我尝试了很多方法,但即使用户没有登录,也可以打开秘密管理页面 此路由用于管理目录:
Route::group(
array (
'prefix' => 'admin',
),
function () {
Route::resource('posts', 'postController');
Route::get('/login', array ('uses' => 'loginController@showForm'));
Route::post('/login', array ('uses' => 'loginController@checkLogin'));
Route::get('/logOut', array ('uses' => 'loginController@doLogout'));
}
);
这是我的登录控制器:
namespace App\Http\Controllers;
use App\Http\Requests;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
class loginController extends Controller
{
public function showForm ()
{
return View::make('admin.login');
}
public function checkLogin ()
{
$data = \Input::all();
$rules = array (
'username' => 'alpha_num|min:3',
'password' => 'alpha_num|min:3',
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('admin')->withErrors($validator)->withInput(\Input::all());
} else {
$enteredData = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
if (\Auth::attempt($enteredData)) {
return \Redirect::to('admin/posts');
} else {
echo 'the data is Wrong ';
}
}
}
public function doLogout(){
\Auth::logout();
return Redirect::to('/admin/login');
}
}
这部分是 postController :
namespace App\Http\Controllers;
use App\Http\Requests;
use App\Post;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Input;
use Illuminate\Support\Facades\Redirect;
use Illuminate\Support\Facades\View;
class postController extends Controller
{
public function __construct ()
{
var_dump(\Auth::check());
if (!\Auth::check()) {
return \Redirect::to('/admin/login');
}
}
/**
* Display a listing of the resource.
*
* @return Response
*/
public function index ()
{
$allPosts = Post::all();
return \View::make('admin.pages.posts')->with('posts',$allPosts);
}
/**
* Show the form for creating a new resource.
*
* @return Response
*/
public function create ()
{
return \View::make('admin.pages.post_create');
}
/**
* Store a newly created resource in storage.
*
* @param Request $request
* @return Response
*/
public function store (Request $request)
{
$data = Input::all();
$rules = array (
'post_title' => 'required',
'post_desc' => 'required'
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('/admin/posts/create')
->withErrors($validator)
->withInput();
} else {
$post = new Post();
$post->post_title = $data['post_title'];
$post->post_desc = $data['post_desc'];
$post->save();
return \Redirect::to('/admin/posts');
}
}
/**
* Display the specified resource.
*
* @param int $id
* @return Response
*/
public function show ($id)
{
$post = Post::find($id);
return \View::make('admin.pages.show_post')->with('post',$post);
}
/**
* Show the form for editing the specified resource.
*
* @param int $id
* @return Response
*/
public function edit ($id)
{
$post = Post::find($id);
return \View::make('admin.pages.edit_post')->with('post',$post);
}
/**
* Update the specified resource in storage.
*
* @param Request $request
* @param int $id
* @return Response
*/
public function update (Request $request, $id)
{
$data = Input::all();
$rules = array (
'post_title' => 'required',
'post_desc' => 'required'
);
$validator = \Validator::make($data, $rules);
if ($validator->fails()) {
return \Redirect::to('post/create')
->withErrors($validator)
->withInput();
} else {
$post = Post::find($id);
$post->post_title = $data['post_title'];
$post->post_desc = $data['post_desc'];
$post->save();
return \Redirect::to('admin/posts');
}
}
/**
* Remove the specified resource from storage.
*
* @param int $id
* @return Response
*/
public function destroy ($id)
{
$post = Post::find($id);
$post->delete();
return Redirect::to('admin/posts');
}
}
注意我添加一个构造方法来控制未记录的用户并将它们重定向到登录页面:
public function __construct ()
{
var_dump(Auth::check());
if (!Auth::check()) {
return Redirect::to('/admin/login');
}
}
var_dump 为已登录用户返回 true ,为其他用户返回 false 但不执行重定向操作。
问题出在哪里?
更新:
我将帖子路由资源更改为:
Route::resource('posts', 'postController',array('middleware' => 'auth'));
但它无效 但是当我将Construct postController更改为:
时public function __construct ()
{
$this->middleware('auth');
}
它运作良好。
答案 0 :(得分:3)
资源路由中的第三个参数是用于覆盖路由名称或指定子集的数组,它不用于附加中间件。您可以继续在控制器构造中放置授权,但是如果要保护整个管理路由,可以使用组,如下所示:
Route::group([
'prefix' => 'admin',
'middleware' => ['auth']
], function ()
{
Route::resource('posts', 'postController');
});
答案 1 :(得分:0)
通过@craig_h回答和我的研究,我发现我必须将另一个路由组中的登录和注销路由分开。当我使用这段代码时:
Route::group(
array (
'prefix' => 'admin',
'middleware' => ['auth']
),
function () {
Route::resource('posts', 'postController');
Route::get('/login', array ('uses' => 'loginController@showForm'));
Route::post('/login', array ('uses' => 'loginController@checkLogin'));
Route::get('/logOut', array ('uses' => 'loginController@doLogout'));
}
);
我此网页在Chrome中有重定向循环错误,因为登录和注销位于发布资源路径的同一路径组中,当未经授权的用户返回时登录页面laravel尝试对他进行身份验证并在页面中发生重定向循环。
但是当另一个路由组中的单独登录和注销路由如下,问题解决了,一切正常。
Route::group(
array (
'prefix' => 'admin',
'middleware' => ['auth']
),
function () {
Route::resource('posts', 'postController');
}
);
Route::group(
array (
'prefix' => 'admin'
),
function () {
Route::get('/login', array ('uses' => 'loginController@showForm'));
Route::post('/login', array ('uses' => 'loginController@checkLogin'));
Route::get('/logOut', array ('uses' => 'loginController@doLogout'));
}
);