php laravel 路由过滤器来检查用户角色
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20794225/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
laravel route filter to check user roles
提问by user1424508
I am building a restful api in laravel 4 where there are users with different types of permission. I want to restrict access to different routes depending on the user role (which is saved in the user table in db)
我正在 laravel 4 中构建一个宁静的 api,其中有具有不同类型权限的用户。我想根据用户角色(保存在 db 的用户表中)限制对不同路由的访问
How would I do that? Here is what I have so far (it's not working so far).
我该怎么做?这是我到目前为止所拥有的(到目前为止还没有工作)。
filters.php
过滤器.php
//allows backend api access depending on the user's role once they are logged in
Route::filter('role', function()
{
return Auth::user()->role;
});
routes.php
路由文件
Route::group(array('before' => 'role'), function($role) {
if($role==1){
Route::get('customer/retrieve/{id}', 'CustomerController@retrieve_single');
Route::post('customer/create', 'CustomerController@create');
Route::put('customer/update/{id}', 'CustomerController@update');
}
});
Is it possible that I'm writing the syntax wrong for a "group filter"?
我是否可能为“组过滤器”编写了错误的语法?
回答by Anam
Try the following:
请尝试以下操作:
filters.php
过滤器.php
Route::filter('role', function()
{
if ( Auth::user()->role !==1) {
// do something
return Redirect::to('/');
}
});
routes.php
路由文件
Route::group(array('before' => 'role'), function() {
Route::get('customer/retrieve/{id}', 'CustomerController@retrieve_single');
Route::post('customer/create', 'CustomerController@create');
Route::put('customer/update/{id}', 'CustomerController@update');
});
回答by petkostas
There are different ways you could implement this, for starts Route filters accept arguments:
您可以通过不同的方式实现这一点,对于开始路由过滤器接受参数:
Route::filter('role', function($route, $request, $value)
{
//
});
Route::get('someurl', array('before' => 'role:admin', function()
{
//
}));
The above will inject admin in your Route::filter, accessible through the $value parameter. If you need more complicated filtering you can always use a custom route filter class (check Filter Classes): http://laravel.com/docs/routing#route-filters
以上将在您的 Route::filter 中注入 admin,可通过 $value 参数访问。如果您需要更复杂的过滤,您可以随时使用自定义路由过滤器类(检查过滤器类):http: //laravel.com/docs/routing#route-filters
You can also filter within your controller, which provides a better approach when you need to filter based on specific controllers and methods: http://laravel.com/docs/controllers#controller-filters
您还可以在您的控制器内进行过滤,当您需要基于特定的控制器和方法进行过滤时,它提供了更好的方法:http: //laravel.com/docs/controllers#controller-filters
Finally you can use something like Sentry2, which provides a complete RBAC solution to use within your project: https://cartalyst.com/manual/sentry
最后你可以使用像 Sentry2 这样的东西,它提供了一个完整的 RBAC 解决方案以在你的项目中使用:https://cartalyst.com/manual/sentry
回答by Luca C.
From laravel 5.1.11 you can use the AuthServiceProvider: https://laravel.com/docs/5.1/authorization
从 laravel 5.1.11 开始,您可以使用 AuthServiceProvider:https://laravel.com/docs/5.1/authorization
