如何限制 Laravel 上特定用户的路由

Question

我已向我的 auth 用户添加了一个角色列，它扩展了角色表

角色迁移

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateRolesTable extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('roles', function (Blueprint $table) {
            $table->bigIncrements('id');
            $table->string('description');
            $table->timestamps();
        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::dropIfExists('roles');
    }
}

用户迁移

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

class CreateUsersTable extends Migration
{
    /**
     * Run the migrations.
     *
     * @return void
     */
    public function up()
    {
        Schema::create('users', function (Blueprint $table) {
            $table->bigIncrements('id');
            $table->string('name');
            $table->string('email')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();
            $table->unsignedInteger('role_id');
            $table->timestamps();
        });
    }

    /**
     * Reverse the migrations.
     *
     * @return void
     */
    public function down()
    {
        Schema::dropIfExists('users');
    }
}

在我的角色中，我有管理员和其他三个不同的用户。我想限制某些路由仅允许管理员使用。

路线

<?php

/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| contains the "web" middleware group. Now create something great!
|
*/

Route::get('/', function () {
    return view('welcome');
});

Auth::routes();

Route::resource('/admin', 'AdminController');

Route::resource('/farm', 'FarmController');

Route::resource('/clinic', 'ClinicController');

Route::resource('/slaughter', 'SlaughterController');

Route::get('/home', 'HomeController@index')->name('home');

我该如何处理这个问题，将使用管理控制器的路由限制为仅管理员

Answer 1

一个好的方法是创建一个Middleware限制路由。

1. 创建中间件

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Response;

class AuthorizedAdmin
{
    public function handle($request, Closure $next)
    {
        if (!$this->isAdmin($request)) {
            abort(Response::HTTP_UNAUTHORIZED);
        }

        return $next($request);
    }

    protected function isAdmin($request)
    {
        // Write your logic to check if the user us admin.

        // something like
        return $request->user()->role->description == 'Admin';
    }
}

2. 注册中间件

将此中间件类添加到$routeMiddleware数组中App\Http\Kernel

核心

protected $routeMiddleware = [
    ... // other middlewares
    'admin' => \App\Http\Middleware\AuthorizedAdmin::class,
];

3. 使用此中间件包装路由。

路线.php

Route::get('/', function () {
    return view('welcome');
});

Auth::routes();

Route::middleware('admin')->group(function () {

   // All your admin routes go here.

   Route::resource('/admin', 'AdminController'); 
});

Route::resource('/farm', 'FarmController');

Route::resource('/clinic', 'ClinicController');

Route::resource('/slaughter', 'SlaughterController');

Route::get('/home', 'HomeController@index')->name('home');