如果用户有路线权限,我如何与Entrust核实。
我的权限表中有路由字段和操作名称
例如
can_update_profile, can_delete_profile, can_see_profile
而不是让角色我添加到每个角色,而不是我试图实现一个中间件,如果用户有能力访问控制器方法但是失败,它会检查路由。
Entrust can将所有请求解释为免费访问
这是我的中间件
<?php
namespace App\Http\Middleware;
use Closure;
use App\Permission;
use Illuminate\Contracts\Auth\Guard;
use Route;
class AuthorizeRoute
{
public function __construct(Guard $auth)
{
$this->auth = $auth;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = $this->auth->user();
$permissions = Permission::all();
//dd($user);
$uri = $request->route()->uri();
foreach ($permissions as $permission) {
if (!$user->can($permission->name) && $permission->route === $uri) {
//var_dump($user->can($permission->name));
abort(403);
}
}
return $next($request);
}
}
答案 0 :(得分:0)
我无法对此进行测试,但我的猜测是你应该像这样写handle()
public function handle($request, Closure $next)
{
$user = $this->auth->user();
$permissions = Permission::all();
$uri = $request->route()->uri();
foreach ($permissions as $permission) {
// reordered expression order to skip calling $user->can()
// for routes that don't match
if ( $permission->route === $uri && $user->can($permission->name) ) {
// allow access only if it's a match
return $next($request);
}
}
// nothing matched, abort
abort(403);
}