Я пишу сайт гостиничного сервиса.
Существует форма, где каждый пользователь может видеть информацию о своем бронировании. Эта форма основана на форме администратора, которая может просматривать все заказы. Мне нужно, чтобы только один пользователь мог видеть свою личную информацию о бронировании, но не все другие пользователи одновременно.
Как я могу отделить определенного пользователя, чтобы видеть только его информацию?
Это мой index.blade.php
@inject('request', 'Illuminate\Http\Request')
@extends('layouts.app')
@section('content')
<h3 class="page-title">@lang('quickadmin.bookings.title')</h3>
@can('booking_create')
<p>
<a href="{{ route('admin.bookings.create') }}" class="btn btn-success">@lang('quickadmin.qa_add_new')</a>
</p>
@endcan
@can('booking_delete')
<p>
<ul class="list-inline">
<li><a href="{{ route('admin.bookings.index') }}" style="{{ request('show_deleted') == 1 ? '' : 'font-weight: 700' }}">@lang('quickadmin.qa_all')</a></li> |
<li><a href="{{ route('admin.bookings.index') }}?show_deleted=1" style="{{ request('show_deleted') == 1 ? 'font-weight: 700' : '' }}">@lang('quickadmin.qa_trash')</a></li>
</ul>
</p>
@endcan
<div class="panel panel-default">
<div class="panel-heading">
@lang('quickadmin.qa_list')
</div>
<div class="panel-body table-responsive">
<table class="table table-bordered table-striped {{ count($bookings) > 0 ? 'datatable' : '' }} @can('booking_delete') @if ( request('show_deleted') != 1 ) dt-select @endif @endcan">
<thead>
<tr>
@can('booking_delete')
@if ( request('show_deleted') != 1 )<th style="text-align:center;"><input type="checkbox" id="select-all" /></th>@endif
@endcan
<th>@lang('quickadmin.bookings.fields.first_name')</th>
<th>@lang('quickadmin.bookings.fields.last_name')</th>
<th>@lang('quickadmin.bookings.fields.address')</th>
<th>@lang('quickadmin.bookings.fields.phone')</th>
<th>@lang('quickadmin.bookings.fields.email')</th>
<th>@lang('quickadmin.bookings.fields.room')</th>
<th>@lang('quickadmin.bookings.fields.time-from')</th>
<th>@lang('quickadmin.bookings.fields.time-to')</th>
<th>@lang('quickadmin.bookings.fields.additional-information')</th>
@if( request('show_deleted') == 1 )
<th> </th>
@else
<th> </th>
@endif
</tr>
</thead>
<tbody>
@if (count($bookings) > 0)
@foreach ($bookings as $booking)
<tr data-entry-id="{{ $booking->id }}">
@can('booking_delete')
@if ( request('show_deleted') != 1 )<td></td>@endif
@endcan
<td field-key='first_name'>{{ $booking->first_name }}</td>
<td field-key='last_name'>{{ $booking->last_name}}</td>
<td field-key='address'>{{ $booking->address}}</td>
<td field-key='phone'>{{ $booking->phone}}</td>
<td field-key='email'>{{ $booking->email}}</td>
<td field-key='room'>{{ $booking->room->room_number or '' }}</td>
<td field-key='time_from'>{{ $booking->time_from }}</td>
<td field-key='time_to'>{{ $booking->time_to }}</td>
<td field-key='additional_information'>{!! $booking->additional_information !!}</td>
@if( request('show_deleted') == 1 )
<td>
@can('booking_delete')
{!! Form::open(array(
'style' => 'display: inline-block;',
'method' => 'POST',
'onsubmit' => "return confirm('".trans("quickadmin.qa_are_you_sure")."');",
'route' => ['admin.bookings.restore', $booking->id])) !!}
{!! Form::submit(trans('quickadmin.qa_restore'), array('class' => 'btn btn-xs btn-success')) !!}
{!! Form::close() !!}
@endcan
@can('booking_delete')
{!! Form::open(array(
'style' => 'display: inline-block;',
'method' => 'DELETE',
'onsubmit' => "return confirm('".trans("quickadmin.qa_are_you_sure")."');",
'route' => ['admin.bookings.perma_del', $booking->id])) !!}
{!! Form::submit(trans('quickadmin.qa_permadel'), array('class' => 'btn btn-xs btn-danger')) !!}
{!! Form::close() !!}
@endcan
</td>
@else
<td>
@can('booking_view')
<a href="{{ route('admin.bookings.show',[$booking->id]) }}" class="btn btn-xs btn-primary">@lang('quickadmin.qa_view')</a>
@endcan
@can('booking_edit')
<a href="{{ route('admin.bookings.edit',[$booking->id]) }}" class="btn btn-xs btn-info">@lang('quickadmin.qa_edit')</a>
@endcan
@can('booking_delete')
{!! Form::open(array(
'style' => 'display: inline-block;',
'method' => 'DELETE',
'onsubmit' => "return confirm('".trans("quickadmin.qa_are_you_sure")."');",
'route' => ['admin.bookings.destroy', $booking->id])) !!}
{!! Form::submit(trans('quickadmin.qa_delete'), array('class' => 'btn btn-xs btn-danger')) !!}
{!! Form::close() !!}
@endcan
</td>
@endif
</tr>
@endforeach
@else
<tr>
<td colspan="10">@lang('quickadmin.qa_no_entries_in_table')</td>
</tr>
@endif
</tbody>
</table>
</div>
</div>
@stop
@section('javascript')
<script>
@can('booking_delete')
@if ( request('show_deleted') != 1 ) window.route_mass_crud_entries_destroy = '{{ route('admin.bookings.mass_destroy') }}'; @endif
@endcan
</script>
@endsection
Booking.php
<?php
namespace App;
use Illuminate\Database\Eloquent\Model;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\SoftDeletes;
/**
* Class Booking
*
* @package App
* @property string $room
* @property string $time_from
* @property string $time_to
* @property text $additional_information
*/
class Booking extends Model
{
use SoftDeletes;
protected $fillable = ['time_from', 'time_to', 'additional_information', 'room_id','first_name', 'last_name', 'address', 'phone', 'email'];
/**
* Set to null if empty
* @param $input
*/
/**
* Set to null if empty
* @param $input
*/
public function setRoomIdAttribute($input)
{
$this->attributes['room_id'] = $input ? $input : null;
}
/**
* Set attribute to date format
* @param $input
*/
public function setTimeFromAttribute($input)
{
if ($input != null && $input != '') {
$this->attributes['time_from'] = Carbon::createFromFormat(config('app.date_format') . ' H:i', $input)->format('Y-m-d H:i');
} else {
$this->attributes['time_from'] = null;
}
}
/**
* Get attribute from date format
* @param $input
*
* @return string
*/
public function getTimeFromAttribute($input)
{
$zeroDate = str_replace(['Y', 'm', 'd'], ['0000', '00', '00'], config('app.date_format') . ' H:i:s');
if ($input != $zeroDate && $input != null) {
return Carbon::createFromFormat('Y-m-d H:i:s', $input)->format(config('app.date_format') . ' H:i:s');
} else {
return '';
}
}
/**
* Set attribute to date format
* @param $input
*/
public function setTimeToAttribute($input)
{
if ($input != null && $input != '') {
$this->attributes['time_to'] = Carbon::createFromFormat(config('app.date_format') . ' H:i', $input)->format('Y-m-d H:i');
} else {
$this->attributes['time_to'] = null;
}
}
/**
* Get attribute from date format
* @param $input
*
* @return string
*/
public function getTimeToAttribute($input)
{
$zeroDate = str_replace(['Y', 'm', 'd'], ['0000', '00', '00'], config('app.date_format') . ' H:i');
if ($input != $zeroDate && $input != null) {
return Carbon::createFromFormat('Y-m-d H:i:s', $input)->format(config('app.date_format') . ' H:i:s');
} else {
return '';
}
}
public function room()
{
return $this->belongsTo(Room::class, 'room_id')->withTrashed();
}
public function getFullNameAttribute()
{
return $this->first_name . ' ' . $this->last_name;
}
}
BookingsController.php
<?php
namespace App\Http\Controllers\Admin;
use App\Booking;
use App\Room;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use App\Http\Controllers\Controller;
use App\Http\Requests\Admin\StoreBookingsRequest;
use App\Http\Requests\Admin\UpdateBookingsRequest;
class BookingsController extends Controller
{
/**
* Display a listing of Booking.
*
* @return \Illuminate\Http\Response
*/
public function index()
{
if (!Gate::allows('booking_access')) {
return abort(401);
}
if (request('show_deleted') == 1) {
if (!Gate::allows('booking_delete')) {
return abort(401);
}
$bookings = Booking::onlyTrashed()->get();
} else {
$bookings = Booking::all();
}
return view('admin.bookings.index', compact('bookings'));
}
/**
* Show the form for creating new Booking.
*
* @return \Illuminate\Http\Response
*/
public function create()
{
if (!Gate::allows('booking_create')) {
return abort(401);
}
$rooms = Room::get()->pluck('room_number', 'id')->prepend(trans('quickadmin.qa_please_select'), '');
return view('admin.bookings.create', compact('rooms'));
}
/**
* Store a newly created Booking in storage.
*
* @param \App\Http\Requests\StoreBookingsRequest $request
* @return \Illuminate\Http\Response
*/
public function store(StoreBookingsRequest $request)
{
if (!Gate::allows('booking_create')) {
return abort(401);
}
$booking = Booking::create($request->all());
return redirect()->route('home');
}
/**
* Show the form for editing Booking.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function edit($id)
{
if (!Gate::allows('booking_edit')) {
return abort(401);
}
$rooms = Room::get()->pluck('room_number', 'id')->prepend(trans('quickadmin.qa_please_select'), '');
$booking = Booking::findOrFail($id);
return view('admin.bookings.edit', compact('booking', 'rooms'));
}
/**
* Update Booking in storage.
*
* @param \App\Http\Requests\UpdateBookingsRequest $request
* @param int $id
* @return \Illuminate\Http\Response
*/
public function update(UpdateBookingsRequest $request, $id)
{
if (!Gate::allows('booking_edit')) {
return abort(401);
}
$booking = Booking::findOrFail($id);
$booking->update($request->all());
return redirect()->route('admin.bookings.index');
}
/**
* Display Booking.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function show($id)
{
if (!Gate::allows('booking_view')) {
return abort(401);
}
$booking = Booking::findOrFail($id);
return view('admin.bookings.show', compact('booking'));
}
/**
* Remove Booking from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function destroy($id)
{
if (!Gate::allows('booking_delete')) {
return abort(401);
}
$booking = Booking::findOrFail($id);
$booking->delete();
return redirect()->route('admin.bookings.index');
}
/**
* Delete all selected Booking at once.
*
* @param Request $request
*/
public function massDestroy(Request $request)
{
if (!Gate::allows('booking_delete')) {
return abort(401);
}
if ($request->input('ids')) {
$entries = Booking::whereIn('id', $request->input('ids'))->get();
foreach ($entries as $entry) {
$entry->delete();
}
}
}
/**
* Restore Booking from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function restore($id)
{
if (!Gate::allows('booking_delete')) {
return abort(401);
}
$booking = Booking::onlyTrashed()->findOrFail($id);
$booking->restore();
return redirect()->route('admin.bookings.index');
}
/**
* Permanently delete Booking from storage.
*
* @param int $id
* @return \Illuminate\Http\Response
*/
public function perma_del($id)
{
if (!Gate::allows('booking_delete')) {
return abort(401);
}
$booking = Booking::onlyTrashed()->findOrFail($id);
$booking->forceDelete();
return redirect()->route('admin.bookings.index');
}
}
AuthServiceProvider
Gate::define('booking_access', function ($user) {
return in_array($user->role_id, [1,4]);
});
Gate::define('booking_create', function ($user) {
return in_array($user->role_id, [1,2,4]);
});
Gate::define('booking_edit', function ($user) {
return in_array($user->role_id, [1]);
});
Gate::define('booking_view', function ($user) {
return in_array($user->role_id, [1,2,4]);
});
Gate::define('booking_delete', function ($user) {
return in_array($user->role_id, [1]);
});
