具有多种角色的 Laravel 中间件 [英] Laravel middleware with multiple roles
问题描述
我遇到了 Laravel 中间件的一些问题.让我告诉您我要完成的工作的基本概念:
I've been running into some issues with Laravel's middleware. Let me tell you the basic idea of what I'm trying to accomplish:
网站上的注册用户将具有以下四种角色之一:
Registered users on the site will have one of four roles:
- 学生(默认):可以访问索引"和显示"视图
- 审批者:可以访问以前的,以及概览"、更新"
- 编辑器:可以访问上一个,以及创建"、编辑"和存储"
- 管理员:可以访问一切
- Student (default): can access 'index' and 'show' views
- Approver: can access previous, plus 'overview', 'update'
- Editor: can access previous, plus 'create', 'edit' and 'store'
- Admin: can access everything
仅供参考:概览"是一种索引视图,但仅适用于审批者角色和更高的角色
fyi: 'overview' is sort of an index view, but only for approver role and higher
你们建议最好的方法是什么?这是我到目前为止所做的,但似乎不起作用:
What would you guys suggest is the best way to go about doing this? This is what I've done so far, but it doesn't seem to work:
内核.php
protected $middlewareGroups = [
...
'approver+' => [
AppHttpMiddlewareApprover::class,
AppHttpMiddlewareEditor::class,
AppHttpMiddlewareAdmin::class,
],
];
protected $routeMiddleware = [
...
'student' => AppHttpMiddlewareStudent::class,
'approver' => AppHttpMiddlewareApprover::class,
'editor' => AppHttpMiddlewareEditor::class,
'admin' => AppHttpMiddlewareAdmin::class,
];
<小时>
HttpMiddlewareAdmin.php
HttpMiddlewareAdmin.php
public function handle($request, Closure $next)
{
if (Auth::check())
{
if(Auth::user()->isAdmin())
{
return $next($request);
}
}
return redirect('login');
}
<小时>
用户"雄辩模型:
The 'User' Eloquent model:
public function isAdmin()
{
if($this->role_id === 4)
{
return true;
}
else
{
return false;
}
}
我在 Approver 和 Editor 中间件文件中做了完全相同的事情,在 User 模型的 isApprover 和 isEditor 函数中,只将 if 语句中的选中值分别编辑为 2 和 3.
I've done the exact same in the Approver and Editor middleware files, and in the isApprover and isEditor functions in the User model, only edited the checked value in the if-statement to 2 and 3 respectively.
最后,这是我在 routesweb 文件中所做的:
Finally, here's what I've done in my routesweb file:
Route::get('scholen', 'SchoolsController@index');
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
Route::get('scholen/{id}', 'SchoolsController@show');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');
这还不是完全正确,但我卡住了,因为当我以具有审批者权限的用户身份登录并尝试访问学校概览时,它会将我重定向回主页.
It isn't all exactly on point yet, but I got stuck since when I log in as a user with Approver rights and try to access the schools overview, it redirects me back to the home page.
总的来说,我只是觉得我的工作太混乱了,一点也不正确,有人可以就如何更有效地工作给我建议吗?
In general, it just feels like I'm working much too chaotically and not right at all, could somebody give me advice on how to do it more efficiently?
在此先非常感谢您!
推荐答案
你不应该为每个角色都有一个单独的中间件.它会很快变得非常混乱.最好有一个单一的角色检查中间件,可以检查传递给它的任何角色.
You should't have a separate middleware for each role. It will get very messy very fast. It would be better to have a single role checking middleware that can check against any role passed to it.
HttpKernel.php
HttpKernel.php
protected $routeMiddleware = [
...
'role' => AppHttpMiddlewareRole::class,
];
HttpMiddlewareRole.php
HttpMiddlewareRole.php
public function handle($request, Closure $next, ... $roles)
{
if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
return redirect('login');
$user = Auth::user();
if($user->isAdmin())
return $next($request);
foreach($roles as $role) {
// Check if user has the role This check will depend on how your roles are set up
if($user->hasRole($role))
return $next($request);
}
return redirect('login');
}
最后在你的网络路由中
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');
这篇关于具有多种角色的 Laravel 中间件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
