如何使用中间件根据用户角色重定向?
[英]How to redirect according to user role using middleware?
问题描述
I am doing project in laravel.
我正在 Laravel 中做项目。 I want to redirect user according to his role.我想根据他的角色重定向用户。
My tables are,我的桌子是,
user table having fields (id,name,password).具有字段(id、名称、密码)的用户表。
role table having fields (id,role).具有字段 (id,role) 的角色表。
assigned_role table having fields (id,role_id,user_id). assigned_role表具有字段(id、role_id、user_id)。
I have User model as,我有用户模型,
User.php用户名
public function roles()
{
return $this->belongsToMany('App\Role', 'assigned_roles', 'user_id', 'role_id');
}
For that I have created one middleware named as 'RoleMiddleware'为此,我创建了一个名为“RoleMiddleware”的中间件
RoleMiddleware:角色中间件:
public function handle($request, Closure $next)
{
$roles = $request->user()->roles;
foreach ($roles as $role) {
if($role->name != 'super-admin')
return redirect('/user');
}
return $next($request);
}
I have this middleware in kernel.php file,我在 kernel.php 文件中有这个中间件,
Kernel.php looks like, Kernel.php看起来像,
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'can' => \Illuminate\Foundation\Http\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'role' => \App\Http\Middleware\RoleMiddleware::class,
];
but now I don't know how to use this middleware.但现在我不知道如何使用这个中间件。 When I add this middleware in Route.php file as,当我在Route.php文件中添加这个中间件时,
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::group(['middleware' => 'role'], function () {
Route::get('/home', 'HomeController@index');
Route::get('/user', 'UserController@index');
});
});
But when I did sign in process it redirects to the correct url.但是当我在登录过程中它重定向到正确的 url。 But now it can give access to the inside pages without checking whether user is logged in or not.但是现在它可以在不检查用户是否登录的情况下访问内页。 Whereas when I do comment to the RoleMiddleware part it prevents to access inside pages unless and user do logging.而当我对 RoleMiddleware 部分发表评论时,它会阻止访问内部页面,除非用户进行日志记录。
I don't know how to do this.我不知道该怎么做。
1 个解决方案
解决方案1
1 已采纳 2016-05-12 14:52:42
If I understood you correctly:如果我理解正确的话:
- You want to restrict users that doesn't have the super-admin role (weither they are authenticated or not) to prevent them from accessing a certain URL.您想限制没有超级管理员角色的用户(无论他们是否经过身份验证),以防止他们访问某个 URL。
- You are also trying to redirect any authenticated users which does not have the super-admin role to the url
/user.您还尝试将没有超级管理员角色的任何经过身份验证的用户重定向到 url /user。
Correct?正确的?
Here's how to do this:以下是如何执行此操作:
In your routes.php file you need to provide routes for the super-admin user and authenticated users (without super-admin role)在您的 routes.php 文件中,您需要为超级管理员用户和经过身份验证的用户(没有超级管理员角色)提供路由
Route::group(['middleware' => 'web'], function () {
Route::auth();
Route::group(['middleware' => ['auth', 'role']], function () {
// All routes you put here can only be accessible to users with super-admin role
});
Route::group(['middleware' => 'auth'], function () {
// All routes you put here can be accessible to all authenticated users
});
});
And in your role middleware you need to prevent authenticated users without the superadmin role to access the given url, in this case by simply redirecting them to another url在您的角色中间件中,您需要阻止没有超级管理员角色的经过身份验证的用户访问给定的 url,在这种情况下,只需将他们重定向到另一个 url
public function handle($request, Closure $next)
{
$roles = $request->user()->roles;
foreach ($roles as $role) {
if($role->name == 'super-admin')
// If user is super-admin, accept the request
return $next($request);
}
// If user does not have the super-admin role redirect them to another page that isn't restricted
return redirect('/user');
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.