問題描述

我遵循本教程:https://www.youtube.com/watch?v=kmJYVhG6UzM 目前我可以在我的刀片中檢查用戶是否是管理員:

I follow this tutorial : https://www.youtube.com/watch?v=kmJYVhG6UzM Currently I can check in my blade if user is a admin or not like this:

{{ Auth::user()->roles->toArray()[0]['role'] }}
HI ADMIN
@endif

如何讓我的路由只對管理員用戶可用?

How can I make my route only available for admin user?

推薦答案

您需要為您的路由創建一個中間件.

You need to create a middleware for your route.

使用:php artisan make:middleware AdminMiddleware.

您將在中間件文件夾中找到一個具有此名稱的新文件.

You will find in your middleware folder a new file with this name.

將您的邏輯放在中間件中，例如

Put your logic in your middleware, e.g.

public function handle($request, Closure $next)
{
    if(Auth::check())
    {
        return $next($request);
    }
    else
    {
        return view('auth.login')->withErrors('You are not logged in');
    }

}

在中間件中完成邏輯后，您可以在路由中調用它或使中間件應用于所有路由.

Once you have done your logic in your middleware, you can either call it in the route or make the middleware apply to all routes.

如果你想把它添加到所有路由，去Kernel.php并將它添加到$middleware數組，例如

If you want to add it to all routes, go to Kernel.php and add it to the $middleware array, e.g.

protected $middleware = [
    'IlluminateFoundationHttpMiddlewareCheckForMaintenanceMode',
    'IlluminateCookieMiddlewareEncryptCookies',
    'IlluminateCookieMiddlewareAddQueuedCookiesToResponse',
    'IlluminateSessionMiddlewareStartSession',
    'IlluminateViewMiddlewareShareErrorsFromSession',
    'AppHttpMiddlewareVerifyCsrfToken',
    'AppHttpMiddlewareAdminMiddleware',
];

如果您只想將其添加到特定路由，請將其添加到 $routeMiddleware 變量并將別名添加到路由.例如

If you want to add it to specific routes only, add it to the $routeMiddleware variable and add the alias to the route. E.g.

protected $routeMiddleware = [
    'auth' => 'AppHttpMiddlewareAuthenticate',
    'auth.basic' => 'IlluminateAuthMiddlewareAuthenticateWithBasicAuth',
    'guest' => 'AppHttpMiddlewareRedirectIfAuthenticated',
    'admin' => 'AppHttpMiddlewareAdminMiddleware',
];

然后您可以將其添加到路由中，作為過濾器，例如

You can then add it to a route, as a filter, e.g.

Route::get('admin/profile', ['middleware' => 'admin', function()
{

}]);

有關更多信息，請訪問文檔:

For additional info visit the docs:

http://laravel.com/docs/master/middleware

編輯

對此的改進是使用 PHP 5.6 中引入的可變參數函數

An improvement on this would be to use variadic functions which was introduced in PHP 5.6

http://php.net/manual/en/migration56.new-功能.php

不必為每個權限集制作一個中間件，您可以執行以下操作

Instead of having to make a middleware for each permission set you can do the following

權限中間件

namespace AppHttpMiddleware;

use Closure;
use AppModelsRole;
class PermissionMiddleware
{
    // Pass parameters to this middleware
    public function handle($request, Closure $next, ...$permitted_roles)
    {

        //Get a users role
        $role = new Role;
        $role_name = $role->getUserRoleByName();
        foreach($permitted_roles as $permitted_role) {
            if($permitted_role == $role_name) {
                return $next($request);
            }
        }
        return redirect()->back()->withErrors('You do not have the required permission');

    }
}

注意 ...$permitted_roles

Notice the ...$permitted_roles

Route::get('admin/profile', ['middleware' => 'PermissionMiddleware:Admin,Marketing', function()
{

}]);

您現在可以根據需要為一個中間件指定多個角色，而不是使用中間件參數創建多個角色

You can now specify as many roles as required for one middleware rather than creating multiple by using middleware parameters

文檔https://laravel.com/docs/5.3/middleware#middleware-parameters

這篇關于Laravel 5 的角色，如何只允許管理員訪問某些根的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！