如何在 laravel 上限制特定用户的路由

Posted 2023-02-23

【中文标题】如何在 laravel 上限制特定用户的路由

【英文标题】：How do I restrict routes to a certain user on laravel

【发布时间】：2019-10-13 12:03:33

【问题描述】：

我已向我的身份验证用户添加了一个角色列，它扩展了角色表

角色迁移

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateRolesTable extends Migration

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    
        Schema::create('roles', function (Blueprint $table) 
            $table->bigIncrements('id');
            $table->string('description');
            $table->timestamps();
        );
    

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    
        Schema::dropIfExists('roles');
    

用户迁移

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateUsersTable extends Migration

    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    
        Schema::create('users', function (Blueprint $table) 
            $table->bigIncrements('id');
            $table->string('name');
            $table->string('email')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();
            $table->unsignedInteger('role_id');
            $table->timestamps();
        );
    

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    
        Schema::dropIfExists('users');
    

在我的角色中，我有管理员和其他三个不同的用户。我想将某些路线限制为仅限管理员。

路线

<?php

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/

Route::get('/', function () 
    return view('welcome');
);

Auth::routes();

Route::resource('/admin', 'AdminController');

Route::resource('/farm', 'FarmController');

Route::resource('/clinic', 'ClinicController');

Route::resource('/slaughter', 'SlaughterController');

Route::get('/home', 'HomeController@index')->name('home');

我该如何处理，将使用管理控制器的路由限制为只有管理员

【参考方案1】：

一个好的方法是创建一个Middleware 来限制路由。

创建中间件

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Response;

class AuthorizedAdmin

    public function handle($request, Closure $next)
    
        if (!$this->isAdmin($request)) 
            abort(Response::HTTP_UNAUTHORIZED);
        

        return $next($request);
    

    protected function isAdmin($request)
    
        // Write your logic to check if the user us admin.

        // something like
        return $request->user()->role->description == 'Admin';
    

注册中间件

将此中间件类添加到App\Http\Kernel 中的$routeMiddleware 数组中

内核

protected $routeMiddleware = [
    ... // other middlewares
    'admin' => \App\Http\Middleware\AuthorizedAdmin::class,
];

使用此中间件包装路由。

routes.php

Route::get('/', function () 
    return view('welcome');
);

Auth::routes();

Route::middleware('admin')->group(function () 

   // All your admin routes go here.

   Route::resource('/admin', 'AdminController'); 
);

Route::resource('/farm', 'FarmController');

Route::resource('/clinic', 'ClinicController');

Route::resource('/slaughter', 'SlaughterController');

Route::get('/home', 'HomeController@index')->name('home');

【讨论】：

Symfony\Component\Debug\Exception\FatalThrowableError 类 'App\Http\Middleware\Response' 未找到

那个错误我得到那个错误但它确实有效

我确定您缺少导入语句。确保在中间件类的答案中导入Response。 use Illuminate\Http\Response;