具有多种角色的Laravel中间件

I've been running into some issues with Laravel's middleware. Let me tell you the basic idea of what I'm trying to accomplish:

Registered users on the site will have one of four roles:

Student (default): can access 'index' and 'show' views
Approver: can access previous, plus 'overview', 'update'
Editor: can access previous, plus 'create', 'edit' and 'store'
Admin: can access everything

fyi: 'overview' is sort of an index view, but only for approver role and higher

What would you guys suggest is the best way to go about doing this? This is what I've done so far, but it doesn't seem to work:

Kernel.php

protected $middlewareGroups = [
...
    'approver+' => [
        \App\Http\Middleware\Approver::class,
        \App\Http\Middleware\Editor::class,
        \App\Http\Middleware\Admin::class,
    ],
];

protected $routeMiddleware = [
...
    'student' => \App\Http\Middleware\Student::class,
    'approver' => \App\Http\Middleware\Approver::class,
    'editor' => \App\Http\Middleware\Editor::class,
    'admin' => \App\Http\Middleware\Admin::class,
];

Http\Middleware\Admin.php

public function handle($request, Closure $next)
{
   if (Auth::check())
   {

        if(Auth::user()->isAdmin())
        {
            return $next($request);
        }
   }

    return redirect('login');
}

The 'User' Eloquent model:

public function isAdmin()
{
    if($this->role_id === 4)
    { 
        return true; 
    } 
    else 
    { 
        return false; 
    }
}

I've done the exact same in the Approver and Editor middleware files, and in the isApprover and isEditor functions in the User model, only edited the checked value in the if-statement to 2 and 3 respectively.

Finally, here's what I've done in my routes\web file:

Route::get('scholen', 'SchoolsController@index');
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
Route::get('scholen/{id}', 'SchoolsController@show');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');

It isn't all exactly on point yet, but I got stuck since when I log in as a user with Approver rights and try to access the schools overview, it redirects me back to the home page.

In general, it just feels like I'm working much too chaotically and not right at all, could somebody give me advice on how to do it more efficiently?

Thank you very much in advance!

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

douweiluo0600 2017-05-10 20:41

关注

You should't have a separate middleware for each role. It will get very messy very fast. It would be better to have a single role checking middleware that can check against any role passed to it.

Http\Kernel.php

protected $routeMiddleware = [
    ...
    'role' => \App\Http\Middleware\Role::class,
];

Http\Middleware\Role.php

public function handle($request, Closure $next, ... $roles)
{
    if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
        return redirect('login');

    $user = Auth::user();

    if($user->isAdmin())
        return $next($request);

    foreach($roles as $role) {
        // Check if user has the role This check will depend on how your roles are set up
        if($user->hasRole($role))
            return $next($request);
    }

    return redirect('login');
}

Finally in your web routes

Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');

本回答被题主选为最佳回答 , 对您是否有帮助呢?

报告相同问题？

关注问题

具有多种角色的Laravel中间件 php
2017-05-10 19:59

回答 1 已采纳 You should't have a separate middleware for each role. It will get very messy very fast. It would
通过Laravel中间件转发请求 laravel php
2019-01-28 17:19

回答 1 已采纳 Could SEO-friendly URLs be in a section like products/red-shoes? Then you can create a route with
爆炸功能在laravel中间件中不起作用 laravel php
2018-07-03 10:06

回答 1 已采纳 Controller $this->middleware('HasPermission:Role-Read,Role-Update,Role-Delete'); Middleware
PHP框架Laravel中如何处理路由和中间件
2024-04-22 14:20

代码奇幻之旅的博客 Laravel是一个流行的PHP框架，它提供了许多有用的功能和工具，帮助开发者更高效地构建Web应用程序。在Laravel中，路由和中间件是两个非常重要的概念，它们对于控制应用程序的流程和安全性至关重要。除了上述基本路由...
Laravel Middleware无法正常运行角色中间件 laravel php
2018-07-06 20:00

回答 1 已采纳 controller public function __construct() { $this->middleware('HasRole:User,Admin,Author')-
用于管理员和用户角色的Laravel 5.4中间件 php
2017-05-13 01:41

回答 2 已采纳 You are not checking the authenticated users details in your Middleware. The middleware should be
Laravel中间件verifyCsrfToken设置带变量的url laravel php
2017-07-27 08:27

回答 3 已采纳 You have to use a * to make it work, instead of your named parameters: protected $except = [ '/
PHP不能使用的中间件,Laravel的throttle中间件失效问题解决方法
2021-03-31 08:22

SUST206林子大的博客本文实例讲述了Laravel的throttle中间件失效问题解决方法。分享给大家供大家参考，具体如下：按官方解释，实现访问频率限制非常简单：Route::get('test', function(){return 'helle world' ;})->middleware('...
Laravel 5.1：中间件终止函数使用的全局变量 laravel php
2015-08-12 12:26

回答 1 已采纳 If you want to use some kind of globally available message bag. You can do the following in your S
具有OR条件的路径中的Laravel多个中间件 laravel php
2017-12-01 21:03

回答 2 已采纳 If you change up the way your logic is thinking a little bit, the answer becomes pretty easy. You
Laravel 5.4访问全局中间件中的$ errors变量 laravel php
2017-04-11 02:41

回答 1 已采纳 I found that the easiest way was to start the session and share the errors on the global middlewar
PHP 之 Laravel 框架
2023-07-20 15:03

羽墨灵丘的博客整理 Laravel 框架的基础功能
使用laravel为admin用户创建中间件 laravel php
2015-12-12 23:19

回答 1 已采纳 I think you should replace this: Auth::user()->is('admin')->articles()->save($article);
科普贴：深入探索用于构建Web应用的跨平台PHP框架 - Laravel
2023-12-28 14:54

WPHunter的博客本文回答了“什么是Laravel？”这个问题。通过将其分解为Web开发中使用的PHP框架的基础知识的概述。接下来，我们将概述Laravel的功能，列出Laravel的重要结构和组件，并描述一些更有用的Laravel包。
Laravel throttle中间件失效问题
2016-06-23 16:00

美貌与智慧并重--英雄与侠义的化身-洋的博客 Laravel throttle中间件失效问题按官方解释，实现访问频率限制非常简单：Route::get('test', function(){ return 'helle world' ; })->middleware('throttle');也确实如此，cache存储访问次数，做出判断。之前...
没有解决我的问题, 去提问

悬赏问题

¥15 用ns3仿真出5G核心网网元
¥15 matlab答疑关于海上风电的爬坡事件检测
¥88 python部署量化回测异常问题
¥30 酬劳2w元求合作写文章
¥15 在现有系统基础上增加功能
¥15 远程桌面文档内容复制粘贴，格式会变化
¥15 关于#java#的问题：找一份能快速看完mooc视频的代码
¥15 这种微信登录授权谁可以做啊
¥15 请问我该如何添加自己的数据去运行蚁群算法代码
¥20 用HslCommunication 连接欧姆龙 plc有时会连接失败。报异常为“未知错误”

码龄粉丝数原力等级 --

具有多种角色的Laravel中间件

1条回答默认最新

码龄粉丝数原力等级 --

悬赏问题

具有多种角色的Laravel中间件

1条回答 默认 最新

悬赏问题

1条回答默认最新