我一直在为Laravel Hesto / multi Auth为用户和管理员创建身份验证... 我还创建了其他只能由管理员访问的视图。我还创建了访问这些页面的路线......
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController@login');
Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController@register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
我的问题是未登录的用户可以达到设置/ langs和映射/扇区的路径......那些页面应该被限制......
答案 0 :(得分:2)
将它们包裹在auth middleware
Route::group(['prefix' => 'admin'], function () {
Route::get('/', function (){
return redirect('/admin/login');
});
Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
Route::post('/login', 'AdminAuth\LoginController@login');
Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');
Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
Route::post('/register', 'AdminAuth\RegisterController@register');
Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');
Route::group(['middleware'=>'auth'], function(){
// Routes settings admin
Route::resource('/settings/langs', 'Admin\LangController');
// Route core application
Route::resource('/mappings/sectors', 'Admin\SectorController');
});
});
这将阻止非身份验证用户访问这些路由。