我一直在遇到Laravel中间件的一些问题。
让我告诉您我要完成的基本想法:
该网站上的注册用户将具有以下四个角色之一:
仅供引用:'overview'是一种索引 View ,但仅适用于批准者角色或更高角色
你们建议这样做的最好方法是什么?这是我到目前为止所做的,但是似乎没有用:
内核.php
protected $middlewareGroups = [
...
'approver+' => [
\App\Http\Middleware\Approver::class,
\App\Http\Middleware\Editor::class,
\App\Http\Middleware\Admin::class,
],
];
protected $routeMiddleware = [
...
'student' => \App\Http\Middleware\Student::class,
'approver' => \App\Http\Middleware\Approver::class,
'editor' => \App\Http\Middleware\Editor::class,
'admin' => \App\Http\Middleware\Admin::class,
];
Http\Middleware\Admin.php
public function handle($request, Closure $next)
{
if (Auth::check())
{
if(Auth::user()->isAdmin())
{
return $next($request);
}
}
return redirect('login');
}
“用户” Eloquent 模型:
public function isAdmin()
{
if($this->role_id === 4)
{
return true;
}
else
{
return false;
}
}
我已经在Approver和Editor中间件文件中完成了完全相同的操作,并且在User模型的isApprover和isEditor函数中,仅将if语句中的选中值分别编辑为2和3。
最后,这是我在routes\web文件中所做的事情:
Route::get('scholen', 'SchoolsController@index');
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
Route::get('scholen/{id}', 'SchoolsController@show');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');
尚不完全正确,但是我陷入困境,因为当我以具有批准者权限的用户身份登录并尝试访问学校概述时,它会将我重定向回主页。
总的来说,感觉就像我的工作太困惑了,根本不正确,有人可以给我一些建议,让我更有效地做到这一点吗?
提前非常感谢您!
最佳答案
您不应该为每个角色使用单独的中间件。它会很快变得非常困惑。最好有一个角色检查中间件,可以检查传递给它的任何角色。
Http\Kernel.php
protected $routeMiddleware = [
...
'role' => \App\Http\Middleware\Role::class,
];
Http\Middleware\Role.php
public function handle($request, Closure $next, ... $roles)
{
if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
return redirect('login');
$user = Auth::user();
if($user->isAdmin())
return $next($request);
foreach($roles as $role) {
// Check if user has the role This check will depend on how your roles are set up
if($user->hasRole($role))
return $next($request);
}
return redirect('login');
}
终于在您的网络 route
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');