Laravel ACL with Entrust，如何保护路由，控制器方法

Question

如果用户对路由有权限，我如何检查 Entrust。

我有权限 table 路由字段和操作名称

例如

can_update_profile, can_delete_profile, can_see_profile

比起我为每个角色添加特权，而不是我尝试实现一个中间件，该中间件在用户能够访问控制器方法但失败时检查路由。

委托 can 将所有请求解释为免费访问

这是我的中间件

<?php

namespace App\Http\Middleware;

use Closure;
use App\Permission;
use Illuminate\Contracts\Auth\Guard;
use Route;

class AuthorizeRoute
{

    public function __construct(Guard $auth)
    {
        $this->auth = $auth;
    }

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {

        $user = $this->auth->user();
        $permissions = Permission::all();

        //dd($user);
        $uri = $request->route()->uri();


        foreach ($permissions as $permission) {

            if (!$user->can($permission->name) && $permission->route === $uri) {
                 //var_dump($user->can($permission->name));
                abort(403);
            }
        }

        return $next($request);
    }
}

Answer 1

我无法测试这个，但我猜你应该这样写 handle()

public function handle($request, Closure $next)
{
    $user = $this->auth->user();
    $permissions = Permission::all();

    $uri = $request->route()->uri();

    foreach ($permissions as $permission) {
        // reordered expression order to skip calling $user->can()
        // for routes that don't match
        if ( $permission->route === $uri && $user->can($permission->name) ) {
            // allow access only if it's a match
            return $next($request);
        }
    }

    // nothing matched, abort
    abort(403);
}

Laravel ACL with Entrust，如何保护路由，控制器方法

Laravel ACL with Entrust, how to protect routes, controller methods

permissions

acl

routes

entrust

laravel-5.5