限制Laravel访问的最佳方法是什么? [英] What is the best way to restrict access in Laravel?

问题描述

我正在设计一个网站，只有登录的用户才能访问该网站某些部分的内容.那么，以下哪种方法更安全且符合行业标准?

I am designing a website where only logged in user can access the content of some parts of the site.So which of the following method is more secure and a industry standard?

方法1:检查用户是否已登录并在视图中执行以下操作:

Method 1: Checking if the user is logged in and doing something like the following in a view:

@if (Auth::check())
   // content for logged in user
@else
   // Access restricted warning message for guests
@endif

方法2:使用路由技术

Route::get('study',array('before'=>'auth','uses'=>'home@study'));

同时使用两种技术毫无意义，对吧?

And there is no point in using both techniques simultaneously,right?

推荐答案

在路由器中使用过滤器.就像codenamegary所建议的那样，请使用过滤器.这是很普遍的做法，而且非常明确.

Use filters in your router. As codenamegary is suggesting, use a filter. That's common practice and very explicit.

一个过滤器示例:

Route::group(array('before' => 'auth'), function()
{
    Route::controller('backend.index');
    Route::controller('backend.dashboard');
}

以及过滤器定义:

Route::filter('auth', function()
{
    if (Auth::guest()) return Redirect::to('login');
});

这篇关于限制Laravel访问的最佳方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！