Laravel 5.3:本地主机重定向您太多次
[英]Laravel 5.3: localhost redirected you too many times
问题描述
I have 2 user roles which is superadmin and admin 
我有2个用户角色,分别是superadmin和admin
I don't want admin to access of Settings Page. 我不希望admin访问“设置页面”。
I am not sure if this is the proper way. 我不确定这是否是正确的方法。
So, here's my SettingsController.php 所以,这是我的SettingsController.php
class SettingsController extends Controller {
public function index() {
if(Auth::user()->roles == 0) {
return redirect(url()->previous());
} else {
return view('settings.index');
}
}
}
As you can see if the roles is 0. I redirect the user to the last page they're in. I also tried to use return back() ; 如您所见, roles是否为0。我将用户重定向到他们所在的最后一页。我还尝试使用return back() ;
web.php (routes) web.php(路由)
<?php
Route::get('/', ['uses' => 'UsersController@index']);
Route::post('login', ['uses' => 'UsersController@login']);
Route::group(['middleware' => ['auth']], function() {
Route::get('logout', ['uses' => 'UsersController@destroy']);
Route::get('upline', ['uses' => 'UplinesController@index']);
Route::get('upline/create', ['uses' => 'UplinesController@create']);
Route::post('upline', ['uses' => 'UplinesController@store']);
Route::delete('upline/destroy/{id}', ['uses' => 'UplinesController@destroy']);
Route::put('upline/update/{id}', ['uses' => 'UplinesController@update']);
Route::get('upline/getdownlines/{id}', ['uses' => 'UplinesController@getDownlines']);
Route::get('downline', ['uses' => 'DownlinesController@index']);
Route::post('downline', ['uses' => 'DownlinesController@store']);
Route::delete('upline/destroy/{id}', ['uses' => 'DownlinesController@destroy']);
Route::put('downline/update/{id}', ['uses' => 'DownlinesController@update']);
Route::get('bonus', ['uses' => 'BonusController@index']);
Route::post('bonus/csv', ['uses' => 'BonusController@fileUpload']);
Route::get('settings', ['uses' => 'SettingsController@index']);
});
I have a 2nd question. 我有第二个问题。 Can I limit admin using middleware? 我可以使用中间件限制管理员吗? If yes, how? 如果是,怎么办?
Any help would be appreciated. 任何帮助,将不胜感激。
2 个解决方案
解决方案1
1 2016-11-28 08:45:35
Maybe the second option, " Limiting admin with middleware ". 也许是第二个选项,“ 使用中间件限制管理员 ”。 So you can try something like; 因此,您可以尝试类似的方法;
Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function () {
Route::get('/', 'DownlinesController@update');
});
Then 然后
Route::group(['prefix' => 'super', 'middleware' => 'auth'], function () {
Route::get('/', 'UplinesController@index');
});
解决方案2
1 2016-11-28 11:22:59
As @michael s answer suggests use middleware, his answer fails to demonstrate on how to do it (mine too, I just added more text). 正如@michael的答案建议使用中间件一样,他的答案也无法说明如何实现(我也是,我只是添加了更多文字)。
Note : Laravel is big because of its documentation, USE IT !
You have 2 (or more options): 您有2个(或更多选择):
- parameterized middleware 参数化中间件
- 2 distinctive middlewares (one for admin, another for superadmin) 2种独特的中间件(一个用于管理员,另一个用于超级管理员)
Note : use artisan to generate middleware from stubs,
$ php artisan make:middleware MyNewShinyMiddleware$ php artisan make:middleware MyNewShinyMiddleware
parametrized middleware (my pick) 参数化中间件(我的选择)
Head to documentation and check out this . 头文件,并检查了这个 。
Example shows exactly your problem. 示例完全显示了您的问题。
public function handle($request, Closure $next, $role)
{
if (! $request->user()->hasRole($role)) { //implement hasRole in User Model
// Redirect...
// (use named routes to redirect or do 401 (unauthorized) because thats what is going on!
// abort(401) // create view in /views/errors/401.blade.php
// return redirect()->route('home');
}
//success user has role $role, do nothing here just go to another "onion" layer
return $next($request);
}
2 distinctive middlewares 2种独特的中间件
simply create two middlewares and hardcode your checking routine of roles (same as you do in your controller sample) except use $request->user() ... 只需创建两个中间件,然后对角色的检查例程进行硬编码(与您在控制器示例中所做的相同),只是使用$request->user() 。
(routes) web.php (路由)web.php
Route::group(['middleware' => 'role:admin'], function () {...} //parametrized
Route::group(['middleware' => 'checkRoleAdmin'], function () {...}
Route::group(['middleware' => 'checkRoleSuper'], function () {...}
Note :
role,checkRoleAdminandcheckRoleSuperare "named" middlewares and you need to register them in kernel.phprole,checkRoleAdmin和checkRoleSuper是“命名”中间件,您需要在kernel.php中注册它们
Another way is yo use gates or policies which make the best sense, since you are trying to limit user. 另一种方法是您使用最合适的闸门或策略,因为您正试图限制用户。 Read more here . 在这里阅读更多。
I use middleware based ACL for really simple projects (like one admin and no real users). 我将基于中间件的ACL用于非常简单的项目(例如一名管理员,没有实际用户)。
I use gates based ACL for medium projects (1-2 roles). 我将基于Gates的ACL用于中等项目(1-2个角色)。
I use policies based ACL for "huge" projects (many roles, many users). 我将基于策略的ACL用于“庞大”项目(许多角色,许多用户)。
Also consider looking at https://github.com/Zizaco/entrust 还可以考虑查看https://github.com/Zizaco/entrust
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.