如何通过Laravel 5.2中的登录角色保护路由?
[英]How to protect the route by the login role in Laravel 5.2?
问题描述
I am using laravel 5.2. 
我正在使用laravel 5.2。 I have a problem when the user login, they can open the admin page if they know the URL. 我在用户登录时遇到问题,如果他们知道URL,则他们可以打开管理页面。 This below is my navbar menu : 这是我的导航栏菜单:
@if(Session::get('Mem_Username') == 'Guest')
<li>
<a href="{{ url ('Client') }}"><i class="fa fa-building fa-fw"></i> Client List</a>
</li>
@endif
@if(Session::get('Mem_Role') == '1')
<li>
<a href="{{ url ('Lead') }}"><i class="fa fa-th-list fa-fw"></i> Leads</a>
</li>
<li>
<a href="{{ url ('Client') }}"><i class="fa fa-building fa-fw"></i> Client List</a>
</li>
@elseif(Session::get('Mem_Role') == '2')
<li>
<a href="{{ url ('Lead') }}"><i class="fa fa-th-list fa-fw"></i> Leads</a>
</li>
@endif
And I already put this in each of the controller 我已经把它放在每个控制器中
public function __construct()
{
$this->middleware('auth');
}
By the way, I am changing the Authenticate.php file using Session into like this below: 顺便说一句,我正在使用Session将Authenticate.php文件更改为如下所示:
public function handle($request, Closure $next, $guard = null)
{
if(Session::has('Mem_Username')){
}
else{
return redirect()->guest('');
}
return $next($request);
}
1 个解决方案
解决方案1
1 2018-03-07 07:04:19
php artisan make :middleware AdminMiddleware
It will create a new middleware under: App/Http/Middleware open the middleware, place the code: 它将在下面创建一个新的中间件: App/Http/Middleware打开中间件,放置代码:
public function handle($request, Closure $next)
{
if(!auth->user()->isAdmin()){
abort(404);
}
return next($request);
}
and under user model make sure you have a isAdmin() method that checks wether the current user is admin. 在用户模型下,请确保您具有一个isAdmin()方法来检查当前用户是否为admin。
Registering a Middleware 注册中间件
Now that we've created a middleware, we need to let the application know the middleware exists. 现在,我们已经创建了中间件,我们需要让应用程序知道中间件的存在。 If you want a middleware to run on every request, go to app/Http/kernel.php and add the middleware ' isAdmin ' to Kernel class $middleware property . 如果要在每个请求上运行中间件,请转到app / Http / kernel.php并将中间件' isAdmin '添加到Kernel类$middleware property 。
protected $middleware = [
...
\App\Http\Middleware\AdminMiddleware::class
];
If you want the middleware to trigger on some routes, we can name the middleware and use that as a reference mechanism to add it to some routes. 如果您希望中间件在某些路由上触发,我们可以命名中间件并将其用作将其添加到某些路由的参考机制。 To name the middleware, while still in the app/Http/kernel.php , add the keyed property to the $routeMiddleware array. 要命名中间件,尽管仍在app/Http/kernel.php ,但将键属性添加到$routeMiddleware数组中。 The array key is the name of the middleware, while the value should be the isAdmin of the middleware. 数组键是中间件的名称,而值应该是中间件的isAdmin 。
protected $routeMiddleware = [
...
'isAdmin' => \App\Http\Middleware\AdminMiddleware::class,
...
];
Then you can protect your routes with this middleware. 然后,您可以使用此中间件保护您的路由。
Route:get('someurl', 'Controller')->middleware('isAdmin');
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.