Laravel 5 的角色,如何只允许管理员访问某些根
我遵循本教程:https://www.youtube.com/watch?v=kmJYVhG6UzM 目前我可以在我的刀片中检查用户是否是管理员:
I follow this tutorial : https://www.youtube.com/watch?v=kmJYVhG6UzM Currently I can check in my blade if user is a admin or not like this:
{{ Auth::user()->roles->toArray()[0]['role'] }}
HI ADMIN
@endif
如何让我的路由只对管理员用户可用?
How can I make my route only available for admin user?
推荐答案
您需要为您的路由创建一个中间件.
You need to create a middleware for your route.
使用:php artisan make:middleware AdminMiddleware
.
您将在中间件文件夹中找到一个具有此名称的新文件.
You will find in your middleware folder a new file with this name.
将您的逻辑放在中间件中,例如
Put your logic in your middleware, e.g.
public function handle($request, Closure $next)
{
if(Auth::check())
{
return $next($request);
}
else
{
return view('auth.login')->withErrors('You are not logged in');
}
}
在中间件中完成逻辑后,您可以在路由中调用它或使中间件应用于所有路由.
Once you have done your logic in your middleware, you can either call it in the route or make the middleware apply to all routes.
如果你想把它添加到所有路由,去Kernel.php
并将它添加到$middleware
数组,例如
If you want to add it to all routes, go to Kernel.php
and add it to the $middleware
array, e.g.
protected $middleware = [
'IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode',
'IlluminateCookieMiddlewareEncryptCookies',
'IlluminateCookieMiddlewareAddQueuedCookiesToResponse',
'IlluminateSessionMiddlewareStartSession',
'IlluminateViewMiddlewareShareErrorsFromSession',
'AppHttpMiddlewareVerifyCsrfToken',
'AppHttpMiddlewareAdminMiddleware',
];
如果您只想将其添加到特定路由,请将其添加到 $routeMiddleware
变量并将别名添加到路由.例如
If you want to add it to specific routes only, add it to the $routeMiddleware
variable and add the alias to the route. E.g.
protected $routeMiddleware = [
'auth' => 'AppHttpMiddlewareAuthenticate',
'auth.basic' => 'IlluminateAuthMiddlewareAuthenticateWithBasicAuth',
'guest' => 'AppHttpMiddlewareRedirectIfAuthenticated',
'admin' => 'AppHttpMiddlewareAdminMiddleware',
];
然后您可以将其添加到路由中,作为过滤器,例如
You can then add it to a route, as a filter, e.g.
Route::get('admin/profile', ['middleware' => 'admin', function()
{
}]);
有关更多信息,请访问文档:
For additional info visit the docs:
http://laravel.com/docs/master/middleware
编辑
对此的改进是使用 PHP 5.6 中引入的可变参数函数
An improvement on this would be to use variadic functions which was introduced in PHP 5.6
http://php.net/manual/en/migration56.new-功能.php
不必为每个权限集制作一个中间件,您可以执行以下操作
Instead of having to make a middleware for each permission set you can do the following
权限中间件
namespace AppHttpMiddleware;
use Closure;
use AppModelsRole;
class PermissionMiddleware
{
// Pass parameters to this middleware
public function handle($request, Closure $next, ...$permitted_roles)
{
//Get a users role
$role = new Role;
$role_name = $role->getUserRoleByName();
foreach($permitted_roles as $permitted_role) {
if($permitted_role == $role_name) {
return $next($request);
}
}
return redirect()->back()->withErrors('You do not have the required permission');
}
}
注意 ...$permitted_roles
Notice the ...$permitted_roles
Route::get('admin/profile', ['middleware' => 'PermissionMiddleware:Admin,Marketing', function()
{
}]);
您现在可以根据需要为一个中间件指定多个角色,而不是使用中间件参数创建多个角色
You can now specify as many roles as required for one middleware rather than creating multiple by using middleware parameters
文档https://laravel.com/docs/5.3/middleware#middleware-parameters
相关文章