Hi everyone,
I set a nested resource like this in my routes.php file :
Route::resource('channels','ChannelsController');
Route::resource('channels.posts','PostsController');
and so when i want to show all posts on a given channel I would get the channel id form the URI : GET /channels/{channelId}/posts with the method :
// PostsController.php
/**
* Display a listing of the resource.
* GET channels/{channelId}/posts/
* @return Response
*/
public function index($channelId)
{
...
}
but when i want to POST, the channel id will not get passed to the store method
// PostsController.php
/**
* Store a newly created post whithin a channel
* POST channels/{channelId}/posts/
* @return Response
*/
public function store($channelId)
{
... // $channelId is not set
}
I know there's a solution, passing the data with a hidden field in the form, but it is not secure since anyone can edit it and post the wrong id.
Please let me know, if you have any solution.
Use a hidden from input then check to make sure if the given id is valid.
$channel = Channel::find(Input::get('channel_id');
if (!$channel)
throw new NotFoundHttpException ('channel not found);
if you want to restrict what users can edit the a specific channel the use filters.
Route::post('/channels',['before'=>'has_access', 'uses'=>'ChannelController@update']
Then of course you would have to define the has_access filter however you want. Check out http://laravel.com/docs/4.2/routing do figure out how to do filters.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast