Laravel与用户的中间件
[英]Laravel middleware with users
问题描述
我正在尝试为laravel博客设置中间件,但以下情况有问题。 我想允许访问某些路由,但仅允许特定用户(而非角色)访问。 例如...具有管理员,globalmod或主持人角色的每个人都可以使用“索引”,“创建”,“存储”和“显示”路由。 要“销毁”路由只能访问管理员。
问题在于“编辑”和“更新”路线。 对于这些路由,我只想授予“管理员”用户和创建该博客文章的用户访问权限。
这段代码适合角色,但是我不知道如何为特定用户设置它。
App \\ User.php
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable {
use Notifiable;
protected $fillable = [
'name', 'email', 'password',
];
protected $hidden = [
'password', 'remember_token',
];
public function roles() {
return $this->belongsToMany('App\Role');
}
public function authorizeRoles($roles) {
if (is_array($roles)) {
return $this->hasAnyRole($roles) ||
abort(401, 'This action is unauthorized.');
}
return $this->hasRole($roles) ||
abort(401, 'This action is unauthorized.');
}
public function hasAnyRole($roles) {
return null !== $this->roles()->whereIn('slug', $roles)->first();
}
public function hasRole($role) {
return null !== $this->roles()->where('slug', $role)->first();
}
}
App \\ Http \\ Middleware \\ RolesMiddleware.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RolesMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, ... $roles) {
if(!Auth::check()) {
return redirect()->route('login')->with('attention', 'You have no access');
}
$user = Auth::user();
foreach($roles as $role) {
if($user->hasRole($role)) {
return $next($request);
}
}
return redirect()->back()->with('attention', 'You have no access');
}
}
App \\ Http \\ Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\RolesMiddleware::class,
];
App \\ Http \\ Controllers \\ BlogController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Blog;
class BlogsController extends Controller
{
public function __construct() {
$this->middleware('role:admin', array('only' => 'destroy'));
$this->middleware('role:admin,globalmod,moderator', array('only' => array('index', 'create', 'store', 'show')));
}
public function index() {
...
}
public function create() {
...
}
public function store(Request $request) {
...
}
public function show($id) {
...
}
public function edit($id) {
...
}
public function update(Request $request, $id) {
...
}
public function destroy($id) {
...
}
}
例如,我需要这样的东西
$this->middleware('role:admin OR $blog->author_id == Auth::user()->id',
array('only' => 'edit', 'update'));
2 个解决方案
解决方案1
0 已采纳 2018-07-27 06:59:31
查看https://laravel.com/docs/5.6/authorization#gates,您可以为模型定义规则/策略。
可以通过定制的中间件来实现,但是Laravel的策略和门是要走的路。
解决方案2
0 2018-07-27 07:11:42
尝试这样的事情
Route::group(['middleware' => ['role:Admin']], function () {
//define routes here... Ex. below
Route::get('/', 'HomeController@index');
/* for application to get sale price */
}
Laravel 中间件不会重定向到登录用户的特定路由
[英]Laravel Middleware not redirecting to specific route for logged in users
如何使用防护作为中间件在LARAVEL中对用户进行身份验证
[英]How to use a guard as an Middleware for authenticating users in LARAVEL
创建中间件以防止用户在laravel 5.1中操纵其他用户的信息
[英]Create middleware to prevent a user manipulates the information of other users in laravel 5.1
Laravel 7 中间件 - 如何为某些视图/刀片文件的未经过身份验证的用户/来宾创建分组中间件
[英]Laravel 7 Middleware - How to create grouped middleware for non-authenticated users/guests for certain views/blade files
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.