如何让 laravel 中的管理员和卖家只能访问我的仪表板?
How to make my dashboard accessible only for admin and seller in laravel?
DashboardController.php
class DashboardController extends Controller
{
function __construct()
{
$this->middleware('auth');
}
// codes.....
}
Initially, I make a middlewire for any auth user to access this dashboard.
目标: 我只想为 admin
和 seller
制作这个 dashboard
。使普通用户无法访问仪表板路由。
怎么做?
参考table
users
table
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->string('photo')->nullable();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->longText('cartitems')->nullable();
$table->longText('wishlist')->nullable();
$table->unsignedBigInteger('discount')->default(0);
$table->rememberToken();
$table->timestamps();
});
This is users
table.
roles
table
Schema::create('roles', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('display_name');
$table->timestamps();
});
This is roles
table. And every user have a role such as Superadmin
, admin
, seller
orcustomer
role_user
table
Schema::create('role_user', function (Blueprint $table) {
$table->id();
$table->unsignedBigInteger('user_id');
$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
$table->unsignedBigInteger('role_id');
$table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');
$table->timestamps();
});
In this pivot table make a relationship between users
and roles
table.
我已经尝试了这些步骤
DashboardController.php
function __construct()
{
$this->middleware('admin');
}
Kernel.php
'admin' => \App\Http\Middleware\Admin::class,
Admin.php
[新中间线]
public function handle($request, Closure $next)
{
dd(Auth::user());
}
But this Admin.php
can't not access the current authenticated user.
it shows null
为了能够在中间件中使用 auth()->user()
,您需要先加载 auth
中间件。有几种方法可以做到这一点,包括使用路由组直接为路由提供中间件。否则,Laravel将无法识别有登录用户。
如果您不想这样做,还有另一种方法,虽然有点粗糙,但它同样可以很好地完成工作,因为您正在编写自己的角色逻辑。您可以创建一个辅助函数 hasRole()
来做同样的事情并在您的控制器中使用它。
编辑:这是我为权限而非角色所做的事情,但我认为它可能有帮助:
if(!function_exists('hasPermission')){
function hasPermission($permissionName){
if(auth()->check()) {
$user = \App\Admin::where('id', auth()->user()->id)->with('role.permissions')->first();
$permission = \App\AdminPermissions::where('name', $permissionName)->first();
return response()->json($user->role->permissions->contains($permission));
} else {
return 'Unauthenticated';
}
}
}
我用类似的方法做过。但是我没有遇到任何问题。
如果你把所有东西都放在正确的位置,它应该可以工作。
DashboardController.php
class DashboardController extends Controller
{
function __construct()
{
$this->middleware('auth');
}
// codes.....
}
Initially, I make a middlewire for any auth user to access this dashboard.
目标: 我只想为 admin
和 seller
制作这个 dashboard
。使普通用户无法访问仪表板路由。
怎么做?
参考table
users
table
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->string('photo')->nullable();
$table->timestamp('email_verified_at')->nullable();
$table->string('password');
$table->longText('cartitems')->nullable();
$table->longText('wishlist')->nullable();
$table->unsignedBigInteger('discount')->default(0);
$table->rememberToken();
$table->timestamps();
});
This is
users
table.
roles
table
Schema::create('roles', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('display_name');
$table->timestamps();
});
This is
roles
table. And every user have a role such asSuperadmin
,admin
,seller
orcustomer
role_user
table
Schema::create('role_user', function (Blueprint $table) {
$table->id();
$table->unsignedBigInteger('user_id');
$table->foreign('user_id')->references('id')->on('users')->onDelete('cascade');
$table->unsignedBigInteger('role_id');
$table->foreign('role_id')->references('id')->on('roles')->onDelete('cascade');
$table->timestamps();
});
In this pivot table make a relationship between
users
androles
table.
我已经尝试了这些步骤
DashboardController.php
function __construct()
{
$this->middleware('admin');
}
Kernel.php
'admin' => \App\Http\Middleware\Admin::class,
Admin.php
[新中间线]
public function handle($request, Closure $next)
{
dd(Auth::user());
}
But this
Admin.php
can't not access the current authenticated user.
it shows null
为了能够在中间件中使用 auth()->user()
,您需要先加载 auth
中间件。有几种方法可以做到这一点,包括使用路由组直接为路由提供中间件。否则,Laravel将无法识别有登录用户。
如果您不想这样做,还有另一种方法,虽然有点粗糙,但它同样可以很好地完成工作,因为您正在编写自己的角色逻辑。您可以创建一个辅助函数 hasRole()
来做同样的事情并在您的控制器中使用它。
编辑:这是我为权限而非角色所做的事情,但我认为它可能有帮助:
if(!function_exists('hasPermission')){
function hasPermission($permissionName){
if(auth()->check()) {
$user = \App\Admin::where('id', auth()->user()->id)->with('role.permissions')->first();
$permission = \App\AdminPermissions::where('name', $permissionName)->first();
return response()->json($user->role->permissions->contains($permission));
} else {
return 'Unauthenticated';
}
}
}
我用类似的方法做过。但是我没有遇到任何问题。
如果你把所有东西都放在正确的位置,它应该可以工作。