Laravel用户访问某些页面的权限? [英] Laravel User permission to access certain pages?
问题描述
我创建了如下的子页:
// Create pages table for dynamic pages
id | slug | title | page_template
0 about about us about.blade
1 contact contact us contact.blade
我将通过以下路线访问它们:
I am going to access them through the following rout:
// could be page/{slug} or only slug inside routes.php
Route::get('/{slug}', array('as' => 'page.show', 'uses' => 'PageController@show'));
我有一个PageController,所以这使我可以动态创建页面. 在这里引用解决方案: Laravel从MySQL创建到控制器的动态路由数据库
Where I have a PageController , so this allows me to create pages dynamically. referring to the solution here : Laravel Creating Dynamic Routes to controllers from Mysql database
我还拥有角色表:
// Create roles table for
id | name
0 user
1 admin
我还有另一个权限表:
// permission table
role_id | page_id
0 0
0 1
1 1
这将帮助我根据角色类型设置权限,例如,如果您是用户,则只能访问about page;如果您是admin,则可以访问所有页面等.
This will help me out with setting permission per role type , so for example if you are a user you can only access about page , if you are admin you can access all pages etc..
我的问题是:我该怎么做,是否在路由中添加一个过滤器,以检查用户是否可以访问该页面?那么,我是在routes.php还是filters.php中呢?以及如何?
My Question is : how could I make this happen , do I add a filter to my route , that checks if the user can access that slug page? So do I do this inside routes.php or inside filters.php? and how?
感谢您的帮助
推荐答案
您需要以下设置.用四个表(用户,角色权限和Permission_role)创建类(模型):
You need a setup like following. Create classes (models) with four tables (users, roles permissions and permission_role):
表roles
:
id | name (role name)
1 | admin
2 | user
型号Role
:
class Role extends ELoquent {
protected $table = 'roles';
public function users()
{
return $this->hasMany('User', 'role_id', 'id');
}
public function permissions()
{
return $this->belongsToMany('Permission');
}
}
表permissions
:
id | name (permission name)
1 | manage_pages (add/edit/delete)
2 | manage_users (add/edit/delete)
3 | page_about (access allowed to about page)
4 | page_contact (access allowed to contact page)
型号Permission
class Permission extends ELoquent {
protected $table = 'permissions';
public function roles()
{
return $this->belongsToMany('Role');
}
}
表users
:
id | username | email | password | role_id | more...
1 | admin | admin@ymail.com | hashed | 1 | more...
2 | user1 | user1@ymail.com | hashed | 2 | more...
3 | user2 | user2@ymail.com | hashed | 2 | more...
型号User
class User extends ELoquent {
protected $table = 'users';
public function role()
{
return $this->belongsTo('Role', 'role_id', 'id');
}
public function can($perm = null)
{
if(is_null($perm)) return false;
$perms = $this->role->permissions->fetch('name');
return in_array($perm, $perms->toArray());
}
}
表permission_role
(数据透视表):
id | permission_id | role_id
1 | 1 | 1
2 | 2 | 1
3 | 3 | 1
4 | 4 | 1
5 | 3 | 2
6 | 4 | 2
一旦进行了此设置,就可以创建过滤器,或者可以在类方法中检查登录的用户是否具有特定的规则或权限,然后允许访问页面,否则不允许访问.例如,您可以检查登录用户是否可以使用以下方式访问页面:
Once you have this setup then you may create filters or in your class method you may check if a logged in user has specific rule or permission then allow access to a page, otherwise doesn't allow. For example, you may check if a logged in user can access a page using something like this:
if(Auth::user->can('manage_pages')) {
// Let him/her to add/edit/delete any page
}
由于您的页面是动态的,并且所有页面都通过show
方法显示,因此在您的show
方法中,您可以检查如下内容:
Since your pages are dynamic and all pages are being shown by show
method then in your show
method you may check something like this:
public function show($slug = 'home')
{
// assumed page skug is 'about'
$permission = 'page_' . $slug;
if(Auth::user->can($permission)) {
$page = page::whereSlug('home')->get();
return View::make('pages.index')->with('page', $page);
}
}
这确实是一个大问题,您必须自行解决.我通过一些实现为您提供了基本概念,现在您应该扩展它.
This is really a big issue and you have to figure it out by your self. I gave you the basic idea with some implementations, now you should extend it.
P/S:不可能从根本上回答所有问题,但是我参与了您的同一项目的另一个回答,因此我建议您实施权限基础(ACL),因此我尝试提供帮助但您需要尝试实施其余的步骤.一切顺利.
这篇关于Laravel用户访问某些页面的权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!