Laravel 5-角色权限

Question

I try to make my own permission system. but got a problem with the code when if the user doesn't have a specific role they can't access the page.

Here is my code:

public function compose($view)
{
    $roleid = Session::get('role_id');
    $userid = Session::get('user_id');
    $additional_role = Session::get('additional_role');

    $roles = explode(';', $additional_role);

    $segment = Request::segment('1');

    $joins = [];
    foreach ($roles as $role) 
    {
        $query = DB::table('roles')->where('id', $role)->first();
        $joins[] = $query->link;

    }


    foreach($joins as $join) {
        var_dump($join); var_dump($segment);

        if ($join == $segment) 
        {
              return redirect($segment);
        } 
        else
        {
            return redirect('/');
        }   
    }         



}

i make the code within a composer so i can keep booting it up. But i can't make it work, even the user doesn't have the role they not redirected to '/'.

Is there any way to make it work? So they won't get into the page and they will get into the page if they have the role.

Answer 1

where do you have this logic?

i think in l5 best place to permissions and auth logic is "Http/Middleware", there you can add your file with handle method and logic within, and then you must edit kernel.php

protected $routeMiddleware = [
        'auth'          => 'App\Http\Middleware\Authenticate',
        'auth.basic'    => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
        'guest'         => 'App\Http\Middleware\RedirectIfAuthenticated',
        'test'          => 'App\Http\Middleware\yourFile',
    ];

you can view great solution for laravel acl here : https://gist.github.com/amochohan/8cb599ee5dc0af5f4246

and then you can easy make your role permissions