我正在使用三种型号:
用户模型
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable;
/**
* The attributes that are mass assignable.
*
* @var array<int, string>
*/
protected $table = 'users';
protected $fillable = [
'name',
'email',
'password',
'group'
];
...
public function permission()
{
return $this->hasMany(Permission::class);
}
}
配置文件模型
class Profile extends Model
{
use HasFactory;
protected $table = 'profiles';
protected $fillable = [
'profile_name',
'first_name',
'last_name',
'profile_type',
'TFN',
'ABN',
'ACN',
'Address',
'Email',
'Phone',
'established_date',
'Notes',
'activated'
];
...
public function permission()
{
return $this->hasMany(Permission::class);
}
}
权限模型
class Permission extends Model
{
use HasFactory;
protected $table = 'permissions';
protected $fillable = [
'profile_id',
'user_id'
];
public function user()
{
return $this->belongsTo(User::class);
}
public function profile()
{
return $this->belongsTo(Profile::class);
}
}
任何用户都可以访问0个或多个配置文件
任何配置文件都可以将权限授予0个或多个用户
在users.edit刀片模板上,我正在创建切换按钮,使用permissions.store和permissions.destroy路由为所选用户添加/删除配置文件权限。创建新权限正在按预期进行,但我在访问权限id(在刀片代码段中标记为***)以触发destroy函数时遇到了问题。
用户控制器
public function edit(User $user, Profile $profile, Permission $permission)
{
$perm = Permission::where([
['user_id', '=', $user->id],
])->pluck('profile_id', 'id')->toArray();
return view('users.edit', compact('perm'))
->with('user', $user)
->with('profiles', Profile::all());
}
权限控制器
public function destroy(Permission $permission, User $user, Profile $profile)
{
$permission = Permission::where('user_id', '=', $user->id)
->where('profile_id', '=', $profile->id)
->firstOrFail();
$permission->delete();
return redirect()->back();
}
刀片片段
@foreach($profiles as $key => $profile)
@if(in_array($profile->id, $perm))
<form action="{{ route('permissions.destroy', **** ) }}" method="POST" >
@csrf
@method('DELETE')
<input type="hidden" value="{{ $user->id }}" name="user_id" id="user_id" />
<input type="hidden" value="{{ $profile->id }}" name="profile_id" id="profile_id" />
<button class="btn btn-primary" type="submit">{{ $profile->profile_name }}</button>
</form>
@else
<form action="{{ route('permissions.store') }}" method="POST" >
@csrf
<input type="hidden" value="{{ $user->id }}" name="user_id" id="user_id" />
<input type="hidden" value="{{ $profile->id }}" name="profile_id" id="profile_id" />
<button class="btn btn-secondary" type="submit">{{ $profile->profile_name }}</button>
</form>
@endif
@endforeach
提前感谢
权限ID包含在用户控制器中创建的数组$perm中,但我还没有找到调用该值并将其与权限记录关联的方法,以便将其发送到permission.destroy路由。