需要一些laravel master的帮助。 我想创建管理员帐户登录和仪表板。
开箱即用的laravel提供表users的身份验证。我已添加了表格roles和一列users(role_id),因此我可以区分不同的用户。
许多小时的搜索都没有帮助,因为在大多数情况下,对于不同用户而言,使用两个表复制本机身份验证是愚蠢的。
Kernel.php
protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,
\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
\Illuminate\Session\Middleware\StartSession::class,
\Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class,
],
'api' => [
'throttle:60,1',
],
'admin' => [
'web',
'auth',
],
];
routes.php文件
Route::group(['middleware' => 'admin'], function () {
Route::get('admin', 'LoginController@showLoginForm');
Route::post('admin', 'LoginController@authenticate');
Route::get('dashboard', function () {
return view('admin.dashboard');
});
});
LoginController.php
public function showLoginForm()
{
return view('admin.login');
}
public function authenticate(Request $request)
{
$credential = [
'email' => $request['email'],
'password' => $request['password']
];
if (Auth::attempt($credential) && $this->authAdmin($credential['email']))
{
//SOMETHING I DONT KNOW YET
//BUT THEN
return redirect()->route('dashboard');
}
}
protected function authAdmin($email = null)
{
$user = User::where('email', $email)->first();
if ($user->role_id == '2')
{
return true;
}
return false;
}
当我去/dashboard时,我看到基本登录表单,当我输入凭据时,我会被记录,但会话与简单用户相同。我不确定我的 LoginController 方法。问题是:如何区分会话以建立管理员帐户?关于上述代码的一些建议。
答案 0 :(得分:1)
我非常接近。所以这是我对自己问题的解决方案。
首先,我添加了检查用户模型角色的方法 User.php
就我而言,它看起来像
public function isAdmin() {
$st = false;
if ($this->role_id == 2) {
$st = true;
}
return $st;
}
然后我创建了中间件 IsAdmin.php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class IsAdmin
{
public function handle($request, Closure $next)
{
if (Auth::check() && Auth::user()->isAdmin()) { //check the proper role
return $next($request);
}
else {
return response()
->view('admin.forbidden')
->header('Content-Type', 'text/html');
}
}
}
接下来我编辑了 Kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'admin' => \App\Http\Middleware\IsAdmin::class, //my middleware
];
routes.php 看起来像
Route::group(['middleware' => 'web'], function () {
Route::group(['middleware' => 'admin'], function() {
Route::get('/dashboard', 'LoginController@dashboard');
});
});
LoginController.php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use App\Http\Requests;
use Auth;
class LoginController extends Controller
{
public function __construct()
{
$this->middleware('auth');
}
public function dashboard()
{
return view('admin.dashboard');
}
}
您可以通过这种方式限制或允许对任何角色执行操作。我希望这会对某人有所帮助。