[英]How to Protect the admin Panel in Laravel 5.2
我創建了一個 eCommerace 應用程序,它具有管理面板和用戶視圖(產品商店),我希望管理員訪問管理面板,而其他用戶只能訪問特定的 URL 和產品詳細信息等。我已經通過php artisan make:auth
為我的應用程序安裝了身份驗證php artisan make:auth
並且它工作正常,但我現在想要做的是應用一個過濾器,該過濾器將僅向 ADMIN 顯示管理面板,並將存儲顯示給其他用戶。
我已經在我的數據庫中聲明了一個布爾字段,默認情況下,普通用戶的值為 0,管理員的值為 1。
遷移:
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('email')->unique();
$table->string('password', 60);
$table->boolean('admin')->default(0);
$table->rememberToken();
$table->timestamps();
});
身份驗證控制器:
<?php
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect users after login / registration.
*
* @var string
*/
protected $redirectTo = '/home';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest', ['except' => 'logout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255', /**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
}
'email' => 'required|email|max:255|unique:users',
'password' => 'required|confirmed|min:6',
]);
}
正如@AnowarCst 所說。 使用中間件。
在項目根目錄中:
php artisan make:middleware Admin
打開新文件App/Http/Middleware/Admin.php
。
在handle()
方法中添加:
if ( Auth::check() && Auth::user()->isAdmin() )
{
return $next($request);
}
return redirect('/');
打開App/Http/Kernel.php
並將以下內容添加到$routeMiddleware
數組中:
'admin' => \App\Http\Middleware\Admin::class,
打開用戶模型: App/User.php
添加
/**
* Check if user is admin.
*
* @return bool
*/
public function isAdmin()
{
return $this->admin;
}
現在你可以使用routes.php
文件中的中間件:
Route::get('/uri-that-users-will-see', ['middleware' => ['auth','admin'], 'as' => 'your-route-name', 'uses' => 'YourController@yourMethod']);
這主要來自頭部,所以如果我跳過某些內容或有錯誤,請報告。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.