Question

我正在尝试为我的laravel博客设置中间件，但以下情况有问题。我想允许访问某些路由，但仅允许特定用户（而非角色）访问。例如...具有管理员，globalmod或主持人角色的每个人都可以使用“索引”，“创建”，“存储”和“显示”路由。要“销毁”路由只能访问管理员。

“编辑”和“更新”路线存在问题。对于这些路由，我只想授予“管理员”用户和创建该博客文章的用户访问权限。

此代码可正确地用于角色，但我不知道如何为特定用户设置它。

App \ User.php

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable {

    use Notifiable;

    protected $fillable = [
        'name', 'email', 'password',
    ];

    protected $hidden = [
        'password', 'remember_token',
    ];

    public function roles() {
      return $this->belongsToMany('App\Role');
    }

    public function authorizeRoles($roles) {
      if (is_array($roles)) {
          return $this->hasAnyRole($roles) || 
                 abort(401, 'This action is unauthorized.');
      }
      return $this->hasRole($roles) || 
             abort(401, 'This action is unauthorized.');
    }

    public function hasAnyRole($roles) {
      return null !== $this->roles()->whereIn('slug', $roles)->first();
    }

    public function hasRole($role) {
      return null !== $this->roles()->where('slug', $role)->first();
    }
}

App \ Http \ Middleware \ RolesMiddleware.php

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\Auth;

class RolesMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next, ... $roles) {

        if(!Auth::check()) {
            return redirect()->route('login')->with('attention', 'You have no access');
        }

        $user = Auth::user();

        foreach($roles as $role) {
            if($user->hasRole($role)) {
                return $next($request);
            }
        }
        return redirect()->back()->with('attention', 'You have no access');

    }
}

App \ Http \ Kernel.php

protected $routeMiddleware = [
        ...
        'role' => \App\Http\Middleware\RolesMiddleware::class,
    ];

App \ Http \ Controllers \ BlogController.php

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use App\Blog;

class BlogsController extends Controller
{

    public function __construct() {
        $this->middleware('role:admin', array('only' => 'destroy'));
        $this->middleware('role:admin,globalmod,moderator', array('only' => array('index', 'create', 'store', 'show')));
    }

    public function index() {
        ...
    }

    public function create() {
        ...
    }

    public function store(Request $request) {
        ...
    }

    public function show($id) {
        ...
    }

    public function edit($id) {
        ...
    }

    public function update(Request $request, $id) {
        ...
    }

    public function destroy($id) {
        ...
    }
}

例如，我需要这样的东西

$this->middleware('role:admin OR $blog->author_id == Auth::user()->id',
array('only' => 'edit', 'update'));

Answer 1

看看https://laravel.com/docs/5.6/authorization#gates，您可以为模型定义规则/政策。

可以通过定制的中间件来实现，但是Laravel的策略和门很遥远。

Answer 2

尝试这样的事情

Route::group(['middleware' => ['role:Admin']], function () {

     //define routes here... Ex. below 
    Route::get('/', 'HomeController@index');
    /* for application to get sale price */


}

Laravel与用户的中间件

2 个答案: