Laravel阻止用户操作 [英] Laravel prevent user action

问题描述

我在项目中使用laravel 5.6，并委托其处理用户/角色/权限.

I use laravel 5.6 for my project and entrust to handle users/roles/permissions.

但是现在我面临另一个问题，我不知道该走哪条路.

But now I'm facing another problem and I don't know which way to go.

基本上，在我的数据库中，我有一个带有x列的常规"表.每列代表我的应用程序的一部分，因此只有一行.

Basically on my database, I have a "general" table with x columns. Each columns represent a part of my app so there's only one row.

例如，我可以在"edit-post"列中添加0、1或2.

For example, I can have a "edit-post" columns with 0, 1 or 2.

如何防止用户根据数据库值访问获取/发布路由?

How to prevent user to access to get/post routes based on database value ?

如果edit-post等于2，则用户可以查看编辑页面/post编辑数据.

If edit-post equal 2, user can view edit page / post edit data.

我必须使用中间件吗?盖茨?还有什么吗?

Must I use middleware ? gates ? anything else ?

感谢您的回答.

推荐答案

如Raggib所述:创建用户表权限:

As Raggib said: create a users table permission:

 Schema::create('users', function (Blueprint $table) {
    $table->increments('id');
    $table->string('role');
});

创建一个中间件来检查用户是否有权访问您要保护的记录:

Create a middleware to check if the user has the permissions to access the record you are trying to protect:

if($loggedUser->role != 'admin'){
    // cannot edit
}

此方法的优点是您可以稍后添加角色.这使您可以更好地控制谁可以访问哪些记录.

The advantage of this method is that you can add roles later. This will give you the possibility to better control who can access which records.

这篇关于Laravel阻止用户操作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！