Laravel 中间件与用户
Laravel middleware with users
我正在尝试为我的 laravel 博客设置中间件,但遇到以下情况时遇到问题。
我想允许访问某些路由,但只允许特定用户(不是角色)访问。
例如... 'index'、'create'、'store' 和 'show' 路由适用于具有 admin、globalmod 或版主角色的每个人。 To 'destroy' 路由只能访问admin。
问题出在 'edit' 和 'update' 路由上。对于这些路线,我只想向 'admin' 用户和创建该博客的用户授予访问权限 post。
此代码适用于角色,但我不知道如何为特定用户设置它。
App\User.php
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable {
use Notifiable;
protected $fillable = [
'name', 'email', 'password',
];
protected $hidden = [
'password', 'remember_token',
];
public function roles() {
return $this->belongsToMany('App\Role');
}
public function authorizeRoles($roles) {
if (is_array($roles)) {
return $this->hasAnyRole($roles) ||
abort(401, 'This action is unauthorized.');
}
return $this->hasRole($roles) ||
abort(401, 'This action is unauthorized.');
}
public function hasAnyRole($roles) {
return null !== $this->roles()->whereIn('slug', $roles)->first();
}
public function hasRole($role) {
return null !== $this->roles()->where('slug', $role)->first();
}
}
App\Http\Middleware\RolesMiddleware.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RolesMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, ... $roles) {
if(!Auth::check()) {
return redirect()->route('login')->with('attention', 'You have no access');
}
$user = Auth::user();
foreach($roles as $role) {
if($user->hasRole($role)) {
return $next($request);
}
}
return redirect()->back()->with('attention', 'You have no access');
}
}
App\Http\Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\RolesMiddleware::class,
];
App\Http\Controllers\BlogController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Blog;
class BlogsController extends Controller
{
public function __construct() {
$this->middleware('role:admin', array('only' => 'destroy'));
$this->middleware('role:admin,globalmod,moderator', array('only' => array('index', 'create', 'store', 'show')));
}
public function index() {
...
}
public function create() {
...
}
public function store(Request $request) {
...
}
public function show($id) {
...
}
public function edit($id) {
...
}
public function update(Request $request, $id) {
...
}
public function destroy($id) {
...
}
}
比如我需要这样的东西
$this->middleware('role:admin OR $blog->author_id == Auth::user()->id',
array('only' => 'edit', 'update'));
看看 https://laravel.com/docs/5.6/authorization#gates 你可以为你的模型定义 rules/policies。
它可以通过自定义中间件实现,但 Laravel 策略和门是可行的方法。
尝试这样的事情
Route::group(['middleware' => ['role:Admin']], function () {
//define routes here... Ex. below
Route::get('/', 'HomeController@index');
/* for application to get sale price */
}
我正在尝试为我的 laravel 博客设置中间件,但遇到以下情况时遇到问题。 我想允许访问某些路由,但只允许特定用户(不是角色)访问。 例如... 'index'、'create'、'store' 和 'show' 路由适用于具有 admin、globalmod 或版主角色的每个人。 To 'destroy' 路由只能访问admin。
问题出在 'edit' 和 'update' 路由上。对于这些路线,我只想向 'admin' 用户和创建该博客的用户授予访问权限 post。
此代码适用于角色,但我不知道如何为特定用户设置它。
App\User.php
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable {
use Notifiable;
protected $fillable = [
'name', 'email', 'password',
];
protected $hidden = [
'password', 'remember_token',
];
public function roles() {
return $this->belongsToMany('App\Role');
}
public function authorizeRoles($roles) {
if (is_array($roles)) {
return $this->hasAnyRole($roles) ||
abort(401, 'This action is unauthorized.');
}
return $this->hasRole($roles) ||
abort(401, 'This action is unauthorized.');
}
public function hasAnyRole($roles) {
return null !== $this->roles()->whereIn('slug', $roles)->first();
}
public function hasRole($role) {
return null !== $this->roles()->where('slug', $role)->first();
}
}
App\Http\Middleware\RolesMiddleware.php
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RolesMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, ... $roles) {
if(!Auth::check()) {
return redirect()->route('login')->with('attention', 'You have no access');
}
$user = Auth::user();
foreach($roles as $role) {
if($user->hasRole($role)) {
return $next($request);
}
}
return redirect()->back()->with('attention', 'You have no access');
}
}
App\Http\Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\RolesMiddleware::class,
];
App\Http\Controllers\BlogController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Blog;
class BlogsController extends Controller
{
public function __construct() {
$this->middleware('role:admin', array('only' => 'destroy'));
$this->middleware('role:admin,globalmod,moderator', array('only' => array('index', 'create', 'store', 'show')));
}
public function index() {
...
}
public function create() {
...
}
public function store(Request $request) {
...
}
public function show($id) {
...
}
public function edit($id) {
...
}
public function update(Request $request, $id) {
...
}
public function destroy($id) {
...
}
}
比如我需要这样的东西
$this->middleware('role:admin OR $blog->author_id == Auth::user()->id',
array('only' => 'edit', 'update'));
看看 https://laravel.com/docs/5.6/authorization#gates 你可以为你的模型定义 rules/policies。
它可以通过自定义中间件实现,但 Laravel 策略和门是可行的方法。
尝试这样的事情
Route::group(['middleware' => ['role:Admin']], function () {
//define routes here... Ex. below
Route::get('/', 'HomeController@index');
/* for application to get sale price */
}