blessing-skin-server/app/Http/Middleware/CheckPlayerOwner.php

21 lines
479 B
PHP
Raw Normal View History

<?php
namespace App\Http\Middleware;
use App\Models\Player;
2019-12-14 11:10:37 +08:00
use Closure;
2019-04-24 13:10:03 +08:00
use Illuminate\Support\Arr;
class CheckPlayerOwner
{
public function handle($request, Closure $next)
{
2019-04-24 13:10:03 +08:00
$pid = Arr::get($request->route()->parameters, 'pid') ?? $request->input('pid');
if ($pid && ($player = Player::find($pid)) && $player->uid != auth()->id()) {
return json(trans('admin.players.no-permission'), 1);
}
return $next($request);
}
}