Laravel 8:中间件角色
当有人注册时,他们可以在下拉选择中注册为个人资料或企业。通过下面的代码,我如何创建中间件,使配置文件用户不能访问业务仪表板,业务用户也不能访问配置文件仪表板?如何保护这些页面?
2014_10_12_000000_create_users_table.php
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('account_type');
$table->string('first_name');
$table->string('last_name');
$table->string('username')->unique();
$table->string('email')->unique();
$table->timestamp('email_verified_at')->nullable();
$table->string('phone');
$table->string('address', 50);
$table->string('city', 25);
$table->char('state', 2);
$table->char('zip', 10);
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
RegisterController.php
<?php
namespace AppHttpControllersAuth;
use AppModelsUser;
use IlluminateHttpRequest;
use AppHttpControllersController;
use IlluminateSupportFacadesAuth;
use IlluminateSupportFacadesHash;
class RegisterController extends Controller
{
public function index()
{
return view('auth.register');
}
public function store(Request $request)
{
$this->validate($request, [
'account_type' => 'required|not_in:0',
'first_name' => 'required|max:255',
'last_name' => 'required|max:255',
'username' => 'required|max:15|unique:users',
'email' => 'required|email|unique:users',
'phone' => 'required|max:255|digits:10',
'address' => 'required|max:255',
'city' => 'required|max:20',
'state' => 'required|not_in:0',
'zip' => 'required|regex:/d{5}/',
'password' => 'required|string|confirmed|min:8',
]);
User::create([
'account_type' => $request->account_type,
'first_name' => $request->first_name,
'last_name' => $request->last_name,
'username' => $request->username,
'email' => $request->email,
'phone' => $request->phone,
'address' => $request->address,
'city' => $request->city,
'state' => $request->state,
'zip' => $request->zip,
'password' => Hash::make($request->password),
]);
Auth::attempt([
'email' => $request->email,
'password' => $request->password,
]);
// Redirect to dashboards based on registers account type
if(Auth::user()->account_type == 'profile'){
return redirect()->route('dashboard_profile');
} else {
return redirect()->route('dashboard_business');
}
}
}
BusinessDashboardController.php
class BusinessDashboardController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
return view('auth.dashboard_business');
}
}
ProfileDashboardController.php
class ProfileDashboardController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function index()
{
return view('auth.dashboard_profile');
}
}
我想学习在不使用包的情况下执行此操作。
解决方案
除了@nagidi提供的解决方案外,您还可以更新middleware句柄条件以检查account_type是配置文件还是业务。
public function handle($request, Closure $next, $type)
{
if (Auth::user() && Auth::user()->account_type == $type) {
return $next($request);
}
abort(403, 'Unauthorized action.');
}
Route::get('/business-profile', ['middleware' => 'accType:business', function () {
//
}]);
Route::get('/profile', ['middleware' => 'accType:profile', function () {
//
}]);
相关文章