我在laravel中有两名守卫
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
//Our Admin custom driver
'web_admin' => [
'driver' => 'session',
'provider' => 'admins',
],
],
和提供者
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
//Admin user provider
'admins' => [
'driver' => 'eloquent', //We are using eloquent model
'model' => App\Admin::class,
],
],
默认为
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
当我以管理员身份登录并尝试访问用户配置文件时,它要求我以用户身份登录,这是正常的。但我正在寻找的是,管理员应该能够作为管理员登录访问整个网站。
我选择多个身份验证而不是rbac的原因是因为我有5种类型的用户,每个都有不同的注册字段和登录。每个用户也有一套工具。
所以我希望管理员能够访问所有警卫。
商业卫士只能访问用户守卫。
应用/ HTTP /控制器/ AdminAuth / LoginController中
<?php
//LoginController.php
namespace App\Http\Controllers\AdminAuth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
//Class needed for login and Logout logic
use Illuminate\Foundation\Auth\AuthenticatesUsers;
//Auth facade
use Auth;
class LoginController extends Controller
{
//Where to redirect admin after login.
protected $redirectTo = '/admin/home';
//Trait
use AuthenticatesUsers;
//Custom guard for admin
protected function guard()
{
return Auth::guard('web_admin');
}
//Shows admin login form
public function showLoginForm()
{
return view('admin.auth.login');
}
}
应用/ HTTP /控制器/认证/的LoginController
<?php
namespace App\Http\Controllers\Auth;
use Socialite;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/home';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Redirect the user to the GitHub authentication page.
*
* @return \Illuminate\Http\Response
*/
public function redirectToProvider($social)
{
return Socialite::driver($social)->redirect();
}
/**
* Obtain the user information from GitHub.
*
* @return \Illuminate\Http\Response
*/
public function handleProviderCallback($social)
{
$user = Socialite::driver($social)->user();
// $user->token;
}
}
同样我也在App / Https / Middleware / AuthenticateAdmin.php中为管理员创建了中间件
<?php
//AuthenticateAdmin.php
namespace App\Http\Middleware;
use Closure;
//Auth Facade
use Auth;
class AuthenticateAdmin
{
public function handle($request, Closure $next)
{
//If request does not comes from logged in admin
//then he shall be redirected to admin Login page
if (! Auth::guard('web_admin')->check()) {
return redirect('/admin/login');
}
return $next($request);
}
}
和RedirectIfAdminAuthenticated
<?php
//RedirectIfAdminAuthenticated.php
namespace App\Http\Middleware;
use Closure;
//Auth Facade
use Auth;
class RedirectIfAdminAuthenticated
{
public function handle($request, Closure $next)
{
//If request comes from logged in user, he will
//be redirect to home page.
if (Auth::guard()->check()) {
return redirect('/home');
}
//If request comes from logged in admin, he will
//be redirected to admin's home page.
if (Auth::guard('web_admin')->check()) {
return redirect('/admin/home');
}
return $next($request);
}
}
RedicrectIfAuthenticated
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class RedirectIfAuthenticated
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param string|null $guard
* @return mixed
*/
public function handle($request, Closure $next, $guard = null)
{
if (Auth::guard($guard)->check()) {
return redirect('/home');
}
return $next($request);
}
}
答案 0 :(得分:2)
继续我们的通信
1
如果你有很多类型的用户...所以我建议你改变你的逻辑并使管理员成为太阳......删除管理员和用户添加字段“类型”或类似的东西......和wotk with field来检查用户是管理员还是拥有对系统某些部分的权限/访问权限......如果用户“type”是“admin”,那么他也可以访问所有部分。
所以你的意思是删除多个身份验证并转到rbac。但我有一个要求,我需要使用多auth,每个后卫都有自己的rbac例如,管理员角色是经理,支持等。商业警卫角色是供应商,销售商等。
是的,这就是我的意思。我在我开发的其中一个系统上做了类似的事情,我添加了一个后卫,所以所有“登录”路线都传入(如auth)并且我正在检查所请求的路由和操作并检查用户是否输入是允许访问此操作,如果没有,我将他重定向到其他地方(在我的情况下,到主仪表板页面)。
添加新的midlleware
php artisan make:moddleware Permissions
在app \ Http \ Kernel.php中,添加到受保护的$ routeMiddleware新中间件
'permissions' => \App\Http\Middleware\Permissions::class,
在Routes web中添加登录的欲望路径并添加中间件权限...注意 as 定义
Route::group(['middleware'=>['auth', 'permissions']], function() {
// any of your routs ... for example
Route::get('/', [
'uses'=>"UserController@getUsers",
'as'=>"users"
]);
Route::get('/{id}', [
'uses'=>"UserController@getUserEdit",
'as'=>"users.edit"
]);
});
在新的中间件app \ Http \ Middleware \ Permissions.php中, 调整公共功能句柄并添加用户级逻辑...注意切换案例检查为 ...与相同 strong>在路径网络文件中定义的。
根据需要为登录用户“输入”添加更多检查...管理员,支持...等等,如系统中所示。
public function handle($request, Closure $next, $guard = null)
{
$user = $request->user();
$actions = $request->route()->getAction();
switch( $actions['as'] ) {
case "users":
if( ! $user->isAdmin() ) {
//return redirect()->route("dashboard");
}
break;
case "users.edit":
if( ! $user->isAdmin() ) {
}
break;
// add more cases as you need and check the user "type"
default:
break;
}
return $next($request);
}
如果你有很多路径...所以也许最好添加一些“小”中间件和每个路由组/前缀...检查用户是否允许访问此前缀。 例如...添加SupportMIddleware / SalesMIddleware ......并且在每个中都可以检查用户类型以及它是否适合当前的路由组。
答案 1 :(得分:0)
简单地说,用,(逗号)分隔你的警卫,然后所有列出的警卫都可以访问这些路线。
示例:
Route::group(['middleware'=>'auth:web,web_admin'], function() {
//Now this routes can be accessible by both admin as well as
});