如何让 laravel 中的管理员和卖家只能访问我的仪表板?

How to make my dashboard accessible only for admin and seller in laravel?

DashboardController.php

class DashboardController extends Controller
{
    function __construct()
    {
        $this->middleware('auth');
    }
    // codes.....

}

Initially, I make a middlewire for any auth user to access this dashboard.

目标: 我只想为 adminseller 制作这个 dashboard。使普通用户无法访问仪表板路由。

怎么做?

参考table

users table

         Schema::create('users', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('email')->unique();
            $table->string('photo')->nullable();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->longText('cartitems')->nullable();
            $table->longText('wishlist')->nullable();
            $table->unsignedBigInteger('discount')->default(0);
            $table->rememberToken();
            $table->timestamps();
        });

This is users table.

roles table

       Schema::create('roles', function (Blueprint $table) {
            $table->id();
            $table->string('name');
            $table->string('display_name');
            $table->timestamps();
        });

This is roles table. And every user have a role such as Superadmin, admin, seller orcustomer

role_user table

        Schema::create('role_user', function (Blueprint $table) {
            $table->id();
            $table->unsignedBigInteger('user_id');
            $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');

            $table->unsignedBigInteger('role_id');
            $table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');

            $table->timestamps();
        });

In this pivot table make a relationship between users and roles table.

我已经尝试了这些步骤

DashboardController.php

function __construct()
{
    $this->middleware('admin');
}

Kernel.php

   'admin' => \App\Http\Middleware\Admin::class,

Admin.php [新中间线]

public function handle($request, Closure $next)
{
    dd(Auth::user());
}

But this Admin.php can't not access the current authenticated user.

it shows null

为了能够在中间件中使用 auth()->user(),您需要先加载 auth 中间件。有几种方法可以做到这一点,包括使用路由组直接为路由提供中间件。否则,Laravel将无法识别有登录用户。

如果您不想这样做,还有另一种方法,虽然有点粗糙,但它同样可以很好地完成工作,因为您正在编写自己的角色逻辑。您可以创建一个辅助函数 hasRole() 来做同样的事情并在您的控制器中使用它。

编辑:这是我为权限而非角色所做的事情,但我认为它可能有帮助:

if(!function_exists('hasPermission')){
    function hasPermission($permissionName){
        if(auth()->check()) {

            $user = \App\Admin::where('id', auth()->user()->id)->with('role.permissions')->first();
            $permission = \App\AdminPermissions::where('name', $permissionName)->first();
            return response()->json($user->role->permissions->contains($permission));

        } else {

            return 'Unauthenticated';
        }
    }
}

我用类似的方法做过。但是我没有遇到任何问题。

如果你把所有东西都放在正确的位置,它应该可以工作。