控制对Laravel和Sentry路线的访问 [英] Controlling Access to Routes Laravel and Sentry
本文介绍了控制对Laravel和Sentry路线的访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想知道使用Sentry
时如何限制对routes.php
文件中某些路由的访问.目前,我已设置以下路线
I am wondering how I can restrict access to certain routes in the routes.php
file when using Sentry
. Currently I have the following routes set up
Route::model('book', 'Book');
Route::get('/books', 'BookController@index');
Route::get('book/create', 'BookController@create');
Route::get('book/edit/{book}', 'BookController@edit');
Route::get('book/delete/{book}', 'BookController@delete');
Route::get('book/view/{book}', 'BookController@view');
Route::post('book/create', 'BookController@handleCreate');
Route::post('book/edit', 'BookController@handleEdit');
Route::post('book/delete', 'BookController@handleDelete');
我有2个groups
- 管理员
- 用户
我只希望Admin
能够访问这些路由.我将不胜感激
I would only like the Admin
to be able to access these routes. I'd appreciate any help
推荐答案
来自 http://laravelsnippets.com/snippets/sentry-route-filters 并根据您的建议进行了修改.希望这可以帮助.我最近实现了与此类似的功能.
Taken from http://laravelsnippets.com/snippets/sentry-route-filters and modified for your propose. Hope this helps. I implemented something similar to this recently.
尽管如此,您仍需要替换故障重定向中的路由.
Youll need to replace the routes in the failure redirects to your own though.
<?php
/**
* Sentry filter
*
* Checks if the user is logged in
*/
Route::filter('Sentry', function()
{
if ( ! Sentry::check()) {
return Redirect::route('cms.login');
}
});
/**
* hasAcces filter (permissions)
*
* Check if the user has permission (group/user)
*/
Route::filter('hasAccess', function($route, $request, $value)
{
try
{
$user = Sentry::getUser();
if( ! $user->hasAccess($value))
{
return Redirect::route('cms.login')->withErrors(array(Lang::get('user.noaccess')));
}
}
catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
{
return Redirect::route('cms.login')->withErrors(array(Lang::get('user.notfound')));
}
});
/**
* InGroup filter
*
* Check if the user belongs to a group
*/
Route::filter('inGroup', function($route, $request, $value)
{
try
{
$user = Sentry::getUser();
$group = Sentry::findGroupByName($value);
if( ! $user->inGroup($group))
{
return Redirect::route('cms.login')->withErrors(array(Lang::get('user.noaccess')));
}
}
catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
{
return Redirect::route('cms.login')->withErrors(array(Lang::get('user.notfound')));
}
catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e)
{
return Redirect::route('cms.login')->withErrors(array(Lang::get('group.notfound')));
}
});
//Example use
Route::group(array('before' => 'Sentry|inGroup:Admin'), function()
{
Route::model('book', 'Book');
Route::get('/books', 'BookController@index');
Route::get('book/create', 'BookController@create');
Route::get('book/edit/{book}', 'BookController@edit');
Route::get('book/delete/{book}', 'BookController@delete');
Route::get('book/view/{book}', 'BookController@view');
Route::post('book/create', 'BookController@handleCreate');
Route::post('book/edit', 'BookController@handleEdit');
Route::post('book/delete', 'BookController@handleDelete');
});
这篇关于控制对Laravel和Sentry路线的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文