具有多个角色的Laravel中间件 [英] Laravel middleware with multiple roles
问题描述
我一直在遇到Laravel中间件的一些问题. 让我告诉您我要完成的基本想法:
I've been running into some issues with Laravel's middleware. Let me tell you the basic idea of what I'm trying to accomplish:
该网站上的注册用户将具有以下四个角色之一:
Registered users on the site will have one of four roles:
- 学生(默认):可以访问"索引"和"显示"视图
- 批准者:可以访问上一个,以及"概述","更新"
- 编辑器:可以访问以前的内容,以及"创建","编辑"和"存储"
- 管理员:可以访问所有内容
- Student (default): can access 'index' and 'show' views
- Approver: can access previous, plus 'overview', 'update'
- Editor: can access previous, plus 'create', 'edit' and 'store'
- Admin: can access everything
fyi:概述"是一种索引视图,但仅适用于批准者角色及更高级别
fyi: 'overview' is sort of an index view, but only for approver role and higher
你们会建议这样做的最好方法是什么?这是我到目前为止所做的,但似乎没有用:
What would you guys suggest is the best way to go about doing this? This is what I've done so far, but it doesn't seem to work:
Kernel.php
Kernel.php
protected $middlewareGroups = [
...
'approver+' => [
\App\Http\Middleware\Approver::class,
\App\Http\Middleware\Editor::class,
\App\Http\Middleware\Admin::class,
],
];
protected $routeMiddleware = [
...
'student' => \App\Http\Middleware\Student::class,
'approver' => \App\Http\Middleware\Approver::class,
'editor' => \App\Http\Middleware\Editor::class,
'admin' => \App\Http\Middleware\Admin::class,
];
Http \ Middleware \ Admin.php
Http\Middleware\Admin.php
public function handle($request, Closure $next)
{
if (Auth::check())
{
if(Auth::user()->isAdmin())
{
return $next($request);
}
}
return redirect('login');
}
用户"口才模型:
The 'User' Eloquent model:
public function isAdmin()
{
if($this->role_id === 4)
{
return true;
}
else
{
return false;
}
}
我已经在Approver和Editor中间件文件中进行了完全相同的操作,并且在User模型的isApprover和isEditor函数中,仅将if语句中的选中值分别编辑为2和3.
I've done the exact same in the Approver and Editor middleware files, and in the isApprover and isEditor functions in the User model, only edited the checked value in the if-statement to 2 and 3 respectively.
最后,这是我在routes \ web文件中所做的事情:
Finally, here's what I've done in my routes\web file:
Route::get('scholen', 'SchoolsController@index');
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
Route::get('scholen/{id}', 'SchoolsController@show');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');
这还不是很准确,但是我卡住了,因为当我以具有批准者权限的用户身份登录并尝试访问学校概述时,它会将我重定向到主页.
It isn't all exactly on point yet, but I got stuck since when I log in as a user with Approver rights and try to access the schools overview, it redirects me back to the home page.
总的来说,感觉就像我的工作太混乱了,根本不对劲,有人可以给我一些建议,以提高效率吗?
In general, it just feels like I'm working much too chaotically and not right at all, could somebody give me advice on how to do it more efficiently?
非常感谢您!
推荐答案
对于每个角色,您都不应使用单独的中间件.它会很快变得非常混乱.最好有一个角色检查中间件,它可以检查传递给它的任何角色.
You should't have a separate middleware for each role. It will get very messy very fast. It would be better to have a single role checking middleware that can check against any role passed to it.
Http \ Kernel.php
Http\Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\Role::class,
];
Http \ Middleware \ Role.php
Http\Middleware\Role.php
public function handle($request, Closure $next, ... $roles)
{
if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
return redirect('login');
$user = Auth::user();
if($user->isAdmin())
return $next($request);
foreach($roles as $role) {
// Check if user has the role This check will depend on how your roles are set up
if($user->hasRole($role))
return $next($request);
}
return redirect('login');
}
最后在您的网络路线中
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');
这篇关于具有多个角色的Laravel中间件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
