Laravel阻止用户操作 [英] Laravel prevent user action
问题描述
我在项目中使用laravel 5.6,并委托其处理用户/角色/权限.
I use laravel 5.6 for my project and entrust to handle users/roles/permissions.
但是现在我面临另一个问题,我不知道该走哪条路.
But now I'm facing another problem and I don't know which way to go.
基本上,在我的数据库中,我有一个带有x列的常规"表.每列代表我的应用程序的一部分,因此只有一行.
Basically on my database, I have a "general" table with x columns. Each columns represent a part of my app so there's only one row.
例如,我可以在"edit-post"列中添加0、1或2.
For example, I can have a "edit-post" columns with 0, 1 or 2.
如何防止用户根据数据库值访问获取/发布路由?
How to prevent user to access to get/post routes based on database value ?
如果edit-post等于2,则用户可以查看编辑页面/post编辑数据.
If edit-post equal 2, user can view edit page / post edit data.
我必须使用中间件吗?盖茨?还有什么吗?
Must I use middleware ? gates ? anything else ?
感谢您的回答.
推荐答案
如Raggib
所述:创建用户表权限:
As Raggib
said: create a users table permission:
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('role');
});
创建一个中间件来检查用户是否有权访问您要保护的记录:
Create a middleware to check if the user has the permissions to access the record you are trying to protect:
if($loggedUser->role != 'admin'){
// cannot edit
}
此方法的优点是您可以稍后添加角色.这使您可以更好地控制谁可以访问哪些记录.
The advantage of this method is that you can add roles later. This will give you the possibility to better control who can access which records.
这篇关于Laravel阻止用户操作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!