[英]How to apply middleware for Permission in Route Dynamically in Laravel (Spatie Permission)?
In my Laravel application, I have 5 pages.在我的 Laravel 应用程序中,我有 5 页。 This is just an example.这只是一个例子。
For display those page i have create one controller called PageController.为了显示这些页面,我创建了一个名为 PageController 的 controller。
PageController页面控制器
public function index($page)
{
return view('page', compact('page));
}
web.php web.php
Route::get('/{page}', [PageController::class, 'index'])->where('page' => ['about|service|termscondition|privacypolicy|contact']);
For manage permission, I am using Spatie Permission package.对于管理权限,我使用 Spatie Permission package。
I have some permission.我有一些许可。 eg例如
User only can view those pages after login if they have permission (This concept is for demo purpose only).用户只有在有权限的情况下才能在登录后查看这些页面(此概念仅用于演示目的)。
If I have individual route for every page then I can apply middleware('can:about.view')
like this way.如果我对每个页面都有单独的路由,那么我可以像这样应用middleware('can:about.view')
。
But in this case, where i am using one route for every pages dynamically, so how can I apply middleware for permission?但是在这种情况下,我动态地为每个页面使用一个路由,那么如何应用中间件获得许可呢?
Make entity Page (if you don't have a model) like this:像这样制作实体页面(如果您没有模型):
class Page implements UrlRoutable
{
private string $page;
public function __construct(string $page)
{
$this->page = $page;
}
public function getPage(): string
{
return $this->page;
}
public function getRouteKey()
{
return $this->getPage();
}
public function getRouteKeyName()
{
return 'page';
}
public function resolveRouteBinding($value)
{
return new self($value);
}
}
Hint: Implementing UrlRoutable
contract allow us to use this class in routing like model.提示:实现UrlRoutable
合约允许我们在路由中使用这个 class,如 model。
Make a PagePolicy
for Page like other policies像其他政策一样为 Page 制定PagePolicy
class PagePolicy
{
use HandlesAuthorization;
public function view(User $user, Page $page)
{
$permission = 'view.' . $page->getName();
return $user->can($permission);
}
//other methods
}
Register policy in AuthServiceProvider
:在AuthServiceProvider
中注册策略:
protected $policies = [
Page::class => PagePolicy::class
];
And than, in controller, you can just use gate functional:而且,在 controller 中,您可以只使用门功能:
public function index(Page $page)
{
$this->authorize('view', $page);
//or
Gate::check('view', $page);
return view('page', compact('page'));
}
Or use this in middleware:或者在中间件中使用它:
Route::get('/{page}', [PageController::class, 'index'])->where('page' => ['about|service|termscondition|privacypolicy|contact'])->middleware('can:view');
I need one suggestion.我需要一个建议。 Can i check permission without policy in controller?我可以在 controller 中检查没有政策的许可吗?
Web.php Web.php
Route::get('/{page}', [PageController::class, 'index'])->where('page' => ['about|service|termscondition|privacypolicy|contact']);
PageController页面控制器
public function view($page)
{ if (!Auth::user()->can($page.'.view')) { abort(401); }
return view('page', compact('page'));
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.