我希望将/account/{account_id}分组,并使用auth中间件和中间件来保护其中的每个路由,该中间件将检查已记录的用户是否有权访问此帐户。不幸的是它没有用。
这是我的代码
Route::group(['middleware' => 'auth'], function () {
Route::group(['prefix' => 'account/{account}', 'middleware' => 'userHasPermissionForAccount'], function() {
Route::group(['prefix' => 'posts'], function () {
Route::get('{post}', 'PostsController@index')->where([
'post' => '\d+'
]);
});
// more routes here...
});
});
// ...
protected $routeMiddleware = [
// ...
'userHasPermissionForAccount' => \App\Http\Middleware\UserCanAccessContent::class,
];
它甚至不会触发我的自定义中间件中的代码,我也不明白为什么。
答案 0 :(得分:0)
我会使用策略(门),因为您可以将策略用作中间件。
$ php artisan make:policy AcccountPolicy
在 AuthServiceProvider :
中注册政策/**
* The policy mappings for the application.
*
* @var array
*/
protected $policies = [
Account::class => AccountPolicy::class, //Account is model, remember to import!
];
在内部政策文件( app / policies / AccountPolicy.php )中,创建方法可以说" manage"
/**
* Determine if ....
*
* @param \App\User $current
* @param \App\Account $account
* @return bool
*/
public function manage(User $current, Account $account)
{
//return some logic here to check if $current is part of $account
}
然后将此策略用作中间件:
Route::group(['prefix' => 'account/{account}', 'middleware' => 'can:manage,account'], function...