简体繁体 English

Laravel 5.4-如何防止一个人的角色能够访问另一个角色的属性？

[英]laravel 5.4 - how to prevent one's role from being able to access the property of another role?

原文 2018-02-05 23:14:42 2 1 php/ laravel/ laravel-5.4

I have an inventory app that has three different roles, namely operator, admin, and super admin. 我有一个清单应用程序，它具有三个不同的角色，即操作员，管理员和超级管理员。

the problem is when I enter with one of the roles, I can access the menu belongs to another role by writing the link from the menu in the browser's link bar. 问题是当我使用其中一个角色输入时，可以通过从浏览器的链接栏中写入菜单中的链接来访问属于另一个角色的菜单。

example 例

in the admin page there is a backup and restore menu, link: /admin/backupAndRestore 在管理页面中，有一个备份和还原菜单， link: /admin/backupAndRestore

then I log in as an operator 然后我以操作员身份登录

in the operator page there is only the item borrowing and return item menu, but if I write a link of the admin backup and restore menu in the browser's link bar like localhost: 8000/admin/backupAndRestore I can access the page. 在操作员页面中，只有项目借用和退货项目菜单，但是如果我在浏览器的链接栏中写了admin备份和还原菜单的链接，例如localhost: 8000/admin/backupAndRestore ，则可以访问该页面。

I want to make it like a user who has logged in can not access the register or login page and redirected to the home page, what should I do? 我想让已登录的用户无法访问注册或登录页面并重定向到主页，该怎么办？

1 个解决方案

The functionality you are looking for is known as authorization in the Laravel framework. 您正在寻找的功能在Laravel框架中称为授权。 Since you can technically implement user roles in many different ways, it is not realistic to post a code example for you here. 由于您可以从技术上以多种不同的方式实现用户角色，因此在此处为您发布代码示例是不现实的。 Instead, I recommend you read the entire documentation page on authorization and then devise an implementation that works for your setup. 相反，我建议您阅读有关授权的整个文档页面，然后设计一个适用于您的设置的实现。 It is most likely that you will want to build your logic using Policies , which are classes that organize authorization logic around a particular model. 您很可能希望使用Policies构建逻辑，Policy是围绕特定模型组织授权逻辑的类。