yurenery/security-request

Amوندар安全请求

维护者

详情

github.com/yurenery/security-request

来源

问题

安装: 2

依赖: 0

建议者: 0

安全: 0

星标: 0

关注者: 2

分支: 0

v3.0.5 2024-09-12 14:52 UTC

Requires

MIT 7aa7ced821bfde98a3b582b2d59058b16534f7e4

  • Yure Nery <yurenery.woop@gmail.com>

This package is not auto-updated.

Last update: 2024-10-01 03:05:56 UTC

README

如有任何问题,请联系电子邮件 - yurenery@gmail.com.
该包旨在修改和扩展在受保护部分网站中工作的标准Laravel请求。
!!! 重要!!!从5.6版本开始使用Laravel,请使用标签 - "^2.0"

安装

"repositories": [
    {
        "url": "https://git.attractgroup.com/amondar/SecurityRequest.git",
        "type": "git"
    }
]
    "amondar/security-request": "^3.0"

连接

SecurityRequest 特性连接到您的请求或创建一个CoreRequest包装器,以避免始终连接它。以下是一个使用我们特性的请求示例。请注意,使用了标准的REST方法,为每个最终URL挂载一个权限。

重要:对于更通用的权限,请使用中间件并参考Laravel文档。
所有功能中都可访问变量

    $this->action; //Массив дейсвия.
    $this->actionName; //Имя действия. Находится в ключе.
class CategoryRequest extends FormRequest
{
    use SecurityRequest;
     
    /**
     * Actions.
     *
     * @var array
     */
    protected $actions = [
        'view' => [
            'methods'    => [ 'GET' ],
            'permission' => 'default',
        ],
        'add'  => [
            'methods'    => [ 'POST' ],
            'permission' => 'default',
        ],
        'edit' => [
            'methods'    => [ 'PUT', 'PATCH' ],
            'permission' => 'default',
        ],
        'delete' => [
            'methods'    => [ 'DELETE' ],
            'permission' => 'default',
        ]
    ];

    /**
     * Rules array.
     *
     * @return array
     */
    public function rulesArray()
    {
        $rules = [
            'uri'        => 'required|alpha_dash|unique:categories',
            'is_active'  => 'sometimes|boolean',
        ];

        $this->addTranslatableFields($rules, [
            'name' => [ 'required', 'string', 'min:1', 'max:255' ]
        ]);

        return $rules;
    }

    public function messagesArray()
    {
        return [
            'uri.required'      => trans_db(app('translations'), 'validation-categories-uri-required', 'Uri is required field.'),
            'uri.unique'        => trans_db(app('translations'), 'validation-categories-uri-unique', 'Uri with this name already exists.'),
            'name_*.required'   => trans_db(app('translations'), 'validation-categories-name-required', 'Name is required.'),
            'name_*.min'        => trans_db(app('translations'), 'validation-categories-name-min', 'Name must be at least :min characters in length.', [ ':min' => 3 ]),
            'name_*.max'        => trans_db(app('translations'), 'validation-categories-name-max', 'Name must be maximum :max characters in length.', [ ':max' => 255 ]),
        ];
    }

    /**
     * @return array
     */
    protected function postActionMessages()
    {
        return $this->messagesArray();
    }

    /**
     * Get action rules
     *
     * @return array
     */
    protected function getAction()
    {
        return [ ];
    }

    /**
     * Post action rules
     *
     * @return array
     */
    protected function postAction()
    {
        return $this->rulesArray();
    }

    /**
     * Put action rules
     *
     * @return array
     */
    protected function putAction()
    {
        $rules = $this->rulesArray();
        $category_id = $this->route('category');
        $rules['uri'] = [ 'required','alpha_dash', Rule::unique('categories', 'uri')->ignore($category_id, '_id') ];

        return $rules;
    }

    /**
     * Delete action rules
     *
     * @return array
     */
    protected function deleteAction()
    {
        return [];
    }
}

如您所见,请求变得更加易于阅读。可以为每种请求类型构建独立的规则和消息数组,以响应验证错误。

重要:PUT和PATCH类型的请求由前缀为 put - putAction 的函数处理

权限及其功能

为了利用可读性的优势,但省略权限检查,可以使用Laravel Gate Facade的权限名 - default。这告诉特性在此请求上不需要权限检查。以下是一个使用权限的示例

'delete' => [
    'methods'    => [ 'DELETE' ],
    'permission' => 'change-log-delete',
],

此键将执行检查 - Auth::user()->can('change-log-delete')。如果用户没有执行请求操作的权限,将返回 403 响应

扩展功能

如果需要为同一类型的请求(例如, PUT)描述多个具有不同验证规则集的请求:可以使用键 - route

'edit'    => [
    'methods'    => [ 'PUT', 'PATCH' ],
    'route'      => 'projects/*/groups/*',
    'permission' => 'default',
],
'move-to' => [
    'methods'    => [ 'PUT', 'PATCH' ],
    'route'      => 'projects/*/groups/move',
    'permission' => 'group-task-actions',
],

在这种情况下,特性将使用Laravel的标准函数比较请求中的URL

$this->is('projects/*/groups/move')

如果该检查成功,将检查登录用户的访问权限

重要:当出现使用 route 表述的此类键时,这些操作的动作函数命名规则会发生变化。在这种情况下,动作将如下所示

/**
* Put method rules apply.
*/
protected function putEditAction()
{
    return [];
}

/**
* Put method rules apply.
*/
protected function putMoveToAction()
{
    return [];
}

为了在Laravel的标准函数 autorise 中添加额外的验证规则,请重写它,并确保默认返回父函数的响应。

/**
 * Determine if the user is authorized to make this request.
 *
 * @return bool
 */
public function authorize()
{
    $group_id = $this->route('group');
    $user = detectUser()->user;
    if (
        ! $this->project->isTeammates([ detectUser()->user ]) ||
        ($group_id && ! $this->project->groups->contains('id_task_group', $group_id)) ||
        ($this->actionName == 'edit' && $this->task_group_status_id == 2 && $user->cannot('group-begin')) ||
        ($this->actionName == 'edit' && $this->task_group_status_id == 3 && $user->cannot('group-close'))
    ) {
        return false;
    }

    return parent::authorize();
}

如有任何问题,请联系电子邮件 - yurenery@gmail.com