doufeinai6081 2015-08-02 19:14
浏览 31
已采纳

如何在内置的Laravel身份验证的基础上构建特权系统?

I need to build some type of privileges system where I can control who can perform what on my app. I have seen many ready packages online, but none that stood out where I can utilize it to handle my needs without hard coding my permissions/templates.

My thoughts are to create a Middleware that will do an authentication against the logged in use. If I have the following routes

Route::get('accounts', array(
    'as' => 'accounts_index_path',
    'uses' => 'AccountController@index')
);

Route::get('account/create', array(
    'as' => 'account_create_path',
    'uses' => 'AccountController@create')
);

Route::post('account/store', array(
    'as' => 'account_store_path',
    'uses' => 'AccountController@store')
);

Route::get('account/{account}', array(
    'as' => 'account_show_path',
    'uses' => 'AccountController@show')
)->where('account', '[0-9]+');

Route::get('account/{account}/edit', array(
    'as' => 'account_edit_path',
    'uses' => 'AccountController@edit')
)->where('account', '[0-9]+');

Route::put('account/{account}/update', array(
    'as' => 'account_update_path',
    'uses' => 'AccountController@update')
)->where('account', '[0-9]+');


Route::delete('account/{account}', array(
    'as' => 'account_destroy_path',
    'uses' => 'AccountController@destroy')
)->where('account', '[0-9]+');

In theory, I should be able to give a user access to the following route names "account_store_path", "'account_create_path", "accounts_index_path" ...

Perhaps, if I don't want a user to access a specific route then I will not give them permissions.

In theory this should work, but I want to have more robust system where I can give a user access to edit a record but not for all fields. For example I want a user with a "manager" role to be able to change the account name, account owner but I don't want a user with a "standard" role to edit these field but I want the standard user to be able to update the notes fields and other fields.

Just to be clear, I understand I will probably need to create a template with all the allowed permissions and then assign uses to the correct template.

I need help trying to design the best approach for such a privilege system when I have power over who can update what.

Question How can I allow/disallow a user to update some fields but not others?

  • 写回答

1条回答 默认 最新

报告相同问题?

悬赏问题

  • ¥15 MATLAB yalmip 可转移负荷的简单建模出错,如何解决?
  • ¥15 数学的三元一次方程求解
  • ¥20 iqoo11 如何下载安装工程模式
  • ¥15 本题的答案是不是有问题
  • ¥15 关于#r语言#的问题:(svydesign)为什么在一个大的数据集中抽取了一个小数据集
  • ¥15 C++使用Gunplot
  • ¥15 这个电路是如何实现路灯控制器的,原理是什么,怎么求解灯亮起后熄灭的时间如图?
  • ¥15 matlab数字图像处理频率域滤波
  • ¥15 在abaqus做了二维正交切削模型,给刀具添加了超声振动条件后输出切削力为什么比普通切削增大这么多
  • ¥15 ELGamal和paillier计算效率谁快?