与用户的Laravel中间件-Java 学习之路

我正在尝试将中间件设置到我的laravel博客，我遇到了以下情况的问题 . 我想允许访问某些路由，但仅限于特定用户（不是角色） . 例如，具有admin，globalmod或版主角色的所有人都可以使用“index”，“create”，“store”和“show”路由 . 要“销毁”路线只能访问管理员 .

问题在于“编辑”和“更新”路线 . 对于这些路线，我想只允许“admin”用户和创建该博客帖子的用户访问 .

此代码适用于角色，但我不知道如何为特定用户设置它 .

应用程序\ user.php的

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable {

    use Notifiable;

    protected $fillable = [
        'name', 'email', 'password',
    ];

    protected $hidden = [
        'password', 'remember_token',
    ];

    public function roles() {
      return $this->belongsToMany('App\Role');
    }

    public function authorizeRoles($roles) {
      if (is_array($roles)) {
          return $this->hasAnyRole($roles) || 
                 abort(401, 'This action is unauthorized.');
      }
      return $this->hasRole($roles) || 
             abort(401, 'This action is unauthorized.');
    }

    public function hasAnyRole($roles) {
      return null !== $this->roles()->whereIn('slug', $roles)->first();
    }

    public function hasRole($role) {
      return null !== $this->roles()->where('slug', $role)->first();
    }
}

应用程序\ HTTP \中间件\ RolesMiddleware.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class RolesMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next, ... $roles) {

        if(!Auth::check()) {
            return redirect()->route('login')->with('attention', 'You have no access');
        }

        $user = Auth::user();

        foreach($roles as $role) {
            if($user->hasRole($role)) {
                return $next($request);
            }
        }
        return redirect()->back()->with('attention', 'You have no access');

    }
}

应用程序\ HTTP \ Kernel.php

protected $routeMiddleware = [
        ...
        'role' => \App\Http\Middleware\RolesMiddleware::class,
    ];

应用程序\ HTTP \控制器\ BlogController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Blog;

class BlogsController extends Controller
{

    public function __construct() {
        $this->middleware('role:admin', array('only' => 'destroy'));
        $this->middleware('role:admin,globalmod,moderator', array('only' => array('index', 'create', 'store', 'show')));
    }

    public function index() {
        ...
    }

    public function create() {
        ...
    }

    public function store(Request $request) {
        ...
    }

    public function show($id) {
        ...
    }

    public function edit($id) {
        ...
    }

    public function update(Request $request, $id) {
        ...
    }

    public function destroy($id) {
        ...
    }
}

例如，我需要这样的东西

$this->middleware('role:admin OR $blog->author_id == Auth::user()->id',
array('only' => 'edit', 'update'));

2 回答

0

查看https://laravel.com/docs/5.6/authorization#gates您可以为您的模型定义规则/策略 .

它可以通过自定义中间件实现，但Laravel策略和门是可行的 .

回复于 2024-05-02T16:09:20+08:00

尝试这样的事情

Route::group(['middleware' => ['role:Admin']], function () {

     //define routes here... Ex. below 
    Route::get('/', 'HomeController@index');
    /* for application to get sale price */


}

回复于 2024-05-02T16:09:20+08:00

与用户的Laravel中间件

2 回答

相关问题