Laravel:路由中间件和策略之间的区别 [英] Laravel: Difference Between Route Middleware and Policy

问题描述

我正在使用laravel开发应用程序，我意识到Policy可以完全使用Middleware来完成.假设如果我/她不是信息的所有者，我想阻止用户更新路由，那么我可以轻松地从路由中进行检查，并可以从策略中进行相同的操作.

I am developing an app with laravel, I realised that what can be done with Policy can exactly be done with Middleware. Say I want to prevent a user from updating a route if he/she is not the owner of the information, I can easily check from the route and can do the same from the policy.

所以我的问题是为什么我应该在中间件上使用policy，反之亦然

So my question is why should I use policy over middleware and vice versa

推荐答案

我目前正在对角色，权限和路由进行一次小型重构，并问了我自己相同的问题.

I'm currently going through a small refactor with my roles, permissions and routes and asked myself the same question.

从表面上看，真正的中间件和策略执行相同的总体思想.检查用户是否可以做他们正在做的事情.

At the surface level, it appears true middleware and policies perform the same general idea. Check if a user can do what they are doing.

作为参考，这里是laravel文档...

For reference here's the laravel docs...

中间件 我可以看到吗?我可以去这里吗?"

Middleware "May I see this? May I go here?"

HTTP中间件提供了用于过滤HTTP的便捷机制 请求输入您的应用程序.例如，Laravel包含一个 验证您的应用程序用户的中间件是 已验证.如果用户未通过身份验证，则中间件将 将用户重定向到登录屏幕.但是，如果用户是 通过身份验证后，中间件将允许请求继续进行 进一步进入应用程序.

HTTP middleware provide a convenient mechanism for filtering HTTP requests entering your application. For example, Laravel includes a middleware that verifies the user of your application is authenticated. If the user is not authenticated, the middleware will redirect the user to the login screen. However, if the user is authenticated, the middleware will allow the request to proceed further into the application.

当然，可以编写其他中间件来执行多种操作 除了身份验证以外的任务. CORS中间件可能是 负责为所有响应添加适当的标头 你的申请.日志记录中间件可能会记录所有传入的请求 您的应用程序.

Of course, additional middleware can be written to perform a variety of tasks besides authentication. A CORS middleware might be responsible for adding the proper headers to all responses leaving your application. A logging middleware might log all incoming requests to your application.

https://laravel.com/docs/master/middleware#introduction

在我的阅读中，中间件是关于在请求级别上进行操作的.用此用户可以看到页面?"或此用户可以在这里做些事情吗?"的术语

In my reading, Middleware is about operating at the request level. In the terms of "Can this user see a page?", or "Can this user do something here?"

如果是，它将转到与该页面关联的控制器方法.有趣的是，中间件可能会说:是的，您可以去那里，但我会写下您要去的地方."等等.

If so, it goes to the controller method associated with that page. Interestingly enough, Middleware may say, "Yes you may go there, but I'll write down that you are going." Etc.

完成后.它不再控制或说用户正在做什么.我将其视为中间人的另一种方式.

Once it's done. It has no more control or say in what the user is doing. Another way I think of it as the middleperson.

政策 我可以这样做吗?可以更改吗?"

Policies "Can I do this? Can I change this?"

除了提供现成的身份验证服务外， Laravel还提供了一种简单的方法来组织授权逻辑和 控制对资源的访问.有多种方法和 帮助您组织授权逻辑的助手，以及 我们将在本文档中介绍它们.

In addition to providing authentication services out of the box, Laravel also provides a simple way to organize authorization logic and control access to resources. There are a variety of methods and helpers to assist you in organizing your authorization logic, and we'll cover each of them in this document.

https://laravel.com/docs/master/authorization#introduction

政策似乎与这样做有关.用户可以更新任何条目还是仅更新他们的条目?

Policies however, appear to be more concerned with doing. Can the user update any entry, or only theirs?

这些问题似乎适合于控制器方法，在该方法中，对资源采取的所有行动呼吁都得到了组织.检索此对象，存储或更新文章.

These questions seem fit for a controller method where all the calls to action on a resource are organized. Retrieve this object, store or update the article.

如 tjbb 所述，中间件会使路由非常混乱且难以管理.这是我的路线文件中的一个示例:

As tjbb mentioned, middleware can make routes very messy and hard to manage. This is an example from my routes file:

问题

    Route::group(['middleware' =>'role:person_type,person_type2',], function () {
        Route::get('download-thing/{thing}', [
             'as' => 'download-thing', 
             'uses' => 'ThingController@download'
        ]);
    }); 

这很难在我的路线文件中读取！

This gets very hard to read in my route file!

另一种采用政策的方法

//ThingController
public function download(Thing $thing)
{
    //Policy method and controller method match, no need to name it
    $this->authorize($thing);

    //download logic here....
}

这篇关于Laravel:路由中间件和策略之间的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！