如何防止 Laravel 中的中间件发生操作

Question

我有以下路线：

Route::get('post/{postId}/deleteComment/{commentId}', [
    'uses' => 'CommentController@getDeleteComment',
    'as' => 'content.post.deleteComment'
])->middleware('checkDeleteComment');

和以下中间件：

namespace App\Http\Middleware;

use App\Comment;
use Closure;
use Auth;

class checkDeleteComment
{
    public function handle($request, Closure $next)
    {
       $id = $request->route()->parameter('commentId');

       $comment = Comment::where('id', $id)->first();

        if (! Auth::user()->id == $comment->user_id) {
            return redirect()->back();
        } else {
            return $next($request);
        }
    }
}

中间件在我的App/Http/Kernel.php如下：

protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'checkAdmin' => \App\Http\Middleware\checkAdmin::class,
        'checkDeleteComment' => \App\Http\Middleware\checkDeleteComment::class,
    ];

然而，当我尝试用给定 link 删除不属于我的评论时，我总是成功。有人可以帮助我吗？

Answer 1

而不是说is not做is not equal

if (Auth::user()->id != $comment->user_id) {

如何防止 Laravel 中的中间件发生操作

How to prevent action from happening with middleware in Laravel

php

middleware

laravel