Laravel Routing具有中间件的多级用户

时间:2016-12-06 14:42:09

标签: php laravel laravel-5 routes

您好我有2级用户: 1超级管理员,能够看到和做的一切 2 TD只能看到东西而不会改变任何东西

我制作了2个中间件: 1 auth.superadmin和1 auth.td

我的路线:

Route::group(['middleware' => ['auth.superadmin']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');
Route::get('/users/create-worker', 'UsersController@getcreateworker');
Route::post('/users/post-create-worker', 'UsersController@postcreateworker');
Route::get('/users/create-agent', 'UsersController@getcreateagent');
Route::post('/users/post-create-agent', 'UsersController@postcreateagent');
Route::get('/users-optima', 'UsersController@indexoptima');
Route::resource('/users', 'UsersController');
Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart',   'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
});

Route::group(['middleware' => ['auth.td']], function() {
Route::get('/users/{id}/destroy', 'UsersController@destroy');
Route::get('/searchuser', 'UsersController@searchuser');

Route::resource('/users', 'UsersController',
    ['only' => ['index']]);

Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
Route::get('/searchpart', 'PartsController@searchpart');
Route::resource('/parts', 'PartsController');
});

我的middelware: 超级管理员

if (auth()->check() && auth()->user()->level == 1) {
        return $next($request);
    }
    return abort(404, 'no entry to this page');

TD 

if (auth()->check() && auth()->user()->level == 2) {
            return $next($request);
        }
        return abort(404, 'no entry to this page');

我尝试从/ Users开始。 TD只能在/ Users看到索引。

当我这样做时,auth.superadmin无法看到索引@ / users ...

enter image description here

我做错了吗?

感谢任何帮助。

1 个答案:

答案 0 :(得分:3)

您可以像这样修改路线及其组:

Route::group(['middleware' => ['auth.td']], function() {
    Route::get('/users/{id}/destroy', 'UsersController@destroy');
    Route::get('/searchuser', 'UsersController@searchuser');
    Route::resource('/users', 'UsersController',['only' => ['index']]);
    Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
    Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
    Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
    Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
    Route::get('/retours/{id}/updatefill/searchpart', 'RetoursController@searchpart');
    Route::get('/searchpart', 'PartsController@searchpart');
    Route::resource('/parts', 'PartsController');

    Route::group(['middleware' => ['auth.superadmin']], function() {
        Route::get('/users/{id}/destroy', 'UsersController@destroy');
        Route::get('/searchuser', 'UsersController@searchuser');
        Route::get('/users/create-worker', 'UsersController@getcreateworker');
        Route::post('/users/post-create-worker', 'UsersController@postcreateworker');
        Route::get('/users/create-agent', 'UsersController@getcreateagent');
        Route::post('/users/post-create-agent', 'UsersController@postcreateagent');
        Route::get('/users-optima', 'UsersController@indexoptima');
        Route::resource('/users', 'UsersController');
        Route::patch('/retours/{id}/postupdatefill','RetoursController@postupdatefill');
        Route::get('/retours/{retourid}/addpart/{partid}','RetoursController@addpart');
        Route::get('/retours/{retourid}/remove/{partid}','RetoursController@removepart');
        Route::post('/retours/{retourid}/garantie','RetoursController@postonderdeelgarantie');
        Route::get('/retours/{id}/updatefill/searchpart',   'RetoursController@searchpart');
        Route::get('/searchpart', 'PartsController@searchpart');
        Route::resource('/parts', 'PartsController');
    });
});

并且您的auth:td中间件应该是这样的:

if (auth()->check() && (auth()->user()->level == 1 || auth()->user()->level == 2)) {
  return $next($request);
}
return abort(404, 'no entry to this page');
  

只是为了您的知识,您可以删除外部中间件(auth:td),因为两个用户都可以使用它下面的路由。但我还没有这样做,因为我认为你的系统中有更多的用户。

希望这有帮助!

相关问题
最新问题