限制特定用户对 POST,DELETE,PATCH,PUT 的访问

Restricting access of a specific user to POST,DELETE,PATCH,PUT

我安装了Laravel 5.6。

我想向用户提供演示帐户,该用户不能插入或更新任何内容,只能查看所有内容。

我的系统中没有一组角色。我只想在某个地方硬编码用户 ID 并限制这些操作。

我用谷歌搜索并发现了很多不同的方法 (https://laracasts.com/discuss/channels/laravel/protecting-route-for-specific-user),这远远超出了我的需要。我只是想将此功能限制为所有网站中的特定用户。

Domain | Method    | URI                                                   | Name                            | Action                                                                             | Middleware                                       |
+--------+-----------+-------------------------------------------------------+---------------------------------+------------------------------------------------------------------------------------+--------------------------------------------------+
|        | GET|HEAD  | /                                                     |                                 | Closure                                                                            | web                                              |
|        | GET|HEAD  | _debugbar/assets/javascript                           | debugbar.assets.js              | Barryvdh\Debugbar\Controllers\AssetController@js                                   | Barryvdh\Debugbar\Middleware\DebugbarEnabled     |
|        | GET|HEAD  | _debugbar/assets/stylesheets                          | debugbar.assets.css             | Barryvdh\Debugbar\Controllers\AssetController@css                                  | Barryvdh\Debugbar\Middleware\DebugbarEnabled     |
|        | DELETE    | _debugbar/cache/{key}/{tags?}                         | debugbar.cache.delete           | Barryvdh\Debugbar\Controllers\CacheController@delete                               | Barryvdh\Debugbar\Middleware\DebugbarEnabled     |
|        | GET|HEAD  | _debugbar/clockwork/{id}                              | debugbar.clockwork              | Barryvdh\Debugbar\Controllers\OpenHandlerController@clockwork                      | Barryvdh\Debugbar\Middleware\DebugbarEnabled     |
|        | GET|HEAD  | _debugbar/open                                        | debugbar.openhandler            | Barryvdh\Debugbar\Controllers\OpenHandlerController@handle                         | Barryvdh\Debugbar\Middleware\DebugbarEnabled     |
|        | GET|HEAD  | api/user                                              |                                 | Closure                                                                            | api,auth:api                                     |
|        | GET|HEAD  | giris                                                 |                                 | Closure                                                                            | web                                              |
|        | GET|HEAD  | horizon/api/jobs/failed                               | horizon.failed-jobs.index       | Laravel\Horizon\Http\Controllers\FailedJobsController@index                        | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/jobs/failed/{id}                          | horizon.failed-jobs.show        | Laravel\Horizon\Http\Controllers\FailedJobsController@show                         | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/jobs/recent                               | horizon.recent-jobs.index       | Laravel\Horizon\Http\Controllers\RecentJobsController@index                        | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | POST      | horizon/api/jobs/retry/{id}                           | horizon.retry-jobs.show         | Laravel\Horizon\Http\Controllers\RetryController@store                             | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/masters                                   | horizon.masters.index           | Laravel\Horizon\Http\Controllers\MasterSupervisorController@index                  | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/metrics/jobs                              | horizon.jobs-metrics.index      | Laravel\Horizon\Http\Controllers\JobMetricsController@index                        | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/metrics/jobs/{id}                         | horizon.jobs-metrics.show       | Laravel\Horizon\Http\Controllers\JobMetricsController@show                         | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/metrics/queues                            | horizon.queues-metrics.index    | Laravel\Horizon\Http\Controllers\QueueMetricsController@index                      | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/metrics/queues/{id}                       | horizon.queues-metrics.show     | Laravel\Horizon\Http\Controllers\QueueMetricsController@show                       | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | POST      | horizon/api/monitoring                                | horizon.monitoring.store        | Laravel\Horizon\Http\Controllers\MonitoringController@store                        | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/monitoring                                | horizon.monitoring.index        | Laravel\Horizon\Http\Controllers\MonitoringController@index                        | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/monitoring/{tag}                          | horizon.monitoring-tag.paginate | Laravel\Horizon\Http\Controllers\MonitoringController@paginate                     | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | DELETE    | horizon/api/monitoring/{tag}                          | horizon.monitoring-tag.destroy  | Laravel\Horizon\Http\Controllers\MonitoringController@destroy                      | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/stats                                     | horizon.stats.index             | Laravel\Horizon\Http\Controllers\DashboardStatsController@index                    | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/api/workload                                  | horizon.workload.index          | Laravel\Horizon\Http\Controllers\WorkloadController@index                          | web,Laravel\Horizon\Http\Middleware\Authenticate |
|        | GET|HEAD  | horizon/{view?}                                       | horizon.index                   | Laravel\Horizon\Http\Controllers\HomeController@index                              | web,Laravel\Horizon\Http\Middleware\Authenticate |

最快的方法是创建一个简单的中间件,如果是特定用户,您可以在其中中止。

要创建中间件,您可以使用 artisan 命令 make:middleware

php artisan make:middleware LimitUserIdX

在新创建的文件 (app/Http/Middleware/LimitUserIdX.php) 中,您可以只检查身份验证用户 ID 是否为 X,如果是,则中止并显示错误代码 403(权限被拒绝),如下所示:

public function handle($request, Closure $next)
{
    $userId = Auth::id();
    if($userId == 5) {
        abort(403);
    }

    return $next($request);
}

将 5 更改为您要限制的用户。


编辑:我没有理解问题,这是更正。

您应该将新创建的中间件添加到 Laravel 全局中间件列表。只需转到 App/Http/Kernel.php 并将 class 添加到 $middleware var。这将使 Laravel 运行 成为您对应用程序的所有 HTTP 请求的中间件(无需将其添加到每个路由定义中)。

然后,您还需要编辑中间件本身以在中止之前检查请求的方法,如下所示:

public function handle($request, Closure $next)
{
    $userId = Auth::id();
    if(request()->method() != "GET" && request()->method() != "HEAD" && $userId == 5) {
        abort(403);
    }

    return $next($request);
}