stackoom
  简体   繁体   中英

Laravel 5.3: localhost redirected you too many times

 原文  2016-11-28 08:33:47       php/ laravel/ laravel-5.3

Question

I have 2 user roles which is superadmin and admin

I don't want admin to access of Settings Page.

I am not sure if this is the proper way.

So, here's my SettingsController.php 

class SettingsController extends Controller {
    public function index() {
        if(Auth::user()->roles == 0) {
            return redirect(url()->previous());
        } else {
            return view('settings.index');
        }
    }
}

As you can see if the roles is 0. I redirect the user to the last page they're in. I also tried to use return back() ;

web.php (routes) 

<?php

Route::get('/', ['uses' => 'UsersController@index']);
Route::post('login', ['uses' => 'UsersController@login']);

Route::group(['middleware' => ['auth']], function() {
    Route::get('logout', ['uses' => 'UsersController@destroy']);
    Route::get('upline', ['uses' => 'UplinesController@index']);
    Route::get('upline/create', ['uses' => 'UplinesController@create']);
    Route::post('upline', ['uses' => 'UplinesController@store']);
    Route::delete('upline/destroy/{id}', ['uses' => 'UplinesController@destroy']);
    Route::put('upline/update/{id}', ['uses' => 'UplinesController@update']);
    Route::get('upline/getdownlines/{id}', ['uses' => 'UplinesController@getDownlines']);

    Route::get('downline', ['uses' => 'DownlinesController@index']);
    Route::post('downline', ['uses' => 'DownlinesController@store']);
    Route::delete('upline/destroy/{id}', ['uses' => 'DownlinesController@destroy']);
    Route::put('downline/update/{id}', ['uses' => 'DownlinesController@update']);

    Route::get('bonus', ['uses' => 'BonusController@index']);
    Route::post('bonus/csv', ['uses' => 'BonusController@fileUpload']);

    Route::get('settings', ['uses' => 'SettingsController@index']);
});

I have a 2nd question. Can I limit admin using middleware? If yes, how?

Any help would be appreciated.

2 answers

solution1
 1  2016-11-28 08:45:35

Maybe the second option, " Limiting admin with middleware ". So you can try something like; 

Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function () {
    Route::get('/', 'DownlinesController@update');
});

Then 

Route::group(['prefix' => 'super', 'middleware' => 'auth'], function () {
    Route::get('/', 'UplinesController@index');
});

solution2
 1  2016-11-28 11:22:59

As @michael s answer suggests use middleware, his answer fails to demonstrate on how to do it (mine too, I just added more text).

Note : Laravel is big because of its documentation, USE IT !

You have 2 (or more options):

  • parameterized middleware
  • 2 distinctive middlewares (one for admin, another for superadmin)

Note : use artisan to generate middleware from stubs, $ php artisan make:middleware MyNewShinyMiddleware

parametrized middleware (my pick)

Head to documentation and check out this .

Example shows exactly your problem. 

public function handle($request, Closure $next, $role)
{
    if (! $request->user()->hasRole($role)) { //implement hasRole in User Model
        // Redirect... 
        // (use named routes to redirect or do 401 (unauthorized) because thats what is going on!
        // abort(401) // create view in /views/errors/401.blade.php
        // return redirect()->route('home');
    }

    //success user has role $role, do nothing here just go to another "onion" layer
    return $next($request);
}

2 distinctive middlewares

simply create two middlewares and hardcode your checking routine of roles (same as you do in your controller sample) except use $request->user() ...

(routes) web.php 

Route::group(['middleware' => 'role:admin'], function () {...} //parametrized

Route::group(['middleware' => 'checkRoleAdmin'], function () {...}
Route::group(['middleware' => 'checkRoleSuper'], function () {...}

Note : role , checkRoleAdmin and checkRoleSuper are "named" middlewares and you need to register them in kernel.php

Another way is yo use gates or policies which make the best sense, since you are trying to limit user. Read more here .

I use middleware based ACL for really simple projects (like one admin and no real users).
I use gates based ACL for medium projects (1-2 roles).
I use policies based ACL for "huge" projects (many roles, many users).

Also consider looking at https://github.com/Zizaco/entrust

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Laravel authentication: localhost redirected you too many times laravel 5.3 Laravel - Localhost redirected you too many times Laravel 5.3 redirect to https redirected you too many times localhost redirected you too many times. laravel localhost redirected you too many times localhost redirected you too many times in Codeigniter ERROR: localhost redirected you too many times PHP Localhost redirected you too many times PHP: Localhost redirected you too many times Laravel 5, why is a redirect to named route in middleware causing “localhost redirected you too many times”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM