Laravel路由依赖于用户角色

时间:2017-02-23 16:45:02

标签: routes laravel-5.3 roles middleware laravel-middleware

我正在使用中间件为用户获取角色。

问题是,我想如何使用路线。我希望每个用户都能够访问/dashboard,并且知道他们已经获得了什么角色并将其发送到正确的路线。

我可以在调试后看到第一条路由被忽略而支持最后一条路由,因此如果用户不是管理员,则会收到一条错误消息,说明权限不足。

有没有办法可以调整我的中间件或路由,这样任何用户都可以转到/dashboard并获得与其角色相关的路由?

routes.php文件

Auth::routes();

Route::group([ 'prefix' => 'dashboard'], function () {
    // User Dashboard
    Route::get('/', ['as' => 'dashboard-user', 'middleware' => 'roles', 'roles' => ['user'], 'uses' => 'DashboardController@user']);
    // Admin Dashboard
    Route::get('/', ['as' => 'dashboard-admin', 'middleware' => 'roles', 'roles' => ['admin'], 'uses' => 'DashboardController@admin']);
});

CheckRole.php

namespace App\Http\Middleware;
use Closure;

class CheckRole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ($request->user() === null) {
            return response("Insufficient permissions", 401);
        }

        $actions = $request->route()->getAction();
        $roles = isset($actions['roles']) ? $actions['roles'] : null;

        if ($request->user()->hasAnyRole($roles) || !$roles) {
            return $next($request);
        }

        return response("Insufficient permissions", 401);
    }
}

user.php的

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Notifiable;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];

    public function roles()
    {
        return $this->belongsToMany('App\Role', 'user_role', 'user_id', 'role_id');
    }

    public function hasAnyRole($roles)
    {
        if (is_array($roles)) {
            foreach ($roles as $role) {
                if ($this->hasRole($role)) {
                    return true;
                }
            }
        } else {
            if ($this->hasRole($roles)) {
                return true;
            }
        }
        return false;
    }

    public function hasRole($role)
    {
        if ($this->roles()->where('name', $role)->first()) {
            return true;
        }
        return false;
    }
}

Kernel.php

namespace App\Http;

use App\Http\Middleware\CheckRole;
use Illuminate\Foundation\Http\Kernel as HttpKernel;

class Kernel extends HttpKernel
{
    ...
    ...
    ...

    /**
     * The application's route middleware.
     *
     * These middleware may be assigned to groups or used individually.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        ...
        ...
        'roles' => \App\Http\Middleware\CheckRole::class
    ];
}

0 个答案:

没有答案