我一直在遇到Laravel中间件的一些问题。
让我告诉您我要完成的基本想法:

该网站上的注册用户将具有以下四个角色之一:

  • 学生(默认):可以访问“索引”和“显示” View
  • 批准者:可以访问上一个,以及'概述','更新'
  • 编辑器:可以访问以前的版本,以及“创建”,“编辑”和“存储
  • 管理员:可以访问一切

  • 仅供引用:'overview'是一种索引 View ,但仅适用于批准者角色或更高角色

    你们建议这样做的最好方法是什么?这是我到目前为止所做的,但是似乎没有用:

    内核.php
    protected $middlewareGroups = [
    ...
        'approver+' => [
            \App\Http\Middleware\Approver::class,
            \App\Http\Middleware\Editor::class,
            \App\Http\Middleware\Admin::class,
        ],
    ];
    
    protected $routeMiddleware = [
    ...
        'student' => \App\Http\Middleware\Student::class,
        'approver' => \App\Http\Middleware\Approver::class,
        'editor' => \App\Http\Middleware\Editor::class,
        'admin' => \App\Http\Middleware\Admin::class,
    ];
    

    Http\Middleware\Admin.php
    public function handle($request, Closure $next)
    {
       if (Auth::check())
       {
    
            if(Auth::user()->isAdmin())
            {
                return $next($request);
            }
       }
    
        return redirect('login');
    }
    

    “用户” Eloquent 模型:
    public function isAdmin()
    {
        if($this->role_id === 4)
        {
            return true;
        }
        else
        {
            return false;
        }
    }
    

    我已经在Approver和Editor中间件文件中完成了完全相同的操作,并且在User模型的isApprover和isEditor函数中,仅将if语句中的选中值分别编辑为2和3。

    最后,这是我在routes\web文件中所做的事情:
    Route::get('scholen', 'SchoolsController@index');
    Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
    Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
    Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
    Route::get('scholen/{id}', 'SchoolsController@show');
    Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
    Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
    Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');
    

    尚不完全正确,但是我陷入困境,因为当我以具有批准者权限的用户身份登录并尝试访问学校概述时,它会将我重定向回主页。

    总的来说,感觉就像我的工作太困惑了,根本不正确,有人可以给我一些建议,让我更有效地做到这一点吗?

    提前非常感谢您!

    最佳答案

    您不应该为每个角色使用单独的中间件。它会很快变得非常困惑。最好有一个角色检查中间件,可以检查传递给它的任何角色。

    Http\Kernel.php

    protected $routeMiddleware = [
        ...
        'role' => \App\Http\Middleware\Role::class,
    ];
    

    Http\Middleware\Role.php
    public function handle($request, Closure $next, ... $roles)
    {
        if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
            return redirect('login');
    
        $user = Auth::user();
    
        if($user->isAdmin())
            return $next($request);
    
        foreach($roles as $role) {
            // Check if user has the role This check will depend on how your roles are set up
            if($user->hasRole($role))
                return $next($request);
        }
    
        return redirect('login');
    }
    

    终于在您的网络 route
    Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
    Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');
    

    10-05 20:29
    查看更多