具有多种角色的Laravel中间件

Question

我一直在使用Laravel的中间件遇到一些问题.让我告诉你我想要完成的基本想法:

网站上的注册用户将具有以下四种角色之一:

1. 学生(默认):可以访问" 索引 "和" 显示 "视图
2. 审批人:可以访问上一个,加上" 概述 "," 更新 "
3. 编辑:可以访问上一个,加上' 创建 ',' 编辑 '和' 存储 '
4. 管理员:可以访问一切

fyi:'overview'是一种索引视图,但仅适用于审批者角色和更高级别

你们有什么建议是最好的方法呢？这是我到目前为止所做的,但它似乎不起作用:

---

Kernel.php

protected $middlewareGroups = [
...
    'approver+' => [
        \App\Http\Middleware\Approver::class,
        \App\Http\Middleware\Editor::class,
        \App\Http\Middleware\Admin::class,
    ],
];

protected $routeMiddleware = [
...
    'student' => \App\Http\Middleware\Student::class,
    'approver' => \App\Http\Middleware\Approver::class,
    'editor' => \App\Http\Middleware\Editor::class,
    'admin' => \App\Http\Middleware\Admin::class,
];

---

HTTP \中间件\ admin.php的

public function handle($request, Closure $next)
{
   if (Auth::check())
   {

        if(Auth::user()->isAdmin())
        {
            return $next($request);
        }
   }

    return redirect('login');
}

---

'用户'Eloquent模型:

public function isAdmin()
{
    if($this->role_id === 4)
    { 
        return true; 
    } 
    else 
    { 
        return false; 
    }
}

我在Approver和Editor中间件文件中完成了相同的操作,并且在User模型中的isApprover和isEditor函数中,只将if语句中的checked值分别编辑为2和3.

最后,这是我在routes\web文件中所做的:

Route::get('scholen', 'SchoolsController@index');
Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('approver+');
Route::get('admin/scholen/maken', 'SchoolsController@create')->middleware('approver+');
Route::post('scholen', 'SchoolsController@store')->middleware('approver+');
Route::get('scholen/{id}', 'SchoolsController@show');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('admin');
Route::patch('admin/scholen/{id}', 'SchoolsController@update')->middleware('admin');
Route::delete('admin/scholen/{id}', 'SchoolsController@destroy')->middleware('admin');

这还不完全是关键,但是当我以具有Approver权限的用户身份登录并尝试访问学校概述时,我陷入困境,它将我重定向回主页.

总的来说,我觉得我的工作过于混乱而且根本不对,有人可以就如何更有效地提供建议吗？

非常感谢你提前!

Answer 1

你不应该为每个角色都有一个单独的中间件.它会很快变得非常混乱.最好有一个角色检查中间件,可以检查传递给它的任何角色.

HTTP\Kernel.php

protected $routeMiddleware = [
    ...
    'role' => \App\Http\Middleware\Role::class,
];

HTTP \中间件\ Role.php

public function handle($request, Closure $next, ... $roles)
{
    if (!Auth::check()) // I included this check because you have it, but it really should be part of your 'auth' middleware, most likely added as part of a route group.
        return redirect('login');

    $user = Auth::user();

    if($user->isAdmin())
        return $next($request);

    foreach($roles as $role) {
        // Check if user has the role This check will depend on how your roles are set up
        if($user->hasRole($role))
            return $next($request);
    }

    return redirect('login');
}

最后在你的网络路线

Route::get('admin/scholen/overzicht', 'SchoolsController@overview')->middleware('role:editor,approver');
Route::get('admin/scholen/{id}/bewerken', 'SchoolsController@edit')->middleware('role:admin');