我知道这是一个非常常见的问题但我陷入了困境。我正在使用Laravel 5.5并开发ERP。在ERP中,一些URL只能由超级管理员访问,所以我创建了一个中间件。
namespace App\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\Auth;
class CheckAdmin
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
$user = Auth::user();
if($user->user_role_id == 1) {
return $next($request);
} else {
return redirect('/');
}
}
}
我已在Kernel.php
protected $routeMiddleware = [
'auth' => \Illuminate\Auth\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
'can' => \Illuminate\Auth\Middleware\Authorize::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'admin' => \App\Http\Middleware\CheckAdmin::class
];
并在路线中使用此中间件
$routes = [
"students" => "StudentsController",
"teachers" => "TeachersController",
"courses" => "CoursesController",
"subjects" => "SubjectsController",
"colleges" => "CollegesController",
"branches" => "BranchesController",
];
Route::group(['middleware' => ['web', 'auth']], function () use ($routes){
Route::match(["get","post"],'/users','UsersController@index')->middleware('admin');
Route::get('/users/status/{id}','UsersController@setStatus')->middleware('admin');
Route::get('/users/delete/{id}','UsersController@delete')->middleware('admin');
Route::match(["get","post"],'/users/add','UsersController@add')->middleware('admin');
Route::match(["get","post"],'/users/edit/{id}','UsersController@edit')->middleware('admin');
Route::match(["get","post"],'/users/view/{id}','UsersController@view')->middleware('admin');
foreach($routes as $route => $class){
Route::match(["get","post"],'/'.$route,$class.'@index');
Route::get('/'.$route.'/status/{id}',$class.'@setStatus');
Route::get('/'.$route.'/delete/{id}',$class.'@delete');
Route::match(["get","post"],'/'.$route.'/add',$class.'@add');
Route::match(["get","post"],'/'.$route.'/edit/{id}',$class.'@edit');
Route::match(["get","post"],'/'.$route.'/view/{id}',$class.'@view');
}
// additions routes
Route::match(["get","post"],'/courses/assign-subjects','CoursesController@assign_subjects');
Route::match(["get"],'/courses/already-assign-subjects/{id}','CoursesController@already_assigned_subjects');
});
此中间件未使用users/*路由调用。当我在$middleware中注册此kernel.php时,其工作正常,但Auth::user()每次都会返回null。那我怎样才能检查登录的用户角色?
我读过L5.5版本的某个地方,Session在constructor中不起作用,那么在中间件中检查用户角色的最佳方法是什么。
答案 0 :(得分:0)
对于检查class A: BaseClass{
}
class B: BaseClass{
}
中间件,您可以使用嵌套中间件
admin当管理中间件在 Route::group(['middleware' => ['web', 'auth']], function () use ($routes){
Route::match(["get","post"],'/users','UsersController@index')->middleware('admin');
Route::group(['middleware' => ['admin'], function () use ($routes){
Route::get('/users/status/{id}','UsersController@setStatus')->middleware('admin');
Route::get('/users/delete/{id}','UsersController@delete')->middleware('admin');
});
Route::match(["get","post"],'/users/add','UsersController@add')->middleware('admin');
Route::match(["get","post"],'/users/edit/{id}','UsersController@edit')->middleware('admin');
Route::match(["get","post"],'/users/view/{id}','UsersController@view')->middleware('admin');
foreach($routes as $route => $class){
Route::match(["get","post"],'/'.$route,$class.'@index');
Route::get('/'.$route.'/status/{id}',$class.'@setStatus');
Route::get('/'.$route.'/delete/{id}',$class.'@delete');
Route::match(["get","post"],'/'.$route.'/add',$class.'@add');
Route::match(["get","post"],'/'.$route.'/edit/{id}',$class.'@edit');
Route::match(["get","post"],'/'.$route.'/view/{id}',$class.'@view');
}
// additions routes
Route::match(["get","post"],'/courses/assign-subjects','CoursesController@assign_subjects');
Route::match(["get"],'/courses/already-assign-subjects/{id}','CoursesController@already_assigned_subjects');
});
之外时,它将始终返回null
希望这有帮助