laravel 5的角色，如何仅允许管理员访问某些root用户 [英] Roles with laravel 5, how to allow only admin access to some root

问题描述

我遵循本教程: https://www.youtube.com/watch?v=kmJYVhG6UzM 目前，我可以在刀片服务器中签入用户是否是管理员的身份:

I follow this tutorial : https://www.youtube.com/watch?v=kmJYVhG6UzM Currently I can check in my blade if user is a admin or not like this:

{{ Auth::user()->roles->toArray()[0]['role'] }}
HI ADMIN
@endif

如何使我的路线仅对管理员用户可用?

How can I make my route only available for admin user?

推荐答案

您需要为您的路线创建中间件.

You need to create a middleware for your route.

使用:php artisan make:middleware AdminMiddleware.

您将在中间件文件夹中找到一个具有该名称的新文件.

You will find in your middleware folder a new file with this name.

将您的逻辑放入您的中间件中，例如

Put your logic in your middleware, e.g.

public function handle($request, Closure $next)
{
    if(Auth::check())
    {
        return $next($request);
    }
    else
    {
        return view('auth.login')->withErrors('You are not logged in');
    }

}

一旦您在中间件中完成了逻辑，就可以在路由中调用它，或者使中间件适用于所有路由.

Once you have done your logic in your middleware, you can either call it in the route or make the middleware apply to all routes.

如果要将其添加到所有路由，请转到Kernel.php并将其添加到$middleware数组，例如

If you want to add it to all routes, go to Kernel.php and add it to the $middleware array, e.g.

protected $middleware = [
    'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
    'Illuminate\Cookie\Middleware\EncryptCookies',
    'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
    'Illuminate\Session\Middleware\StartSession',
    'Illuminate\View\Middleware\ShareErrorsFromSession',
    'App\Http\Middleware\VerifyCsrfToken',
    'App\Http\Middleware\AdminMiddleware',
];

如果仅要将其添加到特定路由，请将其添加到$routeMiddleware变量，并将别名添加到路由.例如

If you want to add it to specific routes only, add it to the $routeMiddleware variable and add the alias to the route. E.g.

protected $routeMiddleware = [
    'auth' => 'App\Http\Middleware\Authenticate',
    'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
    'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
    'admin' => 'App\Http\Middleware\AdminMiddleware',
];

然后您可以将其添加到路由中，作为过滤器，例如

You can then add it to a route, as a filter, e.g.

Route::get('admin/profile', ['middleware' => 'admin', function()
{

}]);

有关其他信息，请访问文档:

For additional info visit the docs:

http://laravel.com/docs/master/middleware

编辑

对此的一种改进是使用PHP 5.6中引入的可变参数函数

An improvement on this would be to use variadic functions which was introduced in PHP 5.6

http://php.net/manual/en/migration56.new -features.php

无需为每个权限集制作中间件，您可以执行以下操作

Instead of having to make a middleware for each permission set you can do the following

PermissionMiddleware

PermissionMiddleware

namespace App\Http\Middleware;

use Closure;
use \App\Models\Role;
class PermissionMiddleware
{
    // Pass parameters to this middleware
    public function handle($request, Closure $next, ...$permitted_roles)
    {

        //Get a users role
        $role = new Role;
        $role_name = $role->getUserRoleByName();
        foreach($permitted_roles as $permitted_role) {
            if($permitted_role == $role_name) {
                return $next($request);
            }
        }
        return redirect()->back()->withErrors('You do not have the required permission');

    }
}

注意... $ permitted_roles

Notice the ...$permitted_roles

Route::get('admin/profile', ['middleware' => 'PermissionMiddleware:Admin,Marketing', function()
{

}]);

您现在可以为一个中间件指定所需的角色，而不必通过使用中间件参数来创建多个角色

You can now specify as many roles as required for one middleware rather than creating multiple by using middleware parameters

文档 https://laravel.com/docs/5.3/middleware#middleware-parameters

这篇关于laravel 5的角色，如何仅允许管理员访问某些root用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！