我安装了Laravel 5.6。
我想向用户提供Demo帐户,除了查看所有内容之外,用户不能插入或更新任何内容。
我的系统中没有一组角色。我只想在某处硬编码用户ID并限制这些操作。
我用Google搜索并发现了许多不同的方法(https://laracasts.com/discuss/channels/laravel/protecting-route-for-specific-user),这远远超出我的需要。我只想将此功能限制在所有网站的特定用户。
Domain | Method | URI | Name | Action | Middleware |
+--------+-----------+-------------------------------------------------------+---------------------------------+------------------------------------------------------------------------------------+--------------------------------------------------+
| | GET|HEAD | / | | Closure | web |
| | GET|HEAD | _debugbar/assets/javascript | debugbar.assets.js | Barryvdh\Debugbar\Controllers\AssetController@js | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/assets/stylesheets | debugbar.assets.css | Barryvdh\Debugbar\Controllers\AssetController@css | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | DELETE | _debugbar/cache/{key}/{tags?} | debugbar.cache.delete | Barryvdh\Debugbar\Controllers\CacheController@delete | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/clockwork/{id} | debugbar.clockwork | Barryvdh\Debugbar\Controllers\OpenHandlerController@clockwork | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | _debugbar/open | debugbar.openhandler | Barryvdh\Debugbar\Controllers\OpenHandlerController@handle | Barryvdh\Debugbar\Middleware\DebugbarEnabled |
| | GET|HEAD | api/user | | Closure | api,auth:api |
| | GET|HEAD | giris | | Closure | web |
| | GET|HEAD | horizon/api/jobs/failed | horizon.failed-jobs.index | Laravel\Horizon\Http\Controllers\FailedJobsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/jobs/failed/{id} | horizon.failed-jobs.show | Laravel\Horizon\Http\Controllers\FailedJobsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/jobs/recent | horizon.recent-jobs.index | Laravel\Horizon\Http\Controllers\RecentJobsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | POST | horizon/api/jobs/retry/{id} | horizon.retry-jobs.show | Laravel\Horizon\Http\Controllers\RetryController@store | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/masters | horizon.masters.index | Laravel\Horizon\Http\Controllers\MasterSupervisorController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/jobs | horizon.jobs-metrics.index | Laravel\Horizon\Http\Controllers\JobMetricsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/jobs/{id} | horizon.jobs-metrics.show | Laravel\Horizon\Http\Controllers\JobMetricsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/queues | horizon.queues-metrics.index | Laravel\Horizon\Http\Controllers\QueueMetricsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/metrics/queues/{id} | horizon.queues-metrics.show | Laravel\Horizon\Http\Controllers\QueueMetricsController@show | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | POST | horizon/api/monitoring | horizon.monitoring.store | Laravel\Horizon\Http\Controllers\MonitoringController@store | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/monitoring | horizon.monitoring.index | Laravel\Horizon\Http\Controllers\MonitoringController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/monitoring/{tag} | horizon.monitoring-tag.paginate | Laravel\Horizon\Http\Controllers\MonitoringController@paginate | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | DELETE | horizon/api/monitoring/{tag} | horizon.monitoring-tag.destroy | Laravel\Horizon\Http\Controllers\MonitoringController@destroy | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/stats | horizon.stats.index | Laravel\Horizon\Http\Controllers\DashboardStatsController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/api/workload | horizon.workload.index | Laravel\Horizon\Http\Controllers\WorkloadController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
| | GET|HEAD | horizon/{view?} | horizon.index | Laravel\Horizon\Http\Controllers\HomeController@index | web,Laravel\Horizon\Http\Middleware\Authenticate |
答案 0 :(得分:2)
最快的方法是创建一个简单的中间件,如果它是特定用户就会中止。
要创建中间件,您可以使用artisan命令make:middleware
php artisan make:middleware LimitUserIdX
在新创建的文件(app / Http / Middleware / LimitUserIdX.php)中,您只需检查authentify用户ID是否为X,如果是,则中止错误代码403(权限被拒绝),如下所示:
public function handle($request, Closure $next)
{
$userId = Auth::id();
if($userId == 5) {
abort(403);
}
return $next($request);
}
将5更改为您要限制的用户。
编辑:我错过了解问题,这是一个纠正。
您应该将新创建的中间件添加到Laravel全局中间件列表中。只需转到App / Http / Kernel.php并将该类添加到$ middleware var。这将使Laravel在您的应用程序的所有HTTP请求上运行您的中间件(无需将其添加到每个路由定义)。
然后,您还需要编辑中间件本身以在中止之前检查所请求的方法,如下所示:
public function handle($request, Closure $next)
{
$userId = Auth::id();
if(request()->method() != "GET" && request()->method() != "HEAD" && $userId == 5) {
abort(403);
}
return $next($request);
}