[英]Laravel authenticate users when their school is active
We are making a laravel project that is for schools.我们正在为学校制作一个 laravel 项目。 We got a database for schools and inside it are the the users like teachers,staffs ect.
我们有一个学校数据库,里面有教师、员工等用户。 My problem is how do I prevent the specific user from a specific school from logging in where their school status is marked =
0
or as inactive in our database?我的问题是如何防止来自特定学校的特定用户登录他们的学校状态标记为 =
0
或在我们的数据库中为非活动状态?
Schools table +--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+
学校表
+--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+
+--------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | UNI | NULL | | | description | text | NO | | NULL | | | logo | varchar(191) | YES | | NULL | | | status | int(11) | NO | | 1 | | | updated_by | varchar(191) | YES | | NULL | | | created_at | timestamp | YES | | NULL | | | updated_at | timestamp | YES | | NULL | | +--------------+------------------+------+-----+---------+----------------+
Users table +-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+
用户表
+-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+
+-------------------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------------------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | varchar(191) | NO | | NULL | | | email | varchar(191) | NO | UNI | NULL | | | password | varchar(191) | NO | | NULL | | | role | int(11) | NO | | 0 | | | school_id | int(11) | NO | | NULL | | | gender | int(11) | NO | | 1 | | | birthdate | date | YES | | NULL | | | address | varchar(191) | NO | | | | | phone | varchar(191) | YES | | NULL | | | remember_token | varchar(100) | YES | | NULL | | +-------------------+------------------+------+-----+---------+----------------+
LoginController.php登录控制器.php
class LoginController extends Controller
{
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
// protected $redirectTo = '/admin';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
// $this->middleware('guest')->except('logout');
}
}```
User model用户 model
public function schools()
{
return $this->belongsTo('App\School', 'school_id');
}
School model学校model
public function users(){
return $this->hasMany(User::class);
}
My LoginController only uses the AuthenticateUsers
function and I dont know a way how to override it or make a new function for me.我的 LoginController 仅使用
AuthenticateUsers
function,我不知道如何覆盖它或为我制作新的 function。 Thanks in advance.提前致谢。
I suggest creating a middleware to the login route, that will look after the user's status value for his school.我建议为登录路由创建一个中间件,该中间件将为他的学校处理用户的状态值。 If it's not valid, you should handle it for example, that you throw an exception back to user, that the school is inactive.
如果它无效,您应该处理它,例如,您向用户抛出异常,学校处于非活动状态。
More about it here: https://laravel.com/docs/master/middleware更多关于它的信息: https://laravel.com/docs/master/middleware
Updated:更新:
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Contracts\Auth\Guard;
class Authenticate
{
/**
* The Guard implementation.
*
* @var Guard
*/
protected $auth;
/**
* Create a new filter instance.
*
* @param \Illuminate\Contracts\Auth\Guard $auth
*/
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($this->auth->schools()->status == 0) {
return response('School is inactive!', 401);
}
return $next($request);
}
}
And add the newly created middleware to the App\Http Kernel.php class.并将新创建的中间件添加到App\Http Kernel.php class。
Add the following line to the variable $routeMiddleWare :将以下行添加到变量$routeMiddleWare :
'auth' => \TIM\Http\Middleware\Authenticate::class,
Now the last thing to do is to add the 'auth' key to the Route group .现在要做的最后一件事是将'auth'键添加到Route group 。
Route::group([
'middleware' => ['auth'],
], function () {
// your routes
}
You could override the attemptLogin
function to also check for this field.您可以覆盖
attemptLogin
以检查此字段。
protected function attemptLogin(Request $request)
{
//
// Query the school status here and return false if status === 0.
//
return $this->guard()->attempt(
$this->credentials($request), $request->filled('remember')
);
}
In LoginController
you can override the authenticated
method, this function fires when the user has successfully signed in.在
LoginController
中,您可以覆盖已authenticated
的方法,当用户成功登录时,此 function 会触发。
public function authenticated(Request $request, $user)
{
if ($user->schools()->status === 0) {
Auth::logout($user);
abort(403, 'Your school is not active.');
}
}
authenticated
method as opposed to other methods is that at this point you know the user has signed in correctly so it is the correct place to handle it as opposed to the attemptLogin
.authenticated
方法而不是其他方法的原因是,此时您知道用户已正确登录,因此与attemptLogin
相反,它是处理它的正确位置。use join query.使用连接查询。 just add school_id in users table.
只需在 users 表中添加 school_id 。 for example
例如
self::where('users.school_id', $id)->where('schools.status',0)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.