基于角色的用户访问实现Laravel身份验证类的最佳实践

时间:2014-09-08 15:06:27

标签: authentication laravel

伙计们,我正在尝试使用Laravels Auth类实现基于角色的访问的解决方案

我想知道这方面的最佳做法,并了解我在逻辑实现中的错误。以下是我在路线文件中的代码。请告知:)

Route::group(array('before' => 'auth'), function(){
if(Auth::user()){

    /* *****
        Inventory Clearence Roles 
        0 -> Inv Browser
        1 -> Inv Manager

    ******/

    $clearence =  Auth::user()->role;

    switch ($clearence){
        case 0:
            Route::get('/', array('uses' => 'HomeController@role0task0'));
            Route::get('/task1', array('uses' => 'HomeController@role0task1'));
            Route::get('/task2', array('uses' => 'HomeController@role0task2'));
            break;
        case 1: 
            Route::get('/', array('uses' => 'HomeController@role1task0'));
            Route::get('/taska1', array('uses' => 'HomeController@role1task1'));
            Route::get('/taska2', array('uses' => 'HomeController@role1task2'));
            break;
    }
}       
});

1 个答案:

答案 0 :(得分:1)

根据我的经验,在Laravel创建条件路线不是一个很好的做法。在找到路线之前,Laravel会创建所有可用路线的列表,如果您的用户未经过身份验证,则所有这些路线都将从全局路线列表中消失。所以如果你这样做:

php artisan routes

你永远不会看到它们,因为在命令行中从来没有经过身份验证的用户。

在这些情况下,我和其他人所做的是在点击路线后检查授权,过滤器甚至控制器,如果用户无权访问该特定路线,请提醒他并注明日志未经授权的访问尝试。

这是使用角色的路由过滤器的示例:

Route::group(array('before' => 'auth'), function()
{
    Route::group(array('prefix' => 'browser', 'before' => 'role.browser'), function()
    {
        Route::get('/', array('uses' => 'BrowserController@index'));
        Route::get('task1', array('uses' => 'BrowserController@task1'));
        Route::get('task2', array('uses' => 'BrowserController@task2'));
    });

    Route::group(array('prefix' => 'manager', 'before' => 'role.manager'), function()
    {
        Route::get('/', array('uses' => 'ManagerController@index'));
        Route::get('task1', array('uses' => 'ManagerController@task1'));
        Route::get('task2', array('uses' => 'ManagerController@task2'));
    });
});

每个角色的过滤器:

Route::filter('role.browser', function()
{
    if (Auth::user()->role !== 0)
    {
        Session::flash('error', 'You are not authorized to view this page.');

        return Redirect::to('home');
    }
});

Route::filter('role.manager', function()
{
    if (Auth::user()->role !== 1)
    {
        Session::flash('error', 'You are not authorized to view this page.');

        return Redirect::to('home');
    }
});

现在,如果你这样做

php artisan routes

您应该看到所有路线和哪些过滤器适用于它们:

+--------+------------------------+-------+-------------------------+--------------------+---------------+
| Domain | URI                    | Name  | Action                  | Before Filters     | After Filters |
+--------+------------------------+-------+-------------------------+--------------------+---------------+
|        | GET|HEAD browser       |       | BrowserController@index | auth, role.browser |               |
|        | GET|HEAD browser/task1 |       | BrowserController@task1 | auth, role.browser |               |
|        | GET|HEAD browser/task2 |       | BrowserController@task2 | auth, role.browser |               |
|        | GET|HEAD manager       |       | ManagerController@index | auth, role.manager |               |
|        | GET|HEAD manager/task1 |       | ManagerController@task1 | auth, role.manager |               |
|        | GET|HEAD manager/task2 |       | ManagerController@task2 | auth, role.manager |               |
+--------+------------------------+-------+-------------------------+--------------------+---------------+