伙计们,我正在尝试使用Laravels Auth类实现基于角色的访问的解决方案
我想知道这方面的最佳做法,并了解我在逻辑实现中的错误。以下是我在路线文件中的代码。请告知:)
Route::group(array('before' => 'auth'), function(){
if(Auth::user()){
/* *****
Inventory Clearence Roles
0 -> Inv Browser
1 -> Inv Manager
******/
$clearence = Auth::user()->role;
switch ($clearence){
case 0:
Route::get('/', array('uses' => 'HomeController@role0task0'));
Route::get('/task1', array('uses' => 'HomeController@role0task1'));
Route::get('/task2', array('uses' => 'HomeController@role0task2'));
break;
case 1:
Route::get('/', array('uses' => 'HomeController@role1task0'));
Route::get('/taska1', array('uses' => 'HomeController@role1task1'));
Route::get('/taska2', array('uses' => 'HomeController@role1task2'));
break;
}
}
});
答案 0 :(得分:1)
根据我的经验,在Laravel创建条件路线不是一个很好的做法。在找到路线之前,Laravel会创建所有可用路线的列表,如果您的用户未经过身份验证,则所有这些路线都将从全局路线列表中消失。所以如果你这样做:
php artisan routes
你永远不会看到它们,因为在命令行中从来没有经过身份验证的用户。
在这些情况下,我和其他人所做的是在点击路线后检查授权,过滤器甚至控制器,如果用户无权访问该特定路线,请提醒他并注明日志未经授权的访问尝试。
这是使用角色的路由过滤器的示例:
Route::group(array('before' => 'auth'), function()
{
Route::group(array('prefix' => 'browser', 'before' => 'role.browser'), function()
{
Route::get('/', array('uses' => 'BrowserController@index'));
Route::get('task1', array('uses' => 'BrowserController@task1'));
Route::get('task2', array('uses' => 'BrowserController@task2'));
});
Route::group(array('prefix' => 'manager', 'before' => 'role.manager'), function()
{
Route::get('/', array('uses' => 'ManagerController@index'));
Route::get('task1', array('uses' => 'ManagerController@task1'));
Route::get('task2', array('uses' => 'ManagerController@task2'));
});
});
每个角色的过滤器:
Route::filter('role.browser', function()
{
if (Auth::user()->role !== 0)
{
Session::flash('error', 'You are not authorized to view this page.');
return Redirect::to('home');
}
});
Route::filter('role.manager', function()
{
if (Auth::user()->role !== 1)
{
Session::flash('error', 'You are not authorized to view this page.');
return Redirect::to('home');
}
});
现在,如果你这样做
php artisan routes
您应该看到所有路线和哪些过滤器适用于它们:
+--------+------------------------+-------+-------------------------+--------------------+---------------+
| Domain | URI | Name | Action | Before Filters | After Filters |
+--------+------------------------+-------+-------------------------+--------------------+---------------+
| | GET|HEAD browser | | BrowserController@index | auth, role.browser | |
| | GET|HEAD browser/task1 | | BrowserController@task1 | auth, role.browser | |
| | GET|HEAD browser/task2 | | BrowserController@task2 | auth, role.browser | |
| | GET|HEAD manager | | ManagerController@index | auth, role.manager | |
| | GET|HEAD manager/task1 | | ManagerController@task1 | auth, role.manager | |
| | GET|HEAD manager/task2 | | ManagerController@task2 | auth, role.manager | |
+--------+------------------------+-------+-------------------------+--------------------+---------------+