我有一个Laravel 4应用程序,它使用phpCAS单点登录来验证用户。但是,我无法确定如何锁定任何未经授权的用户访问我的任何应用程序URL。对于这种情况,有许多用户能够通过phpCAS登录页面,但如果他们没有管理员权限,则应同时拒绝访问我的应用程序(Access Denied页面除外)。
如何在显示“拒绝访问权限”页面时锁定这些用户访问我应用的网址?
routes.php文件:
Route::get('/adminHome/{USER_ID}', array('as' => 'home', 'uses' => 'AdminController@home'));
Route::get('/adminHome/create/{USER_ID}', 'AdminController@create');
Route::get('/adminHome/{adminID}/delete/{USER_ID}', 'AdminController@delete');
Route::post('/adminHome/store/{USER_ID}', 'AdminController@store');
Route::get('/adminHome', 'AdminController@__construct');
Route::get('/accessDenied', array('as' => 'accessDenied', 'uses' => 'AdminController@accessDenied'));
管理员控制器:
public function __construct()
{
App::make('CAS');
$ID = $_SESSION['phpCAS']['attributes']['UDC_IDENTIFIER'];
$admin = App::make('AdminServices');
$isValidAdmin = $admin->isAdmin($ID);
//check DB to see if user has admin access rights
if ($isValidAdmin && $isValidAdmin->ADMIN == "yes")
{
return Redirect::route('home', $ID);
}
else
{
return Redirect::route('accessDenied');
}
}
public function accessDenied()
{
return View::make('users/accessdenied');
}
视图/用户/存取遭拒:
<div class="alert alert-danger" role="alert" align="center"><strong>Access Denied. </strong>You do not have permission to access this page. Please notify the system administrator to obtain access.</div>
答案 0 :(得分:0)
将accessDenied放入单个控制器,然后从BaseController.e扩展所有其他控制器
BaseController可能是
class BaseController extends Controller {
public function __construct() {
$this->beforeFilter('auth');
}
}
然后忘掉它,它运作正常。
你可以在app / filters.php,Route::filter('auth', function(){...});