使用laravel hesto / multiauth限制对管理员的访问

时间:2018-01-14 00:02:31

标签: php laravel

我一直在为Laravel Hesto / multi Auth为用户和管理员创建身份验证... 我还创建了其他只能由管理员访问的视图。我还创建了访问这些页面的路线...... 

Route::group(['prefix' => 'admin'], function () {
    Route::get('/', function (){
       return redirect('/admin/login');
    });
    Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
    Route::post('/login', 'AdminAuth\LoginController@login');
    Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');

    Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
    Route::post('/register', 'AdminAuth\RegisterController@register');

    Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
    Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
    Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
    Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');

    // Routes settings admin
    Route::resource('/settings/langs', 'Admin\LangController');
    // Route core application
    Route::resource('/mappings/sectors', 'Admin\SectorController');
});

我的问题是未登录的用户可以达到设置/ langs和映射/扇区的路径......那些页面应该被限制......

1 个答案:

答案 0 :(得分:2)

将它们包裹在auth middleware 

 Route::group(['prefix' => 'admin'], function () {

     Route::get('/', function (){
           return redirect('/admin/login');
        });
     Route::get('/login', 'AdminAuth\LoginController@showLoginForm')->name('login');
     Route::post('/login', 'AdminAuth\LoginController@login');
     Route::post('/logout', 'AdminAuth\LoginController@logout')->name('logout');

     Route::get('/register', 'AdminAuth\RegisterController@showRegistrationForm')->name('register');
     Route::post('/register', 'AdminAuth\RegisterController@register');

     Route::post('/password/email', 'AdminAuth\ForgotPasswordController@sendResetLinkEmail')->name('password.request');
     Route::post('/password/reset', 'AdminAuth\ResetPasswordController@reset')->name('password.email');
     Route::get('/password/reset', 'AdminAuth\ForgotPasswordController@showLinkRequestForm')->name('password.reset');
     Route::get('/password/reset/{token}', 'AdminAuth\ResetPasswordController@showResetForm');

     Route::group(['middleware'=>'auth'], function(){
        // Routes settings admin
        Route::resource('/settings/langs', 'Admin\LangController');
        // Route core application
        Route::resource('/mappings/sectors', 'Admin\SectorController');
    });
});

这将阻止非身份验证用户访问这些路由。

相关问题
最新问题