我目前有两个路由组,其中一个路由组有六个路由,另一个路由组有两个路由(也在前一个组中)。
/**
* Foo Routes for admin
*/
Route::group(['middleware' => 'bar:admin'], function () {
Route::put('foo/{uuid}/publish', 'FooController@publish');
Route::put('foo/{uuid}/disable', 'FooController@disable');
Route::put('foo/{uuid}/enable', 'FooController@enable');
Route::delete('foo/{uuid}', 'FooController@destroy');
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});
/**
* Foo Routes for creator
*/
Route::group(['middleware' => 'bar:creator'], function () {
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});
这种拆分的原因是创建者需要访问管理组中的两条路由,但是admin需要所有路由的权限。通过中间件bar
进行访问。
但是,每当我是admin
并尝试访问第二个路由组中可用的两个路由之一时,我的bar
类就会拒绝其请求。它说我必须是creator
才能访问该路线。这是否意味着路由具有级联行为,其中路由组的最后一个实例是一个laravel使用的?如果是,我如何格式化我的路线以避免此问题?
bar
代码:
public function handle($request, \Closure $next, ...$permissionRules)
{
.
.
.
$userPermissions = $decodedToken['user']['permissions'];
// If the user does not have every permission defined via route parameters, deny.
foreach ($permissionRules as $permissions) {
if (!in_array($permissions, $userPermissions)) {
return $this->denyResponse();
}
}
// The user has every permission rule defined via route parameters, so allow.
return $next($request);
}
答案 0 :(得分:1)
执行此操作的正确方法是自定义您正在使用的中间件(bar
)以接受多个权限/角色。
执行此操作的简单方法是传递逗号分隔的可接受权限列表,将其转换为数组,然后检查Auth用户是否具有传递的权限。
要使用您最初提供给我们的代码,可以使用以下方法:
首先,为权限组创建一个新的路由组:
/**
* Foo Routes for admin
*/
Route::group(['middleware' => 'bar:admin'], function () {
Route::put('foo/{uuid}/publish', 'FooController@publish');
Route::put('foo/{uuid}/disable', 'FooController@disable');
Route::put('foo/{uuid}/enable', 'FooController@enable');
Route::delete('foo/{uuid}', 'FooController@destroy');
});
/**
* Foo Routes for creator
*/
Route::group(['middleware' => 'bar:creator'], function () {
// Other Routes available only to Creator permission users
});
/**
* Foo Routes for creator & admin
*/
Route::group(['middleware' => 'bar:creator,admin'], function () {
Route::post('foo', 'FooController@store');
Route::put('foo/{uuid}', 'FooController@update');
});
其次,更新bar
中间件以将逗号分隔的字符串转换为数组
public function handle($request, \Closure $next, ...$permissionRules)
{
.
.
.
$permissionRules = explode(',', $permissionRules);
$userPermissions = $decodedToken['user']['permissions']; //Assuming this is an array of the Auth'ed user permissions.
// If the user does not have every permission defined via route
parameters, deny.
foreach ($permissionRules as $permission) {
if (in_array($permission, $userPermissions)) {
// Change this to see if the permission is in the array, opposed to NOT in the array
return $next($request);
}
}
// Made it so that if the permission is NOT found in the array then Deny
return $this->denyResponse();
}
这应该是你所需要的。希望这有帮助!