Laravel 用户角色访问内容查看

Question

Have more than 150 views which has table content with the columns edit,view and add. I want to restrict view according to user role. For ex. if the admin login, he can able to see all the options, if other he can only add not delete and edit. How can we achieve this? One way is calling different views for diff roles but this is not redudant and even there is more than 150 views.

Answer 1

Conditional rendering in Blade

You can check the user permission in your views and then decide what the user should be able to see and what not.

@if(Auth::user()->admin) 
    <input name="website_logo_url" type="text" />
@endif

Use middleware

You can deny the access to certain views by using a middleware.

• Create the middleware with artisan: php artisan make:middlware MiddlewareName
• Define your middleware behavior by following Laravel Documentation: https://laravel.com/docs/5.5/middleware

Answer 2

When u have a table with roles in your database you can do something like this in your web.php file

Route::group(['middleware' => 'App\Http\Middleware\AdminMiddleware'], function() {

....

});

Then you make a middleware called "AdminMiddleware" or something like that.

Every route you set inside that middleware group is restricted to what you put inside the middleware file. Take a look at this middleware file:

public function handle($request, Closure $next)
{
    $allowed_role_ids = [2];

    if (!in_array($request->user()->role_id, $allowed_role_ids))
    {
        return redirect('/')->with('flash', 'U heeft hier geen toegang voor');
    } elseif(Auth::guest()) {

        return redirect('/')->with('flash', 'U bent een gast, U heeft hier geen toegang voor');
    }

    return $next($request);
}

If the user's request role ID is not the allowed role_ID it is not allowed to access that route. If it is, it will redirect to the desired route. I hope this fixes your issue.