不同的用户,中间件Laravel 5

时间:2015-07-17 17:48:09

标签: php laravel authentication laravel-5 middleware

我试图在我的系统中使用不同的用户级别。我的数据库是我的用户和他们的级别(master,portais,chaves等)

所以,我想要的是每个用户的不同路由,因此每个用户只能访问系统的一部分。

我可以轻松地在系统的每个页面检查他的AUTH,如果他登录的是一个他不应该看到该页面的帐户,就不会向他显示页面。但是,使用中间件/路由没有一种简单的方法吗?!

我在routes.php上尝试过类似的东西:

Route::group(['middleware' => 'Master'], function()
{
    Route::any('/vendedor/produtos/removeProduto', 'AjaxController@vendedorRemoveProduto');
    Route::any('/vendedor/produtos/editaPrecoProduto', 'AjaxController@editaPrecoProduto');
    Route::any('/vendedor/produtos/alterarestadoproduto', 'AjaxController@alterarestadoumproduto');
    Route::any('/vendedor/produtos/listaProdutos', 'AjaxController@listaProdutos');
    Route::any('/vendedor/produtos/adicionaProdutoCliente', 'AjaxController@adicionaProdutoCliente');
    Route::any('/', 'DashboardController@home'); });

    Route::group(['middleware' => 'portais'], function()
{
    Route::any('/cadastrarobjedu/criartema', 'AjaxController@criartemaobjedu');
    Route::any('/cadastrarobjedu/cadastrar', 'AjaxController@cadastraobjedu');
    Route::any('/cadastrarobjedu', 'DashboardController@cadastrarobjedu');
    Route::any('/listarobjedu', 'DashboardController@listarobjedu');
    Route::any('/editarobjeto/{id}', 'DashboardController@editarobjeto');
    Route::any('/apagarobjeto/{id}', 'AjaxController@apagarobjeto');
    Route::any('/', 'DashboardController@home'); });

但是这没有用,请给我一个错误,说'" MASTER"阶级已经存在。我还有更改吗?

1 个答案:

答案 0 :(得分:2)

您需要实现一个中间件来检查当前用户是否已经给出了级别。

Laravel 5.0

//app/Http/Kernel.php - register middleware classes
protected $routeMiddleware = [
    'levelMaster'  => 'App\Http\Middleware\LevelMasterMiddleware',
    'levelPortais' => 'App\Http\Middleware\LevelPortaisMiddleware'
];

//app/Http/Middleware/LevelMiddleware.php - base middleware class that checks if user has level stored in $level;
namespace App\Http\Middleware;

use Closure;
use App;
use Auth;

abstract class LevelMiddleware
{   
    protected $level;

    public function handle($request, Closure $next)
    {
        if (Auth::user() && Auth::user()->level !== $this->level) {
            return App::abort(Auth::check() ? 403 : 401, Auth::check() ? 'Forbidden' : 'Unauthorized');
        }

        return $next($request);
    }
}

//app/Kernel/Middleware/LevelMasterMiddleware.php - checks if user has level Master
namespace App\Http\Middleware;

class LevelMasterMiddleware extends LevelMiddleware
{   
    protected $level = 'master';
}

//app/Kernel/Middleware/LevelPortaisMiddleware.php - checks if user has level Portais
namespace App\Http\Middleware;

class LevelPortaisMiddleware extends LevelMiddleware
{   
    protected $level = 'portais';
}

//config/routes.php - configure routes for different levels
Route::group(['middleware' => 'levelMaster'], function()    
{
    //here add routes for users with level=master
}

Route::group(['middleware' => 'levelPortais'], function()    
{
    //here add routes for users with level=portais
}

Laravel 5.1

最新版本的Laravel引入了中间件参数,可以简化上述代码,因为只需要一个中间件类:

//app/Http/Kernel.php - register middleware class
protected $routeMiddleware = ['level' => 'App\Http\Middleware\LevelMiddleware'];

//app/Http/Middleware/LevelMiddleware.php - check if current user has given level
namespace App\Http\Middleware;

use Closure;
use App;
use Auth;

class LevelMiddleware
{    
    public function handle($request, Closure $next, $level)
    {
        if (Auth::user() && Auth::user()->level !== $level) {
            return App::abort(Auth::check() ? 403 : 401, Auth::check() ? 'Forbidden' : 'Unauthorized');
        }

        return $next($request);
    }
}

//config/routes.php - configure routes for different levels and pass level as middleware parameter
Route::group(['middleware' => 'level:master'], function()    
{
    //here add routes for users with level=master
}

Route::group(['middleware' => 'level:portais'], function()    
{
    //here add routes for users with level=portais
}