user_id',$request->user->id);
});
#endphp
#endforeach
But it doesn't work because of the variable $request->user->id.
and the result is
Undefined variable: request
So, how could i get the services that the user a has related to their request without repetitions.
What happens is that as I am iterating the requests that I send from
the controller to the view, being inside the click foreach I get the
user and from that user all the servers that he has in his requests.

$request doesn't exist in your function. Pass it by doing function($query) use($request).
See PHP's documentation on variable scope: http://php.net/manual/en/language.variables.scope.php
and on anonymous functions (in particular, the "Example #3 Inheriting variables from the parent scope" bit): http://php.net/manual/en/functions.anonymous.php

Related

MiddleWare vs CustomRequest for check user rights

Let's say there some users who have several posts. Every user has many posts, and every post belongs to one user.
To change post frontend uses URL like users/1/posts/3. The goal is to check, that post number 3 belongs to user number 1.
There are several ways to do it:
Check inside controller method or service(bad method IMHO)
Check inside custom request (authorize function)
Check inside middleware
I choose between the last 2, but have some doubts. The custom request should contain validation rules and do not be linked with authorization(SOLID), and I don't know if it's good to do it inside middleware.
I assume you want to check if user can modify the post.
For authorizing access https://laravel.com/docs/7.x/authorization#creating-policies is a way to go.
After defining policy you can reuse it in blade files, in controller and etc..
The policy defines rules for standard actions like create, read, update, delete.
For blades then you can:
#can('update', $post)
For methods in controllers:
$this->authorize('update', $post)
For anywhere else:
$user->can('update', $post)
You can use Policies in conjunction with custom Form Requests

Laravel resource route doesn't display show in controller

According to the Laravel documentation:
This single route declaration creates multiple routes to handle a
variety of actions on the resource. The generated controller will
already have methods stubbed for each of these actions, including
notes informing you of the HTTP verbs and URIs they handle.
In my route I have this:
Route::resource('admin/companies', 'CompaniesController');
In my controller I have index, create, store, show etc.
Specifically in show I have this:
public function show(Company $company)
{
//
dd('hi');
}
I would expect when I hit this route:
http://127.0.0.1:8000/admin/companies/onecompany
for it to dd my response. Instead I get a 404 error. What am I doing wrong?
This route http://127.0.0.1:8000/admin/companies/onecompany is not a valid route that triggers resource functions according to Laravel documentaion.
The right URL that will trigger the show(Company $company) function is:
//This route will extract the `id` column from the model and show the required record.
http://127.0.0.1:8000/admin/companies/{company}
or
http://127.0.0.1:8000/admin/companies/{id}
Try an existing record in your database;
//Assuming there is a record with an id of 1
http://127.0.0.1:8000/admin/companies/1
cause of your problem seems related to Route model binding
,try it with id in uri.
to see list of your application's routes: php artisan route:list

Get parameter passed in URL Codeigniter

Basically I have an anchor tag (update) that gets the id of the request in the table and load the update view getting all the request details
<i class="fa fa-eye"></i> Update
This is then received in my method
public function update_request_view($idx)
{
//some code here to load the view and get details
}
The url then becomes http://localhost/dashboard/staff/request/update_request_view/48
Now when I try to save the update that I make using another method
public function update()
{
$idx = $this->uri->segment(5);
}
My $idx variable is empty. When I use $this->uri->segment(4), I get update_request_view.
I dont wanna use hidden fields since it will cause lots of security issues and also when I will be able to work this out i will encrypt the id. Why is my $this->uri->segment(5) empty and how do I get it?
Most likely, if I understand you correctly, it is because the update function is a separate page than http://localhost/dashboard/staff/request/update_request_view/48. So CI doesn't see any of the previous url variables. You can either submit to update/{$id} (action url) or you can use a hidden field; it is no less safer than using an id in the url as that can be just as easily manipulated with a change to the form action.
That being said, if you are really concerned about security you should restrict access to particular users for a given record using some sort of ACL.

Laravel Policy for a large array of permissions

I am looking to use Laravel's policy to authorize a large array of user permissions with Blade.
My authorizations are under a ActionPermission model holding all app permissions.
User has his permission names accessed via a pivot
using:
public function permissions(){
return $this->belongsToMany('App\ActionPermission', 'users__action_permission');
}
So essentially I am receiving a collection of permissions for user and calling $user->permissions()->pluck('module_name')->toArray(); I will get the names of permissions as array.
Is there a way to bring an array of policies via blade in one line? So in my layout I will insert a one line blade directive?
In Laravel's docs, they use the name of the function as the blade directive, like this in the policy:
public function update(User $user, Post $post)
{
return $user->id === $post->user_id;
}
And in the blade:
#can('update', $post)
<!-- The Current User Can Update The Post -->
#elsecan('create', App\Post::class)
<!-- The Current User Can Create New Post -->
#endcan
The above isn't relevant when you have a large number of permissions.
What would be the best practice to execute a large array of permissions?
BTW any method (not only provider bootstrap) would be welcome.
Accessing the model to create from the blade can be dangerous, as you're skipping some validation and requiring Eloquent to handle everything well (it won't).
Aside from that, I hope this can explain what you seek:
$user = User::find($idOfUser) // retrieves an active record of User
$user->permissions // gets the record of permissions that is related to the user, believing the relationship is estabished
User::find($idOfUser)->permissions->update($data) // updates the record in permissions that is related to that user

change laravel resource url

is there a way to customize Laravel 5 resource URLs ?
For example, change user/1/edit to user/edit.
That's because I don't want anybody to see the id in the URL. I think it is database information and shouldn't be revealed.
The point is that I want to do this without changing my routes. On the other hands I want to do this by using resource routes I have and not by adding some new routes to them , as you know when you define a resource route in your project it automatically adds some predefined routes to the route table and you are forced to use them in the way they are. For example you have to send a GET request to user/{user} for showing the user. Now I want to have a URL like user/{username} for doing this without adding a new route, IS THAT EVEN POSSIBLE?
if there is a way for achieving this I appreciate it if you share it here.
Thanks a lot
Since in most cases id is an auto incremented value and guessable, better you can use any other unique column of users table here, e.g username and then using that column instead of id in resource controller. Suppose you've an unique username column in your table So, if you use that instead of id your call to user edit will be like:
{!! route('user.edit', $user->username) !!} // let's say username is shahrokhi
which is equivalent to
user/shahrokhi/edit
Now for example, in your resource controller to edit a user details code may be like:
public function edit($username)
{
$user = User::where('username', '=', $username)->firstOrFail();
// rest of your code goes here
}
And so on for other methods.

Resources