Laravel middlewares always return false

时间:2018-01-25 16:19:50

标签: php laravel-5 middleware

I created 4 middlewares: 1 for checking if user is one of the admins( role_id !='4') , 1 for super admin(role_id==1), 1 for normal admin(role_id==2) and 1 for editor admin(role_id ==3)

My user table has a role_id column.

The middleware for the check user is one of the admins worked. But other middleware always return false.

My route

Route::group(['middleware'=>'admin'],function(){
    Route::get('/backlogout','backend\BackloginController@getLogout')->name('back-logout');
    Route::get('/dashboard','BackendController@index')->name('backend');
    Route::group(['prefix' => 'categories', 'middleware' => ['superadmin', 'ad','editor']], function () {
        Route::get('/index', ['as' => 'back.categories.index', 'uses' => 'backend\CategoriesController@index']);
        Route::any('/store', ['as' => 'back.categories.store', 'uses' => 'backend\CategoriesController@store']);
        Route::any('/create', ['as' => 'back.categories.create', 'uses' => 'backend\CategoriesController@create']);
        Route::any('/edit/{id}', ['as' => 'back.categories.edit', 'uses' => 'backend\CategoriesController@edit']);
        Route::any('/update/{id}', ['as' => 'back.categories.update', 'uses' => 'backend\CategoriesController@update']);
        Route::any('/destroy/{id}', ['as' => 'back.categories.destroy', 'uses' => 'backend\CategoriesController@destroy']);
    });
    Route::group(['prefix' => 'products','middleware' => ['superadmin','editor']], function () {
        Route::get('/index', ['as' => 'back.products.index', 'uses' => 'backend\ProductsController@index']);
        Route::any('/store', ['as' => 'back.products.store', 'uses' => 'backend\ProductsController@store']);
        Route::any('/create', ['as' => 'back.products.create', 'uses' => 'backend\ProductsController@create']);
        Route::any('/edit/{id}', ['as' => 'back.products.edit', 'uses' => 'backend\ProductsController@edit']);
        Route::any('/update/{id}', ['as' => 'back.products.update', 'uses' => 'backend\ProductsController@update']);
        Route::any('/imgview/{id}', ['as' => 'back.products.imgview', 'uses' => 'backend\ProductsController@imgview']);
        Route::any('/updateimg/{id}', ['as' => 'back.products.updateimg', 'uses' => 'backend\ProductsController@updateImg']);
        Route::any('/destroy/{id}', ['as' => 'back.products.destroy', 'uses' => 'backend\ProductsController@destroy']);
    });
    Route::group(['prefix' => 'users','middleware' => ['superadmin', 'ad']], function () {
        Route::get('/index', ['as' => 'back.users.index', 'uses' => 'backend\UsersController@index']);
        Route::any('/store', ['as' => 'back.users.store', 'uses' => 'backend\UsersController@store']);
        Route::any('/create', ['as' => 'back.users.create', 'uses' => 'backend\UsersController@create']);
        Route::any('/edit/{id}', ['as' => 'back.users.edit', 'uses' => 'backend\UsersController@edit']);
        Route::any('/update/{id}', ['as' => 'back.users.update', 'uses' => 'backend\UsersController@update']);
        Route::any('/destroy/{id}', ['as' => 'back.users.destroy', 'uses' => 'backend\UsersController@destroy']);
    });
});

my kernel.php

protected $routeMiddleware = [
        'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'admin'=>\App\Http\Middleware\CheckAdmin::class,
        'superadmin'=>\App\Http\Middleware\CheckSuperAdmin::class,
        'ad'=>\App\Http\Middleware\CheckAd::class,
        'editor'=>\App\Http\Middleware\CheckEditor::class,
    ];

my checkadmin (check if user is one of the admin) middlware this one worked

class CheckAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id !='4'){
            return $next($request);
        }
        return redirect()->route('backend-login');
    }
}

my checksuperadmin middleware

class CheckSuperAdmin
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='1'){
            return $next($request);
        }
        Session::flash('notsuper','only super admin can access this page');
        return redirect()->route('backend');

    }
}

my checkad( check for normal admin) middlware

class CheckAd
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='2'){
            return $next($request);
        }
        Session::flash('notadmin','only admin can access this page');
        return redirect()->route('backend');

    }
}

my checkeditor middleware

class CheckEditor
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id =='3'){
            return $next($request);
        }
        Session::flash('noteditor','only editor can access this page');
        return redirect()->route('backend');

    }
}

i don't know why but all the checksuperadmin, checkadm, checkeditor always return false

2 个答案:

答案 0 :(得分:1)

从第一组中删除中间件。

Route::group(['prefix' => 'categories', 'middleware' => ['superadmin', 'ad','editor']], function () {
    Route::get('/index', ['as' => 'back.categories.index', 'uses' => 'backend\CategoriesController@index']);
    Route::any('/store', ['as' => 'back.categories.store', 'uses' => 'backend\CategoriesController@store']);
    Route::any('/create', ['as' => 'back.categories.create', 'uses' => 'backend\CategoriesController@create']);
    Route::any('/edit/{id}', ['as' => 'back.categories.edit', 'uses' => 'backend\CategoriesController@edit']);
    Route::any('/update/{id}', ['as' => 'back.categories.update', 'uses' => 'backend\CategoriesController@update']);
    Route::any('/destroy/{id}', ['as' => 'back.categories.destroy', 'uses' => 'backend\CategoriesController@destroy']);
});
Route::group(['prefix' => 'products','middleware' => ['superadmin','editor']], function () {
    Route::get('/index', ['as' => 'back.products.index', 'uses' => 'backend\ProductsController@index']);
    Route::any('/store', ['as' => 'back.products.store', 'uses' => 'backend\ProductsController@store']);
    Route::any('/create', ['as' => 'back.products.create', 'uses' => 'backend\ProductsController@create']);
    Route::any('/edit/{id}', ['as' => 'back.products.edit', 'uses' => 'backend\ProductsController@edit']);
    Route::any('/update/{id}', ['as' => 'back.products.update', 'uses' => 'backend\ProductsController@update']);
    Route::any('/imgview/{id}', ['as' => 'back.products.imgview', 'uses' => 'backend\ProductsController@imgview']);
    Route::any('/updateimg/{id}', ['as' => 'back.products.updateimg', 'uses' => 'backend\ProductsController@updateImg']);
    Route::any('/destroy/{id}', ['as' => 'back.products.destroy', 'uses' => 'backend\ProductsController@destroy']);
});
Route::group(['prefix' => 'users','middleware' => ['superadmin', 'ad']], function () {
    Route::get('/index', ['as' => 'back.users.index', 'uses' => 'backend\UsersController@index']);
    Route::any('/store', ['as' => 'back.users.store', 'uses' => 'backend\UsersController@store']);
    Route::any('/create', ['as' => 'back.users.create', 'uses' => 'backend\UsersController@create']);
    Route::any('/edit/{id}', ['as' => 'back.users.edit', 'uses' => 'backend\UsersController@edit']);
    Route::any('/update/{id}', ['as' => 'back.users.update', 'uses' => 'backend\UsersController@update']);
    Route::any('/destroy/{id}', ['as' => 'back.users.destroy', 'uses' => 'backend\UsersController@destroy']);
});

答案 1 :(得分:1)

您正在为所有路线组应用多个中间件。在这种情况下,只有当用户满足所有这些要求时,Laravel才会授予您访问权限。尝试做这样的事情:

<httpCookies httpOnlyCookies="true" requireSSL="true" />

在您的路线组中使用单个中间件: 对于“编辑”更高的访问级别:

class CheckEditor {
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id <='3')
            //do something
    }
}
class CheckAd {
    public function handle($request, Closure $next)
    {
        if(Auth::check() && Auth::user()->role_id <='2')
            //do something
    }
}

......等其他访问级别。仅在您希望仅授予此访问权限时才在角色中间件上使用Route::group(['middleware' => 'editor'], function () { //place your routes here });

相关问题
最新问题