在 Laravel 中验证用户角色并保护路由
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23919311/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authenticating a user role in Laravel and protecting a route
提问by Holo
I have taken advice from people here and given Laravel a try, I have been trying to create a user authentication system. I am having trouble translating what I know works in PHP to Laravel using Eloquent.
我听取了这里的人的建议并尝试了 Laravel,我一直在尝试创建一个用户身份验证系统。我在使用 Eloquent 将我在 PHP 中知道的工作翻译成 Laravel 时遇到了麻烦。
What I am trying to do here is identify a user, their roles, if the user has a role of admin they can access the route /admin
我在这里尝试做的是识别用户,他们的角色,如果用户具有管理员角色,他们可以访问路由 /admin
I know I can use a package such as Entrust but that is not really helping me learn.
我知道我可以使用 Entrust 之类的软件包,但这并没有真正帮助我学习。
I have created Models for both User and Role. I also have a lookup table called role_user with a user_id and role_id.
我为用户和角色创建了模型。我还有一个名为 role_user 的查找表,其中包含 user_id 和 role_id。
In User.phpI have
在User.php我有
public function roles(){
return $this->belongsToMany('Role', 'users_roles');
}
In Role.phpI have
在Role.php我有
public function users()
{
return $this->belongsToMany('User', 'users_roles');
}
I know if I used
我知道我是否使用过
$roles = user::find(1)->roles;
return ($roles);
It will and does return the correct user id (1) and the roles assigned to that user. Now what I am struggling with is how to pick out the admin role and only if the user has this will it allow access to /admin
它将并且确实返回正确的用户 ID (1) 和分配给该用户的角色。现在我正在苦苦挣扎的是如何挑选管理员角色,只有当用户拥有这个角色时,它才会允许访问 /admin
The route should essentially be
路线基本上应该是
Route::get('admin', function()
{
return View::make('admin.index');
})->before('auth');
What I can't figure how/where/should I check for the admin role first and how to then apply that to the auth check to only permit an admin access to the route.
我无法弄清楚如何/在哪里/应该首先检查管理员角色,然后如何将其应用于身份验证检查以仅允许管理员访问该路由。
Any help appreciated.
任何帮助表示赞赏。
Lee
李
回答by The Alpha
You have used authfilter so you should check in the authfilter in app/filters.phpfile:
您已经使用了auth过滤器,因此您应该auth在app/filters.php文件中检查过滤器:
Route::filter('auth', function($route, $request)
{
// Login check (Default)
if (Auth::guest()) return Redirect::guest('login');
// Admin check
if(!in_array('admin', Auth::user()->roles->toArray())) {
return Redirect::to('/'); // Redirect home page
}
});
You may use a different filter, for example:
您可以使用不同的过滤器,例如:
Route::get('admin', function()
{
return View::make('admin.index');
})->before('isAdmin');
Declare the custom isAdminfilter in app/filters.php:
在 中声明自定义isAdmin过滤器app/filters.php:
Route::filter('isAdmin', function($route, $request)
{
if(!Auth::check()) return Redirect::guest('login');
if( !in_array('admin', Auth::user()->roles->toArray()) ) {
return Redirect::to('/'); // Redirect home page
}
});
回答by Stetzon
For Laravel 5, use Middleware:
对于 Laravel 5,使用中间件:
Create new middleware
创建新的中间件
# php artisan make:middleware RoleMiddleware
Check the user role- redirect if invalid role
检查用户角色- 如果角色无效则重定向
// app/Http/Middleware/RoleMiddleware.php
class RoleMiddleware
{
public function handle($request, Closure $next, $role)
{
if (! $request->user()->hasRole($role)) {
// Redirect...
}
return $next($request);
}
}
Add key in order to assign to routes- can also make global
添加密钥以分配给路由- 也可以使全局
// app/Http/Kernel.php
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'role' => \App\Http\Middleware\RoleMiddleware::class, // new
];
Protect the routes
保护路线
// app/Http/routes.php
Route::put('post/{id}', ['middleware' => 'role:editor', function ($id) {
// routes for editor
}]);
