[英]Laravel 5.3: localhost redirected you too many times
I have 2 user roles which is superadmin
and admin
我有2个用户角色,分别是
superadmin
和admin
I don't want admin
to access of Settings Page. 我不希望
admin
访问“设置页面”。
I am not sure if this is the proper way. 我不确定这是否是正确的方法。
So, here's my SettingsController.php 所以,这是我的SettingsController.php
class SettingsController extends Controller {
public function index() {
if(Auth::user()->roles == 0) {
return redirect(url()->previous());
} else {
return view('settings.index');
}
}
}
As you can see if the roles
is 0. I redirect the user to the last page they're in. I also tried to use return back()
; 如您所见,
roles
是否为0。我将用户重定向到他们所在的最后一页。我还尝试使用return back()
;
web.php (routes) web.php(路由)
<?php
Route::get('/', ['uses' => 'UsersController@index']);
Route::post('login', ['uses' => 'UsersController@login']);
Route::group(['middleware' => ['auth']], function() {
Route::get('logout', ['uses' => 'UsersController@destroy']);
Route::get('upline', ['uses' => 'UplinesController@index']);
Route::get('upline/create', ['uses' => 'UplinesController@create']);
Route::post('upline', ['uses' => 'UplinesController@store']);
Route::delete('upline/destroy/{id}', ['uses' => 'UplinesController@destroy']);
Route::put('upline/update/{id}', ['uses' => 'UplinesController@update']);
Route::get('upline/getdownlines/{id}', ['uses' => 'UplinesController@getDownlines']);
Route::get('downline', ['uses' => 'DownlinesController@index']);
Route::post('downline', ['uses' => 'DownlinesController@store']);
Route::delete('upline/destroy/{id}', ['uses' => 'DownlinesController@destroy']);
Route::put('downline/update/{id}', ['uses' => 'DownlinesController@update']);
Route::get('bonus', ['uses' => 'BonusController@index']);
Route::post('bonus/csv', ['uses' => 'BonusController@fileUpload']);
Route::get('settings', ['uses' => 'SettingsController@index']);
});
I have a 2nd question. 我有第二个问题。 Can I limit admin using middleware?
我可以使用中间件限制管理员吗? If yes, how?
如果是,怎么办?
Any help would be appreciated. 任何帮助,将不胜感激。
Maybe the second option, " Limiting admin with middleware ". 也许是第二个选项,“ 使用中间件限制管理员 ”。 So you can try something like;
因此,您可以尝试类似的方法;
Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function () {
Route::get('/', 'DownlinesController@update');
});
Then 然后
Route::group(['prefix' => 'super', 'middleware' => 'auth'], function () {
Route::get('/', 'UplinesController@index');
});
As @michael s answer suggests use middleware, his answer fails to demonstrate on how to do it (mine too, I just added more text). 正如@michael的答案建议使用中间件一样,他的答案也无法说明如何实现(我也是,我只是添加了更多文字)。
Note : Laravel is big because of its documentation, USE IT !
注意 :Laravel很大,因为它提供了文档,请使用它 !
You have 2 (or more options): 您有2个(或更多选择):
Note : use artisan to generate middleware from stubs,
$ php artisan make:middleware MyNewShinyMiddleware
注意 :使用artisan从存根生成中间件,
$ php artisan make:middleware MyNewShinyMiddleware
Head to documentation and check out this . 头文件,并检查了这个 。
Example shows exactly your problem. 示例完全显示了您的问题。
public function handle($request, Closure $next, $role)
{
if (! $request->user()->hasRole($role)) { //implement hasRole in User Model
// Redirect...
// (use named routes to redirect or do 401 (unauthorized) because thats what is going on!
// abort(401) // create view in /views/errors/401.blade.php
// return redirect()->route('home');
}
//success user has role $role, do nothing here just go to another "onion" layer
return $next($request);
}
simply create two middlewares and hardcode your checking routine of roles (same as you do in your controller sample) except use $request->user()
... 只需创建两个中间件,然后对角色的检查例程进行硬编码(与您在控制器示例中所做的相同),只是使用
$request->user()
。
(routes) web.php (路由)web.php
Route::group(['middleware' => 'role:admin'], function () {...} //parametrized
Route::group(['middleware' => 'checkRoleAdmin'], function () {...}
Route::group(['middleware' => 'checkRoleSuper'], function () {...}
Note :
role
,checkRoleAdmin
andcheckRoleSuper
are "named" middlewares and you need to register them in kernel.php注意 :
role
,checkRoleAdmin
和checkRoleSuper
是“命名”中间件,您需要在kernel.php中注册它们
Another way is yo use gates or policies which make the best sense, since you are trying to limit user. 另一种方法是您使用最合适的闸门或策略,因为您正试图限制用户。 Read more here .
在这里阅读更多。
I use middleware based ACL for really simple projects (like one admin and no real users). 我将基于中间件的ACL用于非常简单的项目(例如一名管理员,没有实际用户)。
I use gates based ACL for medium projects (1-2 roles). 我将基于Gates的ACL用于中等项目(1-2个角色)。
I use policies based ACL for "huge" projects (many roles, many users). 我将基于策略的ACL用于“庞大”项目(许多角色,许多用户)。
Also consider looking at https://github.com/Zizaco/entrust 还可以考虑查看https://github.com/Zizaco/entrust
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.