控制对路径Laravel和Sentry的访问

时间:2014-08-19 12:21:16

标签: php laravel laravel-4 cartalyst-sentry

我想知道在使用routes.php时如何限制Sentry文件中某些路由的访问权限。目前我已设置以下路线

Route::model('book', 'Book');
Route::get('/books', 'BookController@index');
Route::get('book/create', 'BookController@create');
Route::get('book/edit/{book}', 'BookController@edit');
Route::get('book/delete/{book}', 'BookController@delete');
Route::get('book/view/{book}', 'BookController@view');
Route::post('book/create', 'BookController@handleCreate');
Route::post('book/edit', 'BookController@handleEdit');
Route::post('book/delete', 'BookController@handleDelete');

我有2 groups

  1. 管理
  2. 用户
  3. 我只希望Admin能够访问这些路线。我很感激任何帮助

1 个答案:

答案 0 :(得分:0)

取自 http://laravelsnippets.com/snippets/sentry-route-filters 并为您的建议修改。希望这可以帮助。我最近实现了类似的东西。

您需要将故障重定向中的路由替换为您自己的路由。

<?php 
/**
* Sentry filter
*
* Checks if the user is logged in
*/
Route::filter('Sentry', function()
{
    if ( ! Sentry::check()) {
        return Redirect::route('cms.login');
 }
});

/**
* hasAcces filter (permissions)
*
* Check if the user has permission (group/user)
*/
Route::filter('hasAccess', function($route, $request, $value)
{
    try
    {
        $user = Sentry::getUser();

        if( ! $user->hasAccess($value))
        {
            return Redirect::route('cms.login')->withErrors(array(Lang::get('user.noaccess')));
        }
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
        return Redirect::route('cms.login')->withErrors(array(Lang::get('user.notfound')));
    }

});

/**
* InGroup filter
*
* Check if the user belongs to a group
*/
Route::filter('inGroup', function($route, $request, $value)
{
    try
    {
        $user = Sentry::getUser();

        $group = Sentry::findGroupByName($value);

        if( ! $user->inGroup($group))
        {
            return Redirect::route('cms.login')->withErrors(array(Lang::get('user.noaccess')));
        }
    }
    catch (Cartalyst\Sentry\Users\UserNotFoundException $e)
    {
        return Redirect::route('cms.login')->withErrors(array(Lang::get('user.notfound')));
    }
    catch (Cartalyst\Sentry\Groups\GroupNotFoundException $e)
    {
        return Redirect::route('cms.login')->withErrors(array(Lang::get('group.notfound')));
    }
});


//Example use

Route::group(array('before' => 'Sentry|inGroup:Admin'), function()
{
    Route::model('book', 'Book');
    Route::get('/books', 'BookController@index');
    Route::get('book/create', 'BookController@create');
    Route::get('book/edit/{book}', 'BookController@edit');
    Route::get('book/delete/{book}', 'BookController@delete');
    Route::get('book/view/{book}', 'BookController@view');
    Route::post('book/create', 'BookController@handleCreate');
    Route::post('book/edit', 'BookController@handleEdit');
    Route::post('book/delete', 'BookController@handleDelete');
});