Laravel 5.3保护用户路由具有不同的角色

problem

I'm looking for a way to protect users from access routes which do not belong to them, example admin cannot access user area and simple user cannot access admin area

Hi, i've a laravel 5.3 app and it has two types of users

Admin
Simple User

i'm trying to prevent admin from accessing simple user routes and vice-versa, I search a lot and found one solution of creating a middleware

what i've done

<?php

namespace App\Http\Middleware;

use Auth;

use Closure;

class UserRole
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ( Auth::check()) // user logged
        {
            $request_url = $request->getRequestUri();
            if( Auth::user()->user_type == 1 ) // simple user
            {
                // checking if simple user is visiting routes              // starts with /user in the url 
                if (strpos($request_url, "/user") === 0)
                {
                    return $next($request);
                }
                else
                {
                    return redirect('/');
                }
            }
            // checking if admin is visiting routes                    // starts with /admin in the url
            else if( Auth::user()->user_type == 2 ) // admin
            {
                if (strpos($request_url, "/admin") === 0)
                {
                    return $next($request);
                }
                else
                {
                    return redirect('/');
                }
            }
            else
            {
                return redirect('/');
            }
        }
        return redirect('/');
    }
}

unfortunately both are able to access each others restricted areas. I'm unable to find a better way to protect user from accessing routes which they don't have access too.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
donglu5000 2017-01-01 06:32
关注
If you want to accomplish that using middleware you need to do following -

Create two middlewares, one for admin and one for simple user.

Then create two route group in your routes file i.e. routes/web.php

Protect one route group with admin middleware, and put all of your admin related routes in that group. Protect another route group with simple-user middleware and put all of your admin related routes in that group.

Route::group(['middleware' => ['auth', 'admin']], function() { // put all your admin routes here }); Route::group(['middleware' => ['auth', 'simple-user']], function() { // put all your simple user routes here });

You can also accomplish that using role and permission. Here is a package that can satisfy your needs.

https://packagist.org/packages/zizaco/entrust
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

如何解决laravel 5.3中未定义的路由？ laravel php
2016-12-17 14:19

回答 1 已采纳 You should call the route() function as: route('users.index.year', ['year' => $year])
Laravel 5.3登录路由 - RouteCollection.php中的NotFoundHttpException php
2017-03-12 22:23

回答 1 已采纳 You can't run Laravel app like that. you need to run php artisan serve command and then go to loc
PDOConnection.php第24行Laravel 5.3中的FatalThrowableError laravel mysql php
2019-01-08 10:11

回答 2 已采纳 The error is happening at this line: public function __construct($dsn, $user = null, $password =
Laravel 5.3 参考手册中文CHM版
2022-05-26 12:11

Laravel 5.3 在 5.2 的基础上继续进行优化，提供了大量新功能和新特性：基于驱动的通知系统；通过Laravel Echo提供强大的实时支持；通过Laravel Passport实现无痛的OAuth2服务器；通过Laravel Scout实现全文模型搜索...
Laravel 5.3中的奇怪登录问题 laravel php
2016-11-30 05:02

回答 1 已采纳 You gotta login the user using: \Auth::attempt($credentials)
更改密码用户laravel 5.3 laravel php
2016-09-20 05:09

回答 4 已采纳 This is change password form <form id="form-change-password" role="form" method="POST" action=
在Laravel 5.3中使用现有数据库 php
2017-04-19 09:06

回答 1 已采纳 Inside your project folder there is a file .env, in this file set the following DB details: DB_CO
修改Laravel5.3中的路由文件与路径
2020-12-18 23:06

前言大家可能没有注意到, 在 Laravel 4 以及更老版本中, 路由逻辑是性能上的一个瓶颈–特别是对于有很多路由...在 Laravel 5.2 的routes.php中我们可以看到路由被分割成两个路由群组：web和api，这样做的原因是基于
Laravel 5.3在登录时重定向被禁用的用户 laravel php
2016-09-04 12:09

回答 1 已采纳 The method wouldn't stop the users from accessing your other routes directly if they know your rou
Laravel 5.3更改密码 laravel php
2016-11-12 15:00

回答 2 已采纳 You don't actually need to use the default password controller to achieve this, you can write your
Laravel 5.3 Slack集成 laravel php
2017-02-28 10:10

回答 1 已采纳 Assuming you have configured the providers & aliases correctly (in config/app.php), you need to ad
laravel5.3_source:laravel5.3源码分析
2021-03-23 02:10

laravel5.3源码分析与解读 ####根目录结构 ###### App目录 app目录，包含了应用所有的核心代码。项目开发的应用几乎所有的类都会放在这个目录下 ###### Bootstrap目录 bootstrap目录包含了启动框架和配置自动加载的...
在Laravel 5.3中的父构造函数中访问Auth [复制] laravel php
2016-12-24 11:51

回答 3 已采纳 This is because of changes in Laravel 5.3. If you need to use Auth in constructor you need to do i
laravel 5.3 php版本,发行版本说明 | 序言 | Laravel 5.3 中文文档
2021-04-28 02:12

老杨的诗和远方的博客发行版本说明由学院君创建于4年前, 最后更新于 11个月前版本号 #223296 views12 likes0 collects1、支持政策对于 LTS...对于其他通用版本，只提供六个月的 bug 修复和一年的安全修复支持，比如 Laravel 5.3。2、La...
PHP：laravel5.3：参数路由
2019-09-21 17:17

hahahafree的博客 5、参数路由 1、带参数路由 Route::get('user/del/{id}',function($id){ echo $id; }); 2、带多个参数的路由 Route::get('UserInfo/{name}/{sex}',function($name,$sex){ echo $name; echo $...
没有解决我的问题, 去提问

悬赏问题

¥15 如何在炒股软件中，爬到我想看的日k线
¥15 51单片机中C语言怎么做到下面类似的功能的函数（相关搜索：c语言）
¥15 seatunnel 怎么配置Elasticsearch
¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
¥15 (标签-MATLAB|关键词-多址)
¥15 关于#MATLAB#的问题，如何解决？（相关搜索：信噪比，系统容量）
¥500 52810做蓝牙接受端
¥15 基于PLC的三轴机械手程序
¥15 多址通信方式的抗噪声性能和系统容量对比
¥15 winform的chart曲线生成时有凸起

Laravel 5.3保护用户路由具有不同的角色

1条回答 默认 最新

悬赏问题

1条回答默认最新