[英]Laravel 5 role based access control
I am trying to come up with an efficient and flexible RBAC solution for my app. 我正在尝试为我的应用程序提出一个高效灵活的RBAC解决方案。 I have done a little research and think I have created the following.
我做了一点研究,并认为我创造了以下内容。
In my User model I have: 在我的用户模型中,我有:
...
public function role() {
return $this->belongsToMany('App\Models\Role', 'user_roles');
}
public function hasRole($role) {
if($this->role->where('name', $role)->first())
return true;
}
...
And an example of usage: 以及用法示例:
Route::group(['middleware' => 'auth'], function () {
Route::get('/dashboard', function () {
if (Auth::user()->hasRole('Sales')) {
return view('dashboards/sales');
} else {
return 'Don\'t know where to send you :(';
}
});
});
Permissions are assigned to roles, but permissions are not checked in the example above. 权限分配给角色,但在上面的示例中未检查权限。 Roles are then assigned to users and a user can have many roles.
然后将角色分配给用户,并且用户可以具有许多角色。
Is the way I have done things scaleable and an effective RBAC solution? 我的工作方式是否可扩展且有效的RBAC解决方案?
I've made some RBAC
apps, and it depends on kind of challange are you facing, eg 我已经制作了一些
RBAC
应用程序,这取决于你所面临的挑战,例如
User have a role but you want a that a specific user have access to some area, like Posts
, now user can edit posts like a Moderator . 用户有一个角色但你想要一个特定的用户可以访问某些区域,比如
Posts
,现在用户可以像主持人一样编辑帖子。 The permissions approach in this case suits better than just a role approach. 在这种情况下,权限方法不仅仅适用于角色方法。
Define access by a slug, the other fields can be used as a reference to Super Admin , or ironically for a Editor Role , starting now, a Editor Role plus Permission to a new "area". 通过slug定义访问权限,其他字段可以用作Super Admin的引用,或者具有讽刺意味的是编辑角色 ,从现在开始,编辑角色加上对新“区域”的权限。
public function up()
{
Schema::create('permissions', function (Blueprint $table) {
$table->increments('id')->unsigned();
$table->string('name');
$table->string('slug')->unique();
$table->string('description')->nullable();
$table->string('model')->nullable();
});
}
As example of content data, 作为内容数据的示例,
$createUsersPermission = Permission::create([
'name' => 'Create permissions',
'slug' => 'create.permissions',
...
]);
And a example of usage: 以及用法示例:
if ($user->can('create.permissions') { // you can pass an id or slug
//
}
Personally preference , and never used Zizaco Entrust as suggested by the other folks, but it works in the same way. 个人偏好 ,从未使用其他人建议的Zizaco Entrust ,但它的工作方式相同。 Also you have levels approach too.
你也有级别的方法。
I did a little different, I made hasRole in UserRole , not is User(does not impact too much but as per code it should be). 我做了一点点不同,我在UserRole中创建了hasRole,而不是用户(不会影响太多,但根据代码应该是这样)。 So Here is my route :
所以这是我的路线:
Route::group(['middleware' => 'auth'], function () {
Route::get('/myProfile', function () {
if (App\UserRole::hasRole('ROLE_CUSTOMER',Auth::user())) {
return view('views/customer');
} else {
return 'Don\'t know where to send you :(';
}
}); });
Next Thing is, the method in my UserRole. Next Thing是我的UserRole中的方法。 I tried to keep it simple:
我试着保持简单:
public static function hasRole($authority,$user) {
$role = Role::where('authority',$authority)->first();
$userRole = UserRole::where('role_id',$role->id)
->where('user_id',$user->id)->first();
if($userRole){
return true;
}
}
We look for the authority(ROLE_USER, ROLE_CUSTOMER etc) and $user is User Object retrieved from DB . 我们寻找权限(ROLE_USER,ROLE_CUSTOMER等),$ user是从DB检索的用户对象。 Everything else runs as per your question/ Hope it helps!
其他一切按照您的问题运行/希望它有所帮助! Cheers!
干杯!
As there is not out of box solution available for Role based authentication in laravel. 由于laravel中没有可用于基于角色的身份验证的现成解决方案。 You can create a custom Role table that defines the all possible roles your application can have, and role_user table which contains association of user and roles.
您可以创建定义应用程序可以具有的所有可能角色的自定义角色表,以及包含用户和角色关联的role_user表。
You can create methods under your User model to check if user belong to a particular role. 您可以在用户模型下创建方法,以检查用户是否属于特定角色。 Make use of that method to register a new middleware.
利用该方法注册新的中间件。 Middleware can be attache to routes or controllers.
中间件可以附加到路由或控制器。
Detailed demo is given in this link https://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/ 详细演示在此链接https://www.5balloons.info/user-role-based-authentication-and-access-control-in-laravel/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.