如何限制Laravel 4的路线?

时间:2014-12-01 17:51:36

标签: php laravel laravel-4 routes

我有两种类型的用户:

  1. 管理
  2. 不是管理员

    3. Admin将获得完全访问权限,其中Not Admin只能获取索引。

    这是我的路线

     Route::get('users','UserController@index');
 Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
 Route::post('users/store','UserController@store');
 Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
 Route::get('users/{id}/edit', 'UserController@edit');
 Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
 Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

    如何制定限制,以便Admin获得完全访问权限,Not Admin只能访问索引。

3 个答案:

答案 0 :(得分:2)

将此添加到 filters.php 

Route::filter('admin', function()
{
    if (Auth::user()->type == "Admin") // Change this to match your !
    {
        if (Request::ajax())
        {
            return Response::make('Unauthorized', 404);
        }

    }

    else return View::make('error'); // Need to have this view !
});

然后在 routes.php

上尝试此操作 
Route::group(array('before'=>'admin'),function() {

//Users
                Route::get('users','UserController@index');
                Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
                Route::post('users/store','UserController@store');
                Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
                Route::get('users/{id}/edit', 'UserController@edit');
                Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
                Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

重复if (Auth::user()->type != "Admin")

答案 1 :(得分:1)

您可以使用检查其权限级别的route filter

答案 2 :(得分:0)

用一个例子详细说明@ceejayoz答案:

/*
 * Check if user is logged in
 */
Route::filter('auth', function(){

    if(!Auth::check()){

        return Redirect::to('login')->with('message', 'You must be logged in');

    }

});

/*
 * Check if the logged in users group name is 'admin'
 */
Route::filter('admin', function(){

    if(Auth::user()->group->name != 'admin'){

        return Redirect::to('home')->with('message', 'You do not have access to this');

    }

});


//Users must be logged in to access these routes
Route::group(array('before'=>'auth'), function(){

    Route::get('users','UserController@index');

    //Users must be an administrator to access these routes
    Route::group(array('before'=>'admin'), function(){

        Route::get('users/create', array('as'=>'users.create', 'uses'=>'UserController@create'));
        Route::post('users/store','UserController@store');
        Route::get('users/{id}', array('before' =>'profile', 'uses'=>'UserController@show'));
        Route::get('users/{id}/edit', 'UserController@edit');
        Route::put('users/{id}/update', array('as'=>'users.update', 'uses'=>'UserController@update'));
        Route::delete('users/{id}/destroy',array('as'=>'users.destroy', 'uses'=>'UserController@destroy'));

    });

});
相关问题
最新问题